Senior Cyber Security Assurance Specialist
On site
Preston, United Kingdom
Full Time
27-12-2024
Job Specifications
Job Title: Senior Cyber Security Assurance Specialist
Location: Preston or Frimley. We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.
Salary: Circa £60,000 depending on skills and experience
What You’ll Be Doing
Deliver assurance services to the business, SS EIT, IM&T Sector and Group Functions, covering enterprise systems / services and cloud
Identification of risk and appropriate mitigations, development & analysis of secure solutions (covering technical / physical / procedural / personnel controls) and assessment of compliance with internal and external standards and regulations
Deliver documentation to demonstrate compliance to internal and external stakeholders
Assessment and provision of control effectiveness in managing cyber security risk
Provide security architecture / technical input into the development of secure solutions
Coaching and mentoring junior members of the team
Support development of strategy and continual service improvement for the cyber assurance function
Act as a subject matter expert regarding cyber assurance activities for the wider organisation
Essential
Your skills and experiences:
Educated to degree level (or equivalent) preferably in a related discipline (ICT/Computing, Information assurance, risk management, vulnerability/threat assessment) or equivalent, related work experience
Knowledge of information security standards, such as HMG, NCSC Guidance, ISO 27001/18, NIST 800, HMG is fundamental
Capable of a very high standard of written communication including experience of writing complex reports and giving formal presentations to senior business peers
In-depth knowledge of industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information
Desirable
Knowledge of NIST 800–53 & NIST 800-171
Benefits
As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive.
The EIT Cyber Assurance Team
The Cyber Assurance Team within Shared Services are part of Enterprise IT (EIT) with responsibility for assuring all enterprise managed systems and services, spanning UK/RoW. The team ensure systems / services are built and configured in-line with applicable Cyber Security Standards. In addition, the team conduct through-life assurance of controls ensuring they are operating effectively to combat the threats and risks BAE SYSTEMS face and adhere to our regulatory certifications. EIT Cyber is growing team with huge opportunity for development within a diverse landscape.
Why BAE Systems?
This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.
We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.
Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.
Closing Date: 10th January 2025
We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.
About the Company
At BAE Systems, we help our customers to stay a step ahead when protecting people and national security, critical infrastructure and vital information. We provide some of the world's most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of 85,800 people in more than 40 countries. From state of the art cyber threat detection to flight control systems that enable pilots to make better decisions, we never stop innovating to ensure that our customers maintain their advantage. Th... Know more
Related Jobs
- Company Name
- InvitISE Ltd
- Job Title
- Security Architect
- Job Description
- We are seeking an AWS Security Architect for our rapidly expanding FinTech client based in London on a permanent basis paying up to £120,000 depending on experience + great benefits. This role allows hybrid working with an expectation to attend the office 2-3 days per week. This is a fantastic opportunity for someone who has strong Architecture, Leaderships and hands on skills where you will be given the freedom to build and shape an AWS DevSecOps practice within a growing Fintech company on a global scale. The successful candidate will possess - AWS AWS Cloud Security EC2, S3, VPC, IAM AWS Security Hub GuardDuty Design Security Architecture Security Policies Security best practice Security Strategy Security Operations Vulnerability Management Threat Management / Threat Modelling Incident management Security Assessments Security Audits Security Compliance - ISO 27001, GDPR, HIPAA Terraform / Jenkins Python / Bash Automation CI/CD AWS Certified Security AWS Solutions Architect Professional AWS Advanced Networking Speciality Encryption Identity and Access Management Interested? Please apply below AWS Security Architect, Security Architect, AWS Security Lead, Security Lead, Security Consultant, DevSecOps, DevSecOps Manager, DevSecOps Consultant, DevSecOps Architect, Security Architect, Security Lead, MSP, FinTech, Consultancy,
- Company Name
- Inspired Thinking Group (ITG)
- Job Title
- Security Analyst
- Job Description
- We are looking for an enthusiastic and detail-oriented entry-level Security Analyst to join our growing information security and data protection team. This is an ideal opportunity for someone starting their career in information security and data protection. The Security Analyst will perform fundamental security and data protection tasks under the supervision of more experienced team members. You will assist in conducting security and data protection assessments, supporting vulnerability management, reviewing security configurations, and contributing to the development of security and data protection policies. The ideal candidate is eager to learn and grow within the information security and data protection fields while contributing to the team's efforts to protect our organisation's data and IT infrastructure. This is a full-time position. Occasional after-hours work may be required for incident response or urgent security tasks. Successful candidates will be enrolled on a fully funded Level 4 Cyber Security Risk Analyst apprenticeship and will be provided with mentoring support to help you grow and learn. Upon successful completion of the level 4 qualification, it is anticipated that you will be able to progress to a Senior Analyst role and continue on to a fully funded level 6 Cyber Security Risk Analyst apprenticeship. Responsibilities: 1. Support in KPI Reporting & Metrics: Assist in gathering data and preparing reports on security and data protection KPIs. Help track trends and assist in identifying security and data protection issues based on metrics. 2. Assist with Security Assessments: Support senior analysts in conducting risk assessments, managing vulnerability scan results, and other security and data protection assessments Help document findings and provide input into the risk mitigation process. 3. Contribute to Policy & Standards Development: Assist in researching and drafting security and data protection policies, procedures, standards, and guidance. Help review and update existing policies under the guidance of senior team members. 4. Configuration Reviews Support: Help review system configurations to ensure alignment with security and data protection best practices. Assist in documenting configuration settings and potential security and data protection concerns. 5. Vulnerability Remediation Assistance: Support the vulnerability remediation process by tracking open vulnerabilities and following up on remediation progress. Help maintain records of vulnerabilities and remediation activities 6. Incident Response Support the incident management leads, helping to coordinates the response to security incidents, including data breaches, system compromises, or attacks 7. Application Security Work with development teams to embed secure coding practices Conduct regular security assessments of the company's software, including the proprietary products sold to clients. 8. Collaboration & Communication: Help internal teams with security and data protection inquiries and guidance under supervision. Participate in ongoing security and data protection awareness and training initiatives Requirements Level 3 qualification in Information Technology or a related field, or equivalent experience 0-2 years of experience in cyber security or a related IT role CompTIA Security+, Cisco CCNA, CISMP, or other entry-level certifications are preferred, but not essential Familiarity with basic security concepts, tools, and technologies (e.g., SIEM, firewalls, vulnerability scanners) Basic understanding of network security and operating systems Willingness to learn and grow in the cybersecurity field. Ability to work autonomously and manage multiple tasks simultaneously Strong analytical, investigative, and problem-solving abilities The adaptability to do a range of work, sometimes complex and non-routine, in different environments The ability to work under direction, use discretion, and determine when to escalate issues Strong written and verbal communication skills, with the ability to interact effectively with both technical and non-technical stakeholders Benefits Work's a treat! On top of a competitive salary, you can expect a whole load of perks: 25 days' holiday + bank holidays - we understand the importance of you getting some down time. Annual Wellbeing Day - enjoy an additional day on us to look after your physical and mental wellbeing. Pension Scheme - helping you save towards your retirement home in the sun! Corporate Medical Cash Plan - claim back the cost of your medical treatments. Smart Working Options - spend up to 40% of your working week from home. So many savings - through our online community platform, you can access dozens of daily deals, from money off top brands to discounts on days out. Employee Assistance Programme - our people are at the heart of everything we do, so if you're happy, we're happy. Cycle to Work Scheme - save on the cost of biking to work. Monthly Employee Awards - Employee of the Month programme with £250 bonus Raising money for charity including a paid Volunteer Day - we're all about giving back... and having lots of fun in the process! Referral scheme - know the perfect person to join the team? You could bag £1,500 for a putting a good word in. Wellbeing Programme - giving you the opportunity to join regular, interactive Wellbeing Workshops or join our 30 plus Wellbeing Champions. Enhanced Family Friendly Leave - support for you and your family to help you navigate through the craziness of family life We Value Diversity We champion and welcome diversity in our workforce and ensure all job applicants receive equal and fair treatment, regardless of age, race, gender or gender identity, religion, sexual orientation, disability, or nationality. We are not only committed to increasing the visibility and recognition of talent from under-represented groups within our organisation, but the wider industry too. At the end of the day, we make sure we take time to look after ourselves, each other, and the planet, because we're always stronger together. ITG have a number of community groups (ERGs) available to employees which offer a safe space for like-minded colleagues, with shared interests to connect, socialise and check in with each other. These include Black ITGers Together, LGBTQ+ Together, Mens Health Together, Muslims Together, Neurodiversity Together, Working Parents and Carers Together and Women In Tech Together. What next? If you found yourself interested in knowing more, drop us your application and someone from our team will be in touch.
- Company Name
- Exalto Consulting
- Job Title
- Cyber Security Analyst
- Job Description
- Cyber Security Analyst - Manchester Do you thrive in a fast-paced environment, protecting critical IT infrastructure against the ever-evolving threat of cyberattacks? Are you eager to make a real difference in safeguarding digital systems, data, and processes? If so, we invite you to join our innovative and proactive team, committed to delivering the highest standards of cybersecurity. About the Role As a Cyber Security IT Analyst, you will take a central role in securing a complex and evolving digital landscape. You will utilize cutting-edge technologies to monitor, analyse, and respond to potential threats while proactively identifying and mitigating risks to ensure robust digital defences. This role demands a combination of technical expertise, strategic thinking, and effective communication to protect sensitive information and systems. What You'll Be Doing Monitoring and Incident Response: Use advanced tools, such as SIEM platforms, Firewalls, and intrusion detection systems, to detect and respond to threats in Real Time. Risk and Vulnerability Management: Conduct comprehensive vulnerability assessments and coordinate external penetration testing to identify and address potential weaknesses. Incident Investigation: Lead forensic investigations into security breaches, analysing malware, logs, and network activity to uncover root causes and prevent future incidents. Policy Development: Create, refine, and implement cybersecurity policies, standards, and procedures in alignment with best practices and industry regulations. Collaboration: Work closely with IT teams and stakeholders to design and implement security solutions, ensuring alignment with organizational goals and compliance standards. Education and Awareness: Deliver training and guidance to colleagues, fostering a culture of security awareness and resilience across the organization. Continuous Improvement: Stay ahead of the curve by researching emerging threats, tools, and technologies to strengthen defences and enhance the organization's security posture. Who We're Looking For We're seeking an analytical thinker and problem solver with a strong understanding of cybersecurity technologies and practices. You'll need the technical expertise to handle complex challenges, combined with the communication skills to explain technical concepts to non-technical audiences. Essential Skills and Experience: Demonstrable experience in a cybersecurity role, particularly as a Security Analyst or Incident Responder. Proficiency with Microsoft security tools (Sentinel, Defender, Compliance Centre) and expertise in log analysis. Comprehensive knowledge of cybersecurity frameworks (eg, NIST, ISO 27001, CIS Controls). Strong understanding of network protocols, including TCP/IP, DNS, HTTP(S), and SMTP, as well as threat actor techniques like phishing, port scanning, and web application attacks. Familiarity with tools and methods for malware analysis, intrusion detection, and endpoint protection. Desirable Certifications: Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) Additional Requirements A valid UK driving license and access to a vehicle for occasional travel. Willingness to travel to various locations as required. This role requires a higher level of security vetting.
- Company Name
- Project People
- Job Title
- Site Assurance & Security Manager - Telecoms
- Job Description
- Great role working for a high profile telecoms company that have great benefits which include a bonus scheme and very generous holiday allowance. The role will be leading and managing all Physical security and site access assurance for this companies passive estate. Provision of site-level security management, including overseeing the use of additional security measures such as addition of smart locks, provision of keys and BAU lock management. Management of the digital access permit system, along with strategic governance, is specifically targeted at areas of supplier delivery and operational management to ensure business objective delivery and compliance. Work as part of a team to provide support to ensure the timely and accurate updating of access records and ensure accessissues are resolved within SLA's and in accordance with OLA's, to ensure maximize service availability and qualityand Site Provider issues are professionally managed to mutual resolution. Experience needed: Telcoms Network infrastructure experience Health and safety experience and the understanding of the links to the access system Access management and Security Experience Strong planning and organisational ability to prepare and anticipate well in the face of change Knowledge of digital access permit systems Project People is acting as an Employment Agency in relation to this vacancy.