JOB DESCRIPTION:

Leonardo’s Electronic division are looking for an experienced and highly motivated Lead Security Engineer to join our growing Design Integrity department. You will be responsible for providing Security Assurance to support the development and delivery of the products (whilst considering cyber resilience) with the ambition to meet the Secure by Design principles. You’ll ensure the development, implementation, and management of security protocols, tools, and practices on maturing products meets the appropriate standards and Def Cons. Working closely with the Integrated Product Team (IPT) frameworks with specialists from other disciplines (Software, Systems, and Electronics engineers), you will provide specialist knowledge and advice throughout the product lifecycle.
In addition to this, you’ll be accountable for providing independent Information Assurance (IA) on products outside of your immediate responsibility, including independent assessments at Design Reviews, and on deliverable artefacts. You will form part of a wider Product IA and Security community across Leonardo Electronics UK, influencing corporate policies, processes and guidance. Managing architects such as the generation of Technical Risk Assessments, Security Design and Management Documentation, and Remediation Action Plans. As well as this, you’ll oversee the generation and approval of Product Security and Information Assurance Management Plan; Product Design Reviews; generation of Product Security deliverable information (Product Integrity certificates, product security cases.)

WHAT WE NEED FROM YOU;

• Practical experience of ISO27001/27004/27005 and NIST Risk Management Framework (RMF)
• Demonstrable experience of writing IA Technical Risk Assessments and the management of these Assessments
• Good understanding and appreciation of the Engineering development lifecycles and how the Product Security specialism aligns
• Ability to interpret Penetration Test Reports and write Remediation Action Plans
• An appreciation of the wider UK Government Assurance Processes (such as the legacy JSP 604 Assurance or the CAF GovAssure processes).
• Experience of owning a security risk management system for highly regulated products based on recognised frameworks such as aerospace, nuclear, automotive, rail or oil and gas

• Risk Management: Perform risk assessments to identify potential security risks and work product development teams to implement mitigations and preventive measures.
• Incident Response & Mitigation: Assess and maintain the Incident Response Plan, lead the response to security incidents and breaches, providing expertise in root cause analysis, containment, and remediation.
• Vulnerability Management: Conduct regular security assessments, including vulnerability scanning and writing penetration testing Statement of Works, and manage the remediation of identified vulnerabilities.
• Security Tools & Technologies Advice: Provide guidance on the selection, implementation, and optimization of security tools such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems.
• Support Security Architecture & Design: Assess the design, implementation, and maintenance of developed products to protect against threats and vulnerabilities.
• Security Awareness Training: Promote security awareness within the sector through training and communication, ensuring employees understand and follow security protocols.
• Reporting & Documentation: Create and maintain clear, concise reports, metrics, and documentation related to security incidents, risks, and controls.