JOB DESCRIPTION

Leonardo UK is seeking a proven, experienced Principal Consultant to join the Cyber & Security Solutions Division team. This role is focused on supporting the delivery of security aspects to the company’s core products and to external stakeholders. This requires co-ordination with engineering teams and delivery of all facets of cyber and information security related to the delivery across the engineering lifecycle – from requirements all the way through to in-service support and maintenance.
This is an exciting opportunity to be part of significant programmes, during which you will ensure that products meet the highest standards, in accordance with customer’s requirements and risk appetite. You will be supported in this role as part of a larger team of consultants, engineers and product domain specialists.
Your work at Leonardo UK will see you take the lead in solving customer problems in an agile, innovative and team-centric manner. The role may involve a blended hybrid working model, with a mixture of working from home and working on site at one of our Leonardo offices to ensure close collaboration with the wider team and with our customers.
Talk to us to find out more.

SKILLS, QUALIFICATIONS, KNOWLEDGE & EXPERIENCE REQUIRED

In addition to a passion for cyber and information security, you really must have:

• Skills
• Ability to work independently without supervision and be able make sound decisions based on information available.
• Excellent written and verbal communication skills at all levels. Both internally and with customers,

• Core consulting skills – building client relations; adaptability to changing schedules; reliability and quality of task delivery; flexibility in working hours and locations; team player.

• • A degree and/or MSc. in an engineering discipline and/or cyber security discipline, OR equivalent recognised professional cyber security certification.
• Knowledge and Demonstratable Experience
• 5+ Years delivery experience in a Cyber/Engineering Role.
• Leading delivery of MOD accreditation and secure by design processes (ISN2023/09), associated policies and practices across the lifecycle.
• Experience in the application of standards including NIST Special Publications (e.g. SP 800-30, 37 & 53).
• Application of Defence standards including Defstan 05-138 & Defstan 05-139.
• Experience managing risks and services in accordance with customer, regulatory and legislative expectations.
• Working outside of traditional enterprise IT scenarios extending to proprietary and open-source software, firmware and electronic hardware.
• Developing, evaluating and analysing design constraints, and detailed system and security designs as they pertain to the cyber domain.
• Decomposing cyber and security requirements down to the system control level.
• Conducting cyber and information security risk assessment activities including threat modelling, vulnerability analysis and analysis of mitigations.
• Scoping and managing security verification & validation activities and remedial action plans.
• Coordinating with product engineers, system architects, and developers to provide oversight and guidance in the development of robust solutions, including advising on suitable product or platform lockdown and configurations.

It would be nice if you had:

• Excellent understanding of the engineering lifecycle and key gate review activities.
• Knowledge of current Cryptographic technologies, Key Management Systems & practical COMSEC implementations in line with MOD / NCSC standards.
• Knowledge or experience of Cyber Security & Airworthiness (RCTA-DO-326A/B, 355A & 356A).

Please refer the Job description for details