Share this Job

Cyber Security Operations Practitioner

Date: 09-Sep-2022

Location: Malvern, England, GB

Company: QinetiQ

Role Purpose

Provide operational support to ensure that security controls are tested and measured as part of a security management system.


Key Accountabilities

1.    Support across Technical Operations (TechOps) working to the Operational Security (OpSec) Manager. 
2.    Support delivery programmes and Integrated Delivery Teams to meet their customer security requirements. 
3.    Where TechOps is supplying IT capabilities in support of a programme mission the role will assist with the accreditation process, and importantly identify the evidence required to support a successful accreditation/certification. Equally, the role will support those situations where TechOps is not supplying IT capabilities. 
4.    Guide and advise on the means for checking that security controls are tested and measured. Checking/compliance that certification is maintained where appropriate. 
5.    Development and management of compliance frameworks for support to projects within the business, particularly those provided by TechOps. 
6.    Contribution to governance meetings, working groups, operational procedures, standards and processes. 
7.    Support and advice to OpSec resources deployed as part of a TechOps Field Force. 
8.    Provide triage advice and prioritise security mitigation approaches, helping to work out what to patch, when and/or how frequently to perform VA scans on networks. Review and provide advice on results thereafter. 


Key Capabilities/Knowledge

•    Understands HMG classification scheme, Operational Security (IT Services), threat landscape, protective monitoring, vulnerability monitoring. 
•    Understand Compliance frameworks such as ISO27001 and NCSC CAF or NIST. 
•    Understands UK MOD Accreditation process and Secure by Design.
•    Has experience of SIEM and tooling expertise.  
•    Understands Cloud and On-Prem security practices/controls.
•    Understanding of cloud services (Azure/AWS) and NCSC Cloud Security Principles.
•    Ability to work both independently and as part of a team. 
•    Knowledge of MITRE ATT&CK.
•    Understands the impact of cyber risk, security accreditation and certification on business or operational outcomes.
•    Able to articulate regulatory requirements and devise courses of action to meet these appropriate to the business or operational context.
•    Able to devise effective and creative risk mitigation strategies that enhance business outcomes.
•    Understand cyber risk and mitigations put in place and can provide evidence to help refine risk mitigation approaches.
•    Good awareness of digital technology. 
•    Able to articulate evidenced and convincing arguments for recommended courses of action.
•    Able to work independently and seek guidance on own initiative for unusual or complex situations.
•    Able to engage and communicate effectively with customers.
•    Able to engage and communicate effectively with stakeholders at all levels.


Experience & Qualifications

•     Essential
•    STEM degree or equivalent and relevant experience in operational security role.
•    Digitally literate (including fluency in Microsoft Office tools).
•    Minimum of 3 years of experience in security operations, vulnerability, risk, audit & compliance.
•    Desirable
•    Experience applying/work to relevant NIST and ISO27001 frameworks and standards in different sectors and domains including defence, wider UK Government, critical national infrastructure.
•    Experience guiding successful security audit preparation and outcomes.
•    Membership of CIISec or equivalent.



Why join QinetiQ?

As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.

You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.  

Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits.  You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more. 

About QinetiQ

As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.

Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.