MOJ Cyber Security Engineer

Role: Cyber Security Engineer

Contract Length: 6 MONTHS

Location: Must be able to work at least 2 days a week / any office in most major cities. Ideally Birmingham OR London

Minimum Requirement: CV’s must show evidence of consultancy in a complex environment.

Work on the most complex and riskiest services providing detailed cyber security advice and guidance to the teams. Use knowledge from Cyber Risk Advisors, to identify relevant threats to systems.

Propose and develop security mitigations to address identified threats. Work with suppliers and delivery teams to ensure mitigations are implemented at an appropriate point in the delivery lifecycle. Advise on risks that emerge as a result of incomplete or ineffective delivery.

Assess the alignment of cyber security for products and projects with business and statutory legislation, and with government requirements. Assist teams in the preparation of security governance materials, such as Data Protection Impact Assessments, and support governance processes such as Service Assessments from a security perspective.

Essential Skills and experience:

A thorough understanding of HMG policies and guidance, especially regarding requirements and controls around the Government Security Policy Classification, mainly at OFFICIAL.

Worked with agile teams, delivering working software incrementally.

Secured web applications and cloud infrastructure environments (AWS/Azure) against vulnerabilities, and applied common and innovative remediation techniques.

Secured AWS components, in particular IAM, S3 and EC2.

Knowledge of security monitoring, prevention and control systems including but not limited to firewalls, IDS/IPS, web proxies, antivirus and log correlation solutions.

Designing secure systems, including design and review of system architectures through the application of patterns and thinking to reduce cyber security problems.

Threat modelling and assessment, including performing structured evaluation of proposed or implemented complex systems to identify likely cyber security problems.

Be able to provide examples of proposing realistic and pragmatic mitigations that address these problems, and working with a product / project team to implement the mitigations effectively into their work.

Enabling and informing risk based evaluation, providing evidence of working with risk advisors to advise and give feedback, in particular advising on risk impact.

Participating in research and innovation, evidenced by advising on developments regarding security properties in technology.

Also showing ability to identify new technologies and design the use of these in the business context.

Michael Bailey International is acting as an Employment Business in relation to this vacancy.