Principal Security Consultant

Job DescriptionThe opportunity Leonardo UK is seeking a proven and experienced Principal Consultant to join the Cyber & Security Solutions Division team. This role is focused on the delivery of one of the company’s core products to an existing customer. This role will lead a team that will oversee, co-ordinate and deliver all facets of cyber and information security related to the delivery across an engineering lifecycle – from requirements all the way through to in-service support and maintenance.This is an exciting opportunity at the very beginning of a significant programme, during which you will ensure that the product and associated deliverables are as secure as reasonably practicable, and in accordance with customer’s requirements and risk appetite. You will be supported in this role as part of a larger consulting team, engineers and product domain specialists.Your work at Leonardo UK will see you take the lead in solving customer problems in an agile, innovative and team-centric manner. The role may involve a blended hybrid working model, with a mixture of working from home and working on site at one of our Leonardo offices and closely with our customers.Talk to us to find out more.What you’ll do as a Principal Security Consultant Leading a team to meet all aspects of the cyber and information security delivery across an engineering lifecycle.Interpreting customer requirements into actionable security management plans, statements of work, and activities to be delivered across the lifecycle.Become the lead security subject matter expert for the product being delivered.Oversight and delivery associated statements of work and artefacts to time, cost and quality constraints.Identification, management and escalation of technical and delivery risks and issues.Management of the customer relationships for the cyber and information security workstream, both internal and external.Line management and mentoring of consultants within your team as required.What we need from you In addition to a passion for cyber and information security, ideally you need to haveSkillsAbility to work independently without supervision and be able make sound decisions based on the facts available at the time.Excellent written and verbal communication skills at all levels. Both internally and with customers.Core consulting skills – building client relations; adaptability to changing schedules; reliability and quality of task delivery; flexibility in working hours and locations; team player.Managing risks and services in accordance with customer, regulatory and legislative expectations.QualificationsA degree and/or master’s degree in cyber security and/or a systems or software engineering discipline – or relevant comparable experience.At least two recognised professional cyber security certifications such as CISSP, CISM, CASP/SecurityX and/or Chartership or comparable in a security related discipline (ChCSP).Knowledge and Demonstrable ExperienceOf MOD accreditation and secure by design processes (ISN2023/09), and associated policies and practices across the lifecycle.In the application of standards including NIST Special Publications (e.g. SP 800-30, 37 & 53), and/or RTCA-DO-326A/B, 355A & 356A.In the application of Defence security standards, such as Defstan 05-138 & Defstan 05-139.That extends outside of traditional enterprise IT scenarios extending to proprietary and open-source software, firmware and electronic hardware.Developing, evaluating and analysing design constraints, and detailed system and security designs as they pertain to the cyber domain.Decomposing cyber and security requirements down to the system control level.Conducting cyber and information security risk assessment activities including threat modelling, vulnerability analysis and analysis of mitigations, including technical understanding.Scoping and managing security verification and validation activities and remedial action plans.Coordinating with product engineers, system architects, and developers to provide oversight and guidance in the development of robust solutions, including advising on suitable product or platform lockdown and configurations.It would be nice if you hadExcellent understanding of the engineering lifecycle and key gate review activities.Knowledge of current Crypto technologies, Key Management Systems & practical COMSEC implementations and MOD / NCSC standards.Knowledge or experience of ARP4754A/ARP4761 and its interrelationship with security.Security ClearanceYou must be eligible for full security clearance. For more information and guidance please visit https //www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levelsLife at Leonardo With a company funded benefits package, a commitment to learning and development, and a flexible approach to working hours focused on the needs of both our employees and customers, a career with Leonardo has never offered as many opportunities or been more accessible to as many people.Flexible Working Flexible hours with hybrid working options.Company funded flexible benefits Access to private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle options (£500 annual allowance)Holidays 25 days plus bank holidays, option to buy/sell leave and to accrue up to 12 additional flexi leave days per yearPension Award winning pension scheme (up to 15% employer contribution)Wellbeing Employee Assistance Programme with access to free mental health support, financial wellbeing support and network groups to demonstrate our ongoing commitment to diversity & inclusion (Enable, Pride, Equalise, Reservists, Carers)Lifestyle Cycle to work schemeTraining Free access to more than 4000 online courses via CourseraReferral Incentive You can earn a reward for successfully referring a friend or family memberBonus Scheme in place for all employees at management level and belowFor a full list of our Company benefits please visit our website.Leonardo is a global high-tech company and one of the key players in Aerospace, Defence and Security. Headquartered in Italy, Leonardo has over 45,000 employees, of which 8,000 are based at 8 sites throughout the UK.The Leonardo Cyber & Security Division (CSD) is one of the three divisions in Leonardo UK. CSD is a pivotal innovator, helping customers deliver and secure their digital transformation. CSD is at the forefront of supplying technology and services for both civil and defence markets, in the UK and around the world, to enhance the capabilities of its Customers.This role is within our Cyber Consulting Practice, which is part of CSD. Leonardo’s Cyber Consulting practice works across a diverse array of sectors including Defence, Telecommunications, Energy and Finance to help secure national infrastructure and commerce in the UK and beyond. Our Practice is certified by the UK National Cyber Security Centre (NCSC) in the provision of advice and guidance to our customers.At Leonardo UK, we believe that a diverse and inclusive work environment unlocks our people’s full potential and drives innovation and creativity. We work hard to offer a welcoming, accessible and inclusive place to work for all of our people, creating a culture where everyone can thrive, feel safe and have a sense of belonging and connection.This is a great opportunity to bring your talents and form an integral part of Leonardo’s future. We can help you develop your skills and offer great opportunities to develop and grow, so why not join us.Primary Location GB - Yeovil - Lysander RdAdditional Locations GB - Bristol - Coldharbour LaneContract Type Hybrid Working Hybrid