hat you’ll be doing:

• Taking the cyber security lead on projects and bids, providing cyber security advice and guidance to all stakeholders, including systems and software engineers, technical authorities, engineering and project managers, and the wider business and customer communities, throughout the whole project lifecycle and at all classifications.
• Interpreting security guidance from external sources such as JSP440/604, NCSC and NIST.
• Performing security risk assessments using recognised methodologies to identify and prioritise cyber security and cyber resilience risks and identifying appropriate controls and mitigations to manage those risks.
• Achieving and maintaining security accreditation or security assurance as required, including assessing the impact to security of all proposed changes.
• Scoping and managing testing by external penetration test companies and ensuring remediation activity is performed to completion.
• Supporting security within the supply chain, including meeting the requirements of the Defence Cyber Protection Partnership plus our own company initiatives.
• Producing security documentation such as RMADS and SyOPs.

Your skills and experiences:

Essential

• Experience of cyber security engineering delivery and accreditation within the Defence domain, including identifying cyber security risks using a recognised methodology and the commensurate controls and mitigations required to manage those risks
• Ability to interact at a technical level with systems, software and hardware engineers and to articulate security advice directly to key stakeholders within both the business and the customer community.
• Degree qualified in Information/Cyber Security, IT, Engineering, Mathematics, or Science, or alternatively equivalent qualifications and/or experience

Desirable

• Knowledge and experience in HMG IAS1&2 or similar security risk assessment methodology, JSP440/JSP604/JSP490, NCSC guidance, NIST, ISO 27001 and industry-standard security frameworks.
• Defence, systems or software engineering background. CCP, CISSP, CISM or similar, GCHQ Certified Degree, ex-CLAS.

Benefits:

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive.

The Cyber Security team:

You will be joining a team of enthusiastic cyber security specialists who are committed to supporting the wider business in delivering products that will protect our customers’ information and maintain operational effectiveness, even whilst under cyber attack.

The team work on a variety of prestigious and long-term projects for the MOD and other customers, giving you the opportunity to gain and develop a deeper understanding of security risks and mitigations.

Project sectors include Deployed and Static Networks, Command and Control Systems, Secure Gateways, Tactical Data Links, Mission Systems, Mission Planning, Logistics Support and Training Infrastructure and Services.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.