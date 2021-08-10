Transport Security Consultant

Day-to-day accountability to Cyber Security Design Authority

Line management to Head of Cyber and Network Security

Head of Engineering Capability

Heads of Engineering Delivery

Head of Technical Solutions

Head of Technical Safety and Systems Assurance

Bid and Project Managers, Solution Engineering Managers, Project Safety Managers, Project Design Authorities

Key project and functional stakeholders

Key project stakeholders

Contact with Special Interest Groups or other specialist industry security forums

Key customers

You have a bachelor's or a master's degree from university or engineering school in the field of Engineering, Control Systems or Cybersecurity and/or you have 10+ years of cybersecurity experience, including working within industrial environments that are seen as a value proposition on crucial and sensitive programs, such as critical national infrastructure. (Experience will be considered in lieu of formal qualifications)

You have demonstrable experience of cyber physical system security in safety critical environments and can understand operational technology systems, industrial internet of things, & key components, or you can demonstrate a willingness to learn the unique cybersecurity challenges of the cyber-physical through having gained appropriate education/certifications.

You will have an in-depth understanding of operating systems, network/system architecture, and IT architecture design

You are able to manage security risks through the identification of vulnerabilities, the assessment of exposure, the likelihood and severity of the risk in a quantitative or qualitative format that follows an industry recognized risk assessment methodology, such as ISA 62443-3-2, IRAM2 or FAIR

You are able to demonstrate your understanding of the policies and standards that are required for Ground Transport Systems / Critical National Infrastructure and are familiar with Ground Transportation Systems or have experience in a similar industry such as power, oil & gas, water, chemical, or manufacturing.

You are able to work with customers and technical teams, have the ability to provide specific recommendations on technical environments, and can advise and give support to the rest of the engineering teams

Strong technical and business communications at all levels

An understanding (at least at a conceptual level) of the ISA 62443 standards and a willingness to learn to expert level

Ability to work collaboratively within an integrated team, strategically driven in a stimulating environment to meet stretched challenges/timescales;

Technical and personnel leadership skills;

Knowledge of railway systems and assets, particularly railway signalling, voice and data communications, supervision, control and information systems

Experience in Systems Engineering, Technical Safety Engineering, Systems Assurance within the rail industry.

The ideal candidate will possess a deep understanding of ICS fundamentals including, but not limited to, knowledge and experience with:

distributed control system (DCS) and supervisory control & data acquisition (SCADA) architecture and the role of common system components

understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment

knowledge of IT and OT security best practices and understanding of the differences

understanding of protocols common in ICS environments including TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, and PROFINET

preparation, review, and maintenance of documents, policies, and standards governing the security operations for ICS equipment and networks.

Desirable cybersecurity qualifications include, but are not limited to:

ISA/IEC 62443 Cybersecurity Fundamentals Specialist.

ISA/IEC 62443 Cybersecurity Risk Assessment Specialist

ISA/IEC 62443 Cybersecurity Design Specialist

ISA/IEC 62443 Cybersecurity Maintenance Specialist

ISA/IEC 62443 Cybersecurity Expert

Certified SCADA Security Architect (CSSA)

SANS Global Industrial Cyber Security Professional (GICSP)

SANS GIAC Response and Industrial Defense (GRID)

CISSP-ISSAP (Information Systems Security Architecture Professional)

Creates customer intimacy, listens fully and creates value for the client

Builds trust and empowers others in their work, embraces diversity and shows compassion in partnering beyond organisational boundaries to achieve common goals

Imagines the future by looking ahead to design ingenious solutions. Takes smart risks and accepts failure as a way to learn

Thinks disruptively and appropriately challenges others and is prepared to be challenged

Adapts their style to efficiently meet changing situations

Is proactive and agile with the capacity to propose new ideas and embrace continuous improvement

Energises others and invests time in sharing knowledge and helping others grow

Transport Security ConsultantMy client is embarking on an ambitious growth plans to help meet their customer's digital transformation challenges. They are working on some significant bids with high profile partners and these exciting future projects require talented engineers to design, innovate and deliver solutions to shape the future of their organisation. Alongside this exciting growth they are also embarking on ambitious plans to develop their Digital solutions. As a key part of enabling this vision and growth, they are looking for a Transport Security Consultant to support the delivery of secure solutions to our customers.Primary Purpose of the Role:Reporting indirectly, but functionally, to the Cyber Security Design Authority, the Transport Security Consultant will deliver the cyber security engineering activities or the Cyber Security Management Activities on specific bids and/or projects, as directed.The key objective will be to deliver solutions that are secure by design, by:· Supporting the production of security design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system, the undesirable security consequences and produces pragmatic security controls and traceable security requirements that will influence the secure solution design.· Identifying and analysing threats, vulnerabilities and unwanted security consequences, and maintaining their traceability to security requirements with support from the project engineers and relevant SMEs as required.· Supporting and guiding the process of taking a system through acceptance and accreditation by the governing risk management group in the customer organisation and produce a supporting security case.· Supporting the project alignment to security policies and engineering practices as well customer/industry standards and policies· Providing estimates for security engineering activities in the bid process and identifying specialist suitably qualified and experienced persons (SQEP) to carry out tasks.· Creating and managing the security management plan and gaining agreement from the Cyber Design Authority.· Identifying legislation, regulation, standards and policy relating to the solution and monitoring changes.· Creating and maintaining the project security risk log.· Constructing and articulating a valid and acceptable security case.· Defining and presenting overarching security approach/architecture· Agreeing the security controls (in collaboration with relevant product/project design leads)· Liaises with wider stakeholders for solution security (e.g. accreditor or wider system security authority)· Supporting audits and the investigation of cyber security incidents.· Risk assessing and analysing technical debt and legacy systems, recommending measures to manage risk· Tasking other Security Engineers in a team leadership role, as and when additional resources are brought in to undertake project security activities.· Undertaking the activities identified in the Security Management Plan as directed by the Project Cybersecurity Manager.· Ensuring that identified security requirements are recorded and are included and tracked throughout the project/product development. (Noting security requirements are a combination of customer stipulated, regulator driven and derived/implied requirements)· Maintaining the log and traceability of security requirements to security controls and associated assurance evidence.· Collating and configuring the evidence necessary to complete the security case, such as demonstrating that a solution is acceptably secure.· Creating reports and artefacts to support the security case, including internal/customer deliverable items.· Reviewing observations and reports from users or maintainers and defining corrective actions to maintain the solution security case where necessary.Principal Relationships:Skills and Qualifications:Essential· You have demonstrable knowledge of vulnerabilities in hardware and software, how these relate to people and process vulnerabilities, how vulnerabilities occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.· Understanding of the software development lifecycle processes for implementing secure software from the design of the software to the operational use of the software.· High standards in written report and design documentation.Desirable· Familiarity with Ground Transportation Systems / industry.Values & Behaviours:

