Share this Job

Senior Cyber Security Consultant

Date: 16-Jan-2023

Location: Farnborough, England, GB

Company: QinetiQ

Responsibilities and Output:

-Provide security subject matter expertise to Programme Manager, technical security advice to the Programme and provide support to MOD Security Assurance Co-ordinator.

-Provide security subject matter expertise on the security implications of System Change Requests (SCRs).

-Maintain knowledge of current MoD and HMG security requirements and provide advice to the Security Manager (SyM) on MOD security requirements.

-Identify and assess the potential impact of amendments to MOD or HMG policy on the Programme.

-Gain and maintain accreditation of systems in accordance with the security requirements in QinetiQ’s contract with MoD, including liaison as tasked by the Security Manager with MoD (e.g. CyDR) and other (e.g. NCSC) security stakeholders.

-Maintain RMADS and security risk assessments for systems to support accreditation.

-Maintain certification of the facility in support of the accreditation of systems.

-Maintain relevant Codes of Connection (CoCo) and ensure continued approval for such connections.

-Review and update security operating procedures, as tasked by the SyM.

-Support the SyM as required to produce security report for agreed meetings, for example regular Team Leaders’ meetings or Monthly or Quarterly Progress Meetings as tasked by the Programme Manager.

-Support the SyM as required to manage the quarterly Security Working Groups (SWG) ensuring that calling notices, agendas, minutes etc. are produced and distributed within agreed timescales.-Support the SyM as required to produce a draft Security Report prior to the Quarterly SWGs and presenting this report at the SWG; updating and issuing this report after the SWG.

-Support compliance checking activities to be completed by the Security Team.

-Provide advice on the patching of systems including monitoring MODCERTS and other sources of patching and vulnerability information.

-Develop and deliver security training to the Programme.

-Advise on the scope and results of IT Health Checks and develop Risk Action Plans (RAPs) to address findings.

- Support the SyM in maintaining technical crypto management documents (e.g. the Crypto Management Plan) and in the ordering of crypto key material.


Essential Skills, knowledge, capabilities

- Good communication skills.
- Comfortable working in a multi-disciplinary team, and able to work with others.
- Able to manage own tasks and time liaising with the SyM to agree tasks to be delivered and time to be worked on programme.

- Previous experience of working in an information security role in an MoD environment.


Desirable skills, knowledge, capabilities etc

- Experience in the application of JSP 490 is of benefit but not essential.

- Has performed a Security Assurance Co-ordinator (SAC) or similar role on an MoD project.

- Understands and can articulate the importance of information security within the wider context of the programme.

- In depth experience of MoD’s security requirements (including JSP 440 and JSP 604) and working with CyDR and other MoD security authorities.

- Experienced in the production of information security risk assessments, including knowledge and experience of HMG Standard IS1, Baseline Control Sets and ISO 27001:2013 Controls.

- Experienced in the production of MoD security documentation including RMADS and SyOPs and gaining their approval by CyDR.

- Familiar with the CyDR Accreditation tool DART.

- Experienced in managing IT Health Checks, interpreting findings, and managing Risk Treatment Plans.

- Comprehensive knowledge of MoD and HMG Security Requirements and NCSC/CESG Guidance.

- Broad knowledge of IT security architectures and IT security vulnerabilities and their countermeasures.

- Understands and has experience in the application of JSP 490.

- NCSC (Previously CESG) Certified Cyber Security/IA Professional in the Security and Information Risk Advisor Role or equivalent experience.


Why join QinetiQ?

As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.

You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.  

Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits.  You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more. 

About QinetiQ

As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.

Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.