Description
Cyber Security
Engineer Location: Farnborough, UK
Looking for an opportunity to make an impact?..
Role Overview :
Everything we do is built on a
commitment to do the right thing for our customers, our people and our
community. Our mission and our values guide the way we do business.
The foundation of our Leidos culture is our Values, Beliefs and
Expectations by which we select, recognise and reward employees. They
create the environment that drives us toward our mission.
Inspired to make a difference, we are committed to solving the
world’s toughest problems. Passionate about customer success by being
determined to understand and respond to our customers’ needs as if
they were our own.
United as a team, we are bound together by
our conviction that ethics and integrity is core to how we operate.
Because of a key strategic development and a new exciting
business opportunity, we have a requirement for a security-cleared
Cyber Security Engineer based in the UK working at our
Farnborough site and remotely.
Leidos has more than 30 years’
experience of developing and running some of the largest government
systems in the world. We are currently hiring to expand our UK based
technical team who support our delivery for the UK Govt.
Come
join our team and further develop your skills as we deliver and
support systems key to the defence of the UK and partner nations.
Being part of the Leidos team is a commitment to push yourself
and those around you to do better, constantly adapt and learn new
technologies. We’re a passionate team and are committed to developing
and growing our staff.
Leidos is a global science and
technology solutions leader working to solve the world's toughest
challenges in the defence, intelligence, homeland security, civil, and
health markets. The company's 33,000 employees support vital missions
for government and commercial customers.
What Will You Be
Doing?
As a result of some exciting programme wins, we
currently have a permanent vacancy for a Cyber Security Engineer to
support the development and transition into live of a new IT
application and infrastructure solution providing support to a
critical operational end user.
Leidos is seeking an
enthusiastic protective security specialist to lead the implementation
and assurance of security within a key defence project. The incumbent
will possess specialist skills in all areas of protective and
information security and have demonstrable experience of applying
security frameworks such as Government Functional Standard 007.
You will be joining a team of highly skilled and highly
motivated individuals who are working on one of the UKs leading
programmes.
Required Skills:
The Cyber Security
Engineer plays a crucial role in protecting THOR IT infrastructure by
using a blend of technical expertise and strategic planning to ensure
that the digital infrastructure remains secure from various types of
attacks and vulnerabilities. You will be responsible for planning and
implementing appropriate security controls to ensure that the
information within THOR is kept secure.
Key
functions/outputs:
1. Vulnerability Scanning & Reporting
2. Endpoint Security
3. Incident Management & Tickets
4. System Hardening
5. Change Work
6.
Participation in Regular Meetings
7. Documentation
Main Objectives:
Vulnerability Scanning &
Reporting
Perform regular vulnerability scans and generate
reports utilising the below tool sets or similar. The process should
be focused on ensuring that the below tool sets are kept up to date
and ensure that scans are performed regularly to help assist the
Vulnerability and Patch Manager with identifying weaknesses in the
system.
- Code Scans: perform regular code scans to audit
code quality metrics, potential bugs, and security vulnerabilities.
- Vulnerability Management Tooling: perform regular
Vulnerability Management Scans and ensure that the warehouse and
plugins are kept up to date to capture new vulnerabilities.
- Reporting: assist the Vulnerability and Patch Manager with
generating regular vulnerability management reports, which are to be
provided to the THOR cyber security and IA lead.
Endpoint Security:
- Endpoint Protection:
perform regular updates to Endpoints to ensure the latest packages are
applied and policies are amended to keep up to date with new and
emerging threats.
- Antivirus and Anti-malware Protection:
perform compliance checks to ensure that antivirus and anti-malware
protection is deployed successfully and being kept up to date by the
relevant team.
- Network Controls: perform compliance checks
and regular audits of network controls (i.e. firewall rules) to ensure
that unauthorised access and threats are being blocked.
- Access Control: ensuring that access controls have been
implemented correctly to only allow authorised users to gain access to
certain data and systems.
Incident Management &
Tickets:
- Incident Identification: help to recognise
and confirm potential incidents through alerts, logs and user reports.
This includes distinguishing between true threats and false positives.
- Incident Response: respond to potential security breaches or
cyber-attacks. The main effort should focus on containment, mitigating
the damage, investigation of the root cause of the incident and
restoring to normal operations.
- Ticket Requests: respond to
and resolve any tickets raised to the Leidos Security group on SD+
that require Cyber Security Engineering input.
System
Hardening:
- Patch Updates to Security Products: ensure
that the security tool sets are kept up to date with regular security
patches and software updates to fix vulnerabilities and improve system
security.
- System Compliance: perform regular system
compliance audits and updates to ensure that the systems are compliant
with industry best practices. This includes CIS, STIG, NIST etc.
- Security Enforcing Function Configuration: Assist in the
design, reviews and updates to security enforcing functions (i.e. GPOs
or System Policies) and system controls to ensure that they are
compliant and fit for purpose.
- Vulnerability Assessments:
conduct periodic assessments to identify and address potential
vulnerabilities.
Change Work:
- Security Impact Triage Tool (SITT): Assist in evaluation
and impact assessment of system change to security posture of the
environments.
- Security Evaluation, Testing and Assurance
(ST&V): perform Security, Evaluation, Testing and Assurance activities
for any new changes that are planned in as part of PI Planning.
Participation in Regular Meetings:
Cyber
Security Engineers are expected to lead or attend numerous meetings
that require their input. This may include the following depending on
work activity.
- Security Working Group (SWG
- Vulnerability Triage
- Security Workshop
- PI
Planning
- Daily Standups (Blue/Green Team)
Documentation:
Cyber Security Engineers are
responsible for creating, maintaining and reviewing detailed
documentation. This includes High-Level & Low-Level Designs (HLD/LLD),
Standard Operating Procedures (SOP) and compliance reports, and other
ad-hoc security documentation, etc.
Clearance Requirements:
- Clearance to Start SC
- Clearance for Role DV
Intrigued? We’d love to hear from you...
What we do for you:
At Leidos we are PASSIONATE
about customer success, UNITED as a team and INSPIRED to make a
difference. We offer meaningful and engaging careers, a collaborative
culture, and support for your career goals, all while nurturing a
healthy work-life balance.
We provide an employment package that
attracts, develops and retains only the best in talent. Our reward
scheme includes:
• Contributory Pension Scheme
•
Private Medical Insurance
• 33 days Annual Leave (including
public and privilege holidays)
• Access to Flexible benefits
(including life assurance, health schemes, gym memberships, annual buy
and sell holidays and a cycle to work scheme)
• Dynamic
Working
Commitment to Diversity:
We
welcome applications from every part of the community and are
committed to a truly diverse and inclusive culture. We foster a sense
of belonging, welcoming all perspectives and contributions, and
providing equal access to opportunities and resources for everyone.
If you have a disability or need any reasonable adjustments during the
application and selection stages please let us know, and we will
respond in a way that best fits your needs.
Who We Are:
Leidos UK & EUROPE – we work to make the
world safer, healthier, and more efficient through technology,
engineering and science.
Leidos is a growing company
delivering innovative technology and solutions focused on safeguarding
critical capabilities and transformation in frontline services, our
work in the United Kingdom includes addressing some of the most
complex problems in defence, healthcare, government, safety and
security, and transportation.
What Makes Us Different:
Purpose: you can use your passion and abilities at
Leidos to keep the people you care about safe. We are at the forefront
of machine learning, AI, cyber security and solutions. Using your
skills in the technology frontline by helping to build a safer world.
You can inspire change.
Collaboration:
having flexibility to do your job is one of our core
benefits, enabling you to become part of our extraordinary team. We
have been empowering our people to work flexibly for years. Whether
you work from home, the office or on customer sites, we will give you
the digital tools and the flexibility to work smarter and align your
needs and ours.
People: Leidos
empowers people from every background to be themselves
and gives you the tools to learn new skills by enabling growth
whilst developing . We believe that
extraordinary people need opportunities to grow, to be inspired
and to inspire others. At Leidos, we invest in technical
academies, career rotations and a career development plans that
enhance your future.
Original Posting Date:
2024-11-11
While subject to change based on business needs,
Leidos reasonably anticipates that this job requisition will remain
open for at least 3 days with an anticipated close date of no earlier
than 3 days after the original posting date as listed above.
Pay Range:
The Leidos pay range for this job level is a general guideline only
and not a guarantee of compensation or salary. Additional factors
considered in extending an offer include (but are not limited to)
responsibilities of the job, education, experience, knowledge, skills,
and abilities, as well as internal equity, alignment with market data,
applicable bargaining agreement (if any), or other law.