Cyber Security and Information Assurance Ref. 1019
Do you want to be part of an organisation that uses cutting edge technology, makes a real difference to the UK, provides excellent development opportunities, and gives you the chance to build an exciting, challenging and varied career? If you already work in the technology sector, our organisation has a wide number of technology-related roles available, to which applicants are able to apply at any time.
Our organisation is tasked with protecting the country’s people, businesses and interests in the cyber age. Working with colleagues in MI5, SIS (MI6), the MOD, the National Crime Agency, the police, academia (and many others), we gather and analyse intelligence from digital and telecommunications sources, and ensure that IT networks, systems and data are secured against hackers and other threats. Nowhere else will you be able to apply your technology expertise in such a unique environment, against such a varied set of challenges and with such interesting colleagues!
Our organisation has headquarters in Cheltenham – geographically located within an hour of Bristol and Birmingham – as well as Bude, Harrogate, Lincolnshire, Manchester, London and Scarborough. Despite the (necessary) secrecy around some of what we do, the urgent nature of our mission means there will always be opportunities to work with partners, industry and academia from across the UK, and even to re-locate between offices.
At our organisation we’re proud of our inclusive and supportive working environment that’s designed to encourage open minds and attitudes. Just as we offer a wide range of roles – specialist, technical as well as more general roles (HR, project management, finance, leadership…) - so too do we welcome applicants from a wide range of backgrounds. To do our job – which involves solving some of the hardest technology problems the world faces - we need all talents and we need people who dare to think differently. In return, along with excellent training and development options, we’re committed to providing a healthy work/life balance that enables you to perform to the best of our ability.
Our organisation's Cyber Security community are a trusted source of world class Cyber Security, and Risk Management research, advice and consultancy services. Join us to build effective relationships with UK Government, Academia and global Industry partners, support the delivery of Government policy, and contribute to maintaining our reputation of being at the forefront of technology.
We play a vital role in safeguarding the UK’s Critical National Infrastructure, data, systems and communications and are key to ensuring that the British Citizen can access UK Government services online safely and securely. We face a variety of challenges every day involving both current and future technologies, so with the help of our research teams we provide vital up-to-date guidance on the use of both current and cutting edge technologies. Our teams collaborate and use bespoke tools to tackle problems and develop solutions encompassing leading edge software and hardware. We are required to stay ahead of the ever changing technical landscape meaning you will have many opportunities to take the initiative and work with various customers.
Tailored development, training and academic sponsorship of our specialists is central to maintaining our status as the National Technical Authority for Information Assurance. Innovation, creativity and diversity are actively encouraged within our community of experts, contributing to the unique opportunities on offer in this high profile and hugely rewarding work. We need a wide range of people and skills, from those who can focus on conducting cutting edge technical research or deliver an agile technical engineering solution to customers, to those who can use their excellent risk management, communication and consultancy skills to build good relationships with our partners to ensure that our technical solutions truly meet their business needs.
Applied Cyber Security Research, Engineering & Consultancy:
Our teams of Cyber Security Researchers, Engineers and Consultants are skilled in a wide range of technologies, and apply their skills to the most challenging questions around products, systems and services. Team members work with experts from across the whole of our organisation, and its partners, to fully understand the technologies being examined, and to give the best possible advice and guidance to our organisation’s customers - both in industry and the UK Public Sector. Team members are also able to engage on the hardest assurance problems faced by Government and provide pragmatic and effective options to address them.
• Cryptographic Engineers: Cryptographic Engineers develop technical specifications for systems that use cryptography to protect HMG information assets, working closely with industry and Government partners.
• Cryptographic Consultants: Cryptographic Consultants carry out the evaluation of a range of cryptographic products for conformance to the relevant standards, dependent on the intended product use. Evaluations cover a range of information assurance activities, including the application of the relevant encryption standard and implementation, the management of associated keys, anti-tamper solution, vulnerability assessment, and the working environment, including witnessing security function testing.
• Commercial Assurance Consultants: Commercial Assurance Consultants work closely with commercial product and service developers (both large and small; UK and multinational) and with commercial evaluation facilities to enable the expert security analysis of key technologies, as well as setting the technical direction (and standards) for GCHQ’s commercial assurance schemes.
• Identity Assurance Researchers and Consultants: Identity Assurance Researchers and Consultants are responsible for providing advice to Government around the use of identity technologies (biometrics, smart cards etc.); utilising a mixture of skills including hardware and software, analytical skills plus in-depth understanding of how identity technologies work.
• Microelectronic Engineers and Researchers: Microelectronic Engineers and Researchers collaborate using their knowledge of physical and mathematical sciences to develop a deep understanding of the fundamental principles underpinning the functions of hardware technologies, as well as understanding the hardware implementation technologies. They identify vulnerabilities and devise suitable technical mitigations where necessary, to enable them to be used to satisfy IA requirements.
• Information Assurance Engineers: IA Engineers conduct research into a range of engineering practices and processes from Systems Design to Software Engineering. They use this to work with customers to ensure that IA is properly considered at all points within the Engineering lifecycle. These roles require knowledge of various aspects of the Engineering lifecycle as well as an understanding of Information Security and Risk Management and an ability to apply it in order to prevent security issues and associated costs arising late in the Engineering process.
• Network Defence Researchers: Network Defence Researchers conduct research to gain a deep understanding of areas such as platform security, mobile technology, vulnerabilities, security, cryptography applications and processor technologies to better defend the UK against emerging threats and build expertise as part of the UK National Technical Authority for Cyber Security and Information Assurance.
• Information Assurance Architects: The IA Architects provide technical architectural guidance to our organisation and HMG. The motivation behind the team is to engage customers early in the design process bringing deep technical knowledge and experience of other systems to build in security from the outset and avoid potential problems and expense further down the line. These posts benefit from their own tailored development program to ensure IA Architects remain at the forefront of their field.
Security and Information Risk Management Advisors (SIRA):
Our Information Risk Management teams are specialists with broad Information Assurance (IA) and technical knowledge. Clear communicators, they are capable of offering guidance to a wide range of customers ranging from our organisation to Critical National Infrastructure and HMG.
• Accreditors: Accreditors offer independent assessments ensuring assets (i.e. people, information, infrastructure and facilities) and services are appropriately protected using controls which are proportional to the threats while supporting the business objectives locally within our organisation and across HMG.
• Security and Information Risk Management Advisors (SIRAs): SIRAs provide advice and guidance on Risk Management supporting customers across UK Government and the Critical National Infrastructure with a variety of skills and knowledge. They work closely with technical experts to deliver Risk Management solutions. They are also responsible for all aspects of the life-cycle of national Information Assurance policy and risk management guidance as it is applied to HMG, the wider public sector and supply chain. These posts benefit from their own tailored development program to ensure IA Architects remain at the forefront of their field.
Cyber Security, Incident and Threat Specialists:
Our Cyber Security, Incident and Threat Specialists are at the forefront of protecting our organisation and HMG assets from foreign intelligence services and emerging Cyber threat actors. They triage and manage all intrusions, threats and incidents ensuring the protection and availability of Government assets.
• Intrusion Analysts: Intrusion Analysts are required to triage alerts from numerous types of IT security controls. They investigate alerts relating to actual or suspected security incidents, escalating via the appropriate incident management process when required. They are also responsible for improving Intrusion Detection capability by being aware of the latest cyber attack techniques, reducing false positive alerts, and writing attack signatures.
• Threat Assessors: The Threat Assessment role involves compiling information on the capabilities and motivation of foreign intelligence services and other threat actors and then presenting this in a variety of forms to illustrate technical threat and assist customers in understanding the threats relevant to them.
• Cyber Security Incident Managers: Incident Managers are required to respond to suspected or actual computer security incidents. Their objective is to identify if an incident has occurred, assess the impact and manage virtual teams to ensure all available resources are used to limit the impact of the incident.
REQUIREMENTS FOR THESE ROLES
You will have at least 2 years relevant industry experience for one of the above roles.
For all these roles, we will also be looking for evidence of:
• A keen interest in the latest technology, particularly security technologies.
• A wide awareness of Cyber Security across Government and Industry.
• You can understand customer’s needs and deliver bespoke services.
• You can collaborate effectively within a team environment.
• You have good communication skills.
• You are keen to develop personally and help others do the same.
To apply for this role you will need workplace experience of at least a year. If you are a current or recent graduate please consider our Technical Graduate Opportunities which we will be launching autumn 2017
Competitive package based on qualifications and experience
Bude, Cheltenham, London, Scarborough, Manchester, Lincolnshire, Harrogate (All sites are within 30 mile radius of the location centre). Please note that there may not be vacancies at every location, and it may not be possible to offer a position at any of your selected locations.
INTERVIEW AND SELECTION PROCESS
Following initial eligibility and technical sifts, the recruitment process will comprise a competency-based interview with technical staff and members of our HR department.
Interviews to be held regularly throughout the year.