At Leonardo, we have a fantastic opportunity for a Chief Product Security Engineer to join our team within the Customer Support and Service Solutions (CS3) line of business. CS3 operates across the UK, providing innovative and invaluable support solutions to our customers, development and production of products and coordination of product integration projects to our international customers. We help to ensure the availability of front-line capability wherever and whenever required.
We are looking for an experienced Product security practitioner with expertise in developing and maintaining robust Product security management systems for defence and government customers, covering tangible products and their associated support services.
Within CS3, the term product can be used to include both in-service equipment, and the support solutions/services provided to customers, which in themselves are developed. The Chief Product Security Engineer will take responsibility for ensuring that all security aspects of the product design, development, verification and maintenance of this range of products, through all phases of their lifecycle, have been completed in accordance with policy and process. They will work closely with the product development teams to provide guidance in the product design, implementation and maintenance of appropriate security controls.
What you’ll do as a Chief Product Security Engineer:
Provide security advice and support to product development teams, including in terms of: Deriving Product design, manufacturing and support security requirements Undertaking security risk assessments for Products Preparing Product security risk mitigation plans Review and approval of Security Management plans Security policy maintenance and monitoring Production of LoB security metrics Management of attendance at external security forums, including liaison with Product Security Accreditors and Product Security Assurance Coordinators. Attendance and support to the internal Security Special Interest Group to develop product development security policy. Advise development teams on suitable product or platform lockdown and configurations, and support Penetration test activities. Analyse penetration test results and preparation of remedial action plans. Coordinate and manage delivery of training on Product security to project engineering teams. Lead security incident management teams during incident/crisis situations in conjunction with the Lead Product Security Engineer(s) The Chief Product Security Engineer has delegated authority within the independent Design Integrity function, responsible for the following elements: Security process maintenance and monitoring Security competence framework maintenance and monitoring Assessment of security competence in line with the competency framework Chair and maintenance of a Line of Business security Community of Interest (CoI) Promoting and sharing knowledge and best practice across the division to improve product security awareness and help embed it within ways of working Training the engineering teams with respect to the security framework, policies and processes
#J-18808-Ljbffr
Provide security advice and support to product development teams, including in terms of: Deriving Product design, manufacturing and support security requirements Undertaking security risk assessments for Products Preparing Product security risk mitigation plans Review and approval of Security Management plans Security policy maintenance and monitoring Production of LoB security metrics Management of attendance at external security forums, including liaison with Product Security Accreditors and Product Security Assurance Coordinators. Attendance and support to the internal Security Special Interest Group to develop product development security policy. Advise development teams on suitable product or platform lockdown and configurations, and support Penetration test activities. Analyse penetration test results and preparation of remedial action plans. Coordinate and manage delivery of training on Product security to project engineering teams. Lead security incident management teams during incident/crisis situations in conjunction with the Lead Product Security Engineer(s) The Chief Product Security Engineer has delegated authority within the independent Design Integrity function, responsible for the following elements: Security process maintenance and monitoring Security competence framework maintenance and monitoring Assessment of security competence in line with the competency framework Chair and maintenance of a Line of Business security Community of Interest (CoI) Promoting and sharing knowledge and best practice across the division to improve product security awareness and help embed it within ways of working Training the engineering teams with respect to the security framework, policies and processes
#J-18808-Ljbffr
