Security Architect (Urgent Requirement)

Job content

Expleo is a trusted partner for end-to-end, integrated engineering, quality services and management consulting for digital transformation. We help businesses harness unrelenting technological change to successfully deliver innovations that will help them gain a competitive advantage and improve the everyday lives of people around the globe.

We are searching for a skilled Security Architect for our client to ensure the principle of “secure by design” is driven into customer deliverable contracts and internal Cyber business programmes through the development or review of architectures so that they:

• Fit business requirements for security
• Mitigate the risks and conform to the relevant security policies
• Balance information risk against cost of countermeasures
  
  

The Security Architect enables the design and implementation of secure enterprise level system architectures. To achieve this objective he/she will be positioned as the lead security Information Assurance (IA) on projects where he/she will liaise closely with the SDA, System Element SMEs, TM and PMO to advise and direct the evolution of the system design towards a secure architecture that satisfies the security requirements, complies to relevant security policies, standards and achieves the necessary accreditation.

He/she will have a firm understanding of the overall system Accreditation process with knowledge of the key accreditation artefacts that must be produced, Accreditation milestones, Risk Assessment methodologies and Risk Treatment techniques, and supporting evaluation/certification standards (e.g. ISO 27001, CAPS, CTAS, CHECK). He/she will contribute to the delivery of Accreditation artefacts, in particular the details of the security architecture (e.g. within an RMADS) and the technical countermeasures applied to the Risk Treatment Plan.

The Security Architect will foster a professional working relationship with the relevant accreditation authorities (e.g. NCSC, MoD ISS DAIS, NSAB) and third party security bodies (CHECK, CTAS, CAPS) where he/she will host regular workshops to walkthrough, explain and analyse the security architecture. He/she will also attend necessary Security Working Groups (SWGs) where he/she will be a key Airbus representative and provide valuable technical security and IA contribution.

The Security Architect will be involved in customer contracts at all phases of the lifecycle from bid stage to delivery ensuring “secure by design” is instilled in projects at conception. He/she must have an understanding of the security requirements for the “in-service” phase during the design phase in order to ensure:

• Necessary protective Monitoring services (e.g. SOC/NOC) can be “bolted on” without compromising the security architecture
• A complete and effective Assurance Maintenance Plan (AMP) is applied
  
  

The Security Architect will support continual improvement in the Cyber business by undertaking the following:

• Working closely with relevant stakeholders (Government Security Officer, IM Security, Cyber leads, MoD/NCSC Accreditation teams) to agree and approve security enhancements
• Driving improvements in the Development Security Management Plan (DSMP) and Manufacturing Security Plan (MSP), ensuring security governance is appropriately managed through the supply chain and compliant to relevant standards (e.g. DefStan 05-138), and being a key decision maker in the approval of new suppliers
• Producing and owning Security Management Plans (SMPs) for Cyber business areas/frameworks
• Contributing to the evolution of the security and capability of internal development environments
• Driving improvements in process efficiency and quality through, for example, choice of better security tooling/application for the Cyber business
  
  

Responsibilities

• Identifies information risks that arise from potential solution architectures
• Designs alternate solutions to mitigate identified information risks
• Ensures that alternate solutions or countermeasures mitigate identified information risks
• Applies ’standard’ security techniques and architectures to mitigate security risks
• Develops new architectures that mitigate the risks posed by new technologies and business practices
• Provides consultancy and advice to customers on Information Assurance (IA) and architectural problems
• Supervises Security SMEs reporting to them
• Keep informed on emerging Cyber security technologies and architectural patterns
• Keep up to date on security policies, standards, evaluation/certification processes (e.g. ISO 27001, MOD JSPs, NCSC guidelines, NATO directives/guidelines)
• Understand and avoid NCSC identified common “anti-patterns”
  
  

Qualifications

• STEM related Degree
  
  

Desirable:

• Masters Degree in Information Security or equivalent
• NCSC CCP Senior Cyber/IA Security Architect
• NCSC CCP Senior SIRA
  
  

Skills

• Architectural frameworks (e.g. TOGAF/MODAF, SABSA)
• Secure architectural patterns (e.g. NCSC/NATO APs)
• MoD/NCSC/NATO Accreditation methodologies and security standards (e.g. JSP 440, JSP 604, ISO 27001)
• Capture and understand information flows through a system
• Vulnerability Analysis: Understanding of attack vectors (technical and physical) against a system
• Technical/procedural countermeasure solutions/products and mitigation techniques proportionate to the risk posed (e.g. MFA, Diode, Gateway, IDS/IPS, PKI, RBAC, CAPS products)
• Knowledge of latest security technologies and defence in depth approach including but not limited to:
• Boundary protection services/devices: Next Gen Firewalls, VPN, IDS/IPS, WiFi security, Data Diode, Web/Mail/directory proxies, DLP
• Hosting security: Server platform lockdowns, Virtualisation security
• Application security: Secure Gateways, Application proxies, DB security
• End User Device (EUD) security: Client lockdown, Drive Encryption, DLP,
• Anti-malware: Server AV, Client AV, network-borne AV, mail gateway AV
• Protective Monitoring/SOC Services: SIEM, Vulnerability Analysis/Scanners, IDS/IPS, Alerting/Reporting use cases
• Desirable:
• Experience/knowledge of SATCOM solution
  

What Do I Need Before I Apply

• Location is in Newport- there may be some remote working but mostly site based with one – two days per week working in Client’s Farnborough Office
• Current SC Clearance Required
• Occasional Travel within the UK and possibly Norway for meetings
  
  

Benefits

• Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
• Always working as one team, our people are not afraid to think big and challenge the status quo
  
  

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.