Cyber Security and Information Assurance Ref. 1019
GCHQ’s Cyber Security community are a trusted source of world class Cyber Security, and Risk Management research, advice and consultancy services. Join us to build effective relationships with UK Government, Academia and global Industry partners, support the delivery of Government policy, and contribute to maintaining our reputation of being at the forefront of technology.
We play a vital role in safeguarding the UK’s Critical National Infrastructure, data, systems and communications and are key to ensuring that the British Citizen can access UK Government services online safely and securely. We face a variety of challenges every day involving both current and future technologies, so with the help of our research teams we provide vital up-to-date guidance on the use of both current and cutting edge technologies. Our teams collaborate and use bespoke tools to tackle problems and develop solutions encompassing leading edge software and hardware. We are required to stay ahead of the ever changing technical landscape meaning you will have many opportunities to take the initiative and work with various customers.
Tailored development, training and academic sponsorship of our specialists is central to maintaining our status as the National Technical Authority for Information Assurance. Innovation, creativity and diversity are actively encouraged within our community of experts, contributing to the unique opportunities on offer in this high profile and hugely rewarding work. We need a wide range of people and skills, from those who can focus on conducting cutting edge technical research or deliver an agile technical engineering solution to customers, to those who can use their excellent risk management, communication and consultancy skills to build good relationships with our partners to ensure that our technical solutions truly meet their business needs.
Applied Cyber Security Research, Engineering & Consultancy:
Our teams of Cyber Security Researchers, Engineers and Consultants are skilled in a wide range of technologies, and apply their skills to the most challenging questions around products, systems and services. Team members work with experts from across the whole of GCHQ, and its partners, to fully understand the technologies being examined, and to give the best possible advice and guidance to GCHQ’s customers - both in industry and the UK Public Sector. Team members are also able to engage on the hardest assurance problems faced by Government and provide pragmatic and effective options to address them.
- Cryptographic Engineers: Cryptographic Engineers develop technical specifications for systems that use cryptography to protect HMG information assets, working closely with industry and Government partners.
- Cryptographic Consultants: Cryptographic Consultants carry out the evaluation of a range of cryptographic products for conformance to the relevant standards, dependent on the intended product use. Evaluations cover a range of information assurance activities, including the application of the relevant encryption standard and implementation, the management of associated keys, anti-tamper solution, vulnerability assessment, and the working environment, including witnessing security function testing.
- Commercial Assurance Consultants: Commercial Assurance Consultants work closely with commercial product and service developers (both large and small; UK and multinational) and with commercial evaluation facilities to enable the expert security analysis of key technologies, as well as setting the technical direction (and standards) for GCHQ’s commercial assurance schemes.
- Identity Assurance Researchers and Consultants: Identity Assurance Researchers and Consultants are responsible for providing advice to Government around the use of identity technologies (biometrics, smart cards etc.); utilising a mixture of skills including hardware and software, analytical skills plus in-depth understanding of how identity technologies work.
- Microelectronic Engineers and Researchers: Microelectronic Engineers and Researchers collaborate using their knowledge of physical and mathematical sciences to develop a deep understanding of the fundamental principles underpinning the functions of hardware technologies, as well as understanding the hardware implementation technologies. They identify vulnerabilities and devise suitable technical mitigations where necessary, to enable them to be used to satisfy IA requirements.
- Information Assurance Engineers: IA Engineers conduct research into a range of engineering practices and processes from Systems Design to Software Engineering. They use this to work with customers to ensure that IA is properly considered at all points within the Engineering lifecycle. These roles require knowledge of various aspects of the Engineering lifecycle as well as an understanding of Information Security and Risk Management and an ability to apply it in order to prevent security issues and associated costs arising late in the Engineering process.
- Network Defence Researchers: Network Defence Researchers conduct research to gain a deep understanding of areas such as platform security, mobile technology, vulnerabilities, security, cryptography applications and processor technologies to better defend the UK against emerging threats and build expertise as part of the UK National Technical Authority for Cyber Security and Information Assurance.
- Security Architects: The Security Architects provide technical architectural guidance to GCHQ and HMG. The motivation behind the team is to engage customers early in the design process bringing deep technical knowledge and experience of other systems to build in security from the outset and avoid potential problems and expense further down the line. These posts benefit from their own tailored development program to ensure Security Architects remain at the forefront of their field.
Cyber Security Consultants:
Our Information Risk Management teams are specialists with broad Information Assurance (IA) and technical knowledge. Clear communicators, they are capable of offering guidance to a wide range of customers ranging from GCHQ to Critical National Infrastructure, HMG and the wider public sector.
- Accreditors: Accreditors offer independent assessments ensuring assets (i.e. people, information, infrastructure and facilities) and services are appropriately protected using controls which are proportional to the threats while supporting the business objectives locally within GCHQ and across HMG.
- Cyber Security Consultants: Our Cyber Security Consultants provide advice and guidance on Security and Information Risk Management supporting customers across UK Government, the wider information and the Critical National Infrastructure with a variety of skills and knowledge. They work closely with technical experts to deliver Risk Management solutions. They are also responsible for all aspects of the life-cycle of national Information Assurance policy and risk management guidance as it is applied to HMG, the wider public sector and supply chain. These posts benefit from a tailored development program to ensure Cyber Security Consultants and Accreditors remain at the forefront of their field.
Cyber Security, Incident and Threat Specialists:
Our Cyber Security, Incident and Threat Specialists are at the forefront of protecting GCHQ and HMG assets from foreign intelligence services and emerging Cyber threat actors. They triage and manage all intrusions, threats and incidents ensuring the protection and availability of Government assets.
- Intrusion Analysts: Intrusion Analysts are required to triage alerts from numerous types of IT security controls. They investigate alerts relating to actual or suspected security incidents, escalating via the appropriate incident management process when required. They are also responsible for improving Intrusion Detection capability by being aware of the latest cyber attack techniques, reducing false positive alerts, and writing attack signatures.
- Threat Assessors: The Threat Assessment role involves compiling information on the capabilities and motivation of foreign intelligence services and other threat actors and then presenting this in a variety of forms to illustrate technical threat and assist customers in understanding the threats relevant to them.
- Cyber Security Incident Managers: Incident Managers are required to respond to suspected or actual computer security incidents. Their objective is to identify if an incident has occurred, assess the impact and manage virtual teams to ensure all available resources are used to limit the impact of the incident.
REQUIREMENTS for these roles
You will have at least 2 years relevant industry experience for one of the above roles.
For all these roles, we will also be looking for evidence of:
- A keen interest in the latest technology, particularly security technologies.
- A wide awareness of Cyber Security across Government and Industry.
- You can understand customer’s needs and deliver bespoke services.
- You can collaborate effectively within a team environment.
- You have good communication skills.
- You are keen to develop personally and help others do the same.
To apply for this role you will need workplace experience of at least a year. If you are a current or recent graduate please consider our Technical Graduate Opportunities which we will be launching autumn 2017
SALARY– Competitive package based on qualifications and experience
LOCATION – Bude, Cheltenham, London, Scarborough, Manchester (All sites are within 30 mile radius of the location centre).
Please note that there may not be vacancies at every location, and it may not be possible to offer a position at any of your selected locations.
INTERVIEW and SELECTION PROCESS
Following initial eligibility and technical sifts, the recruitment process will comprise a competency-based interview with technical staff and members of our HR department.
Interviews to be held regularly throughout the year.