Cyber Security Engineer

Everything we do is built on a commitment to do the right thing for our customers, our people and our community. Our mission and our values guide the way we do business. The foundation of our Leidos culture is our Values, Beliefs and Expectations by which we select, recognise and reward employees. They create the environment that drives us toward our mission.

Inspired to make a difference, we are committed to solving the world’s toughest problems. Passionate about customer success by being determined to understand and respond to our customers’ needs as if they were our own.

United as a team, we are bound together by our conviction that ethics and integrity is core to how we operate.

Because of a key strategic development and a new exciting business opportunity, we have a requirement for a security-cleared Cyber Security Engineer based in the UK working at our Farnborough site and remotely.

Leidos has more than 30 years’ experience of developing and running some of the largest government systems in the world. We are currently hiring to expand our UK based technical team who support our delivery for the UK Govt.

Come join our team and further develop your skills as we deliver and support systems key to the defence of the UK and partner nations.

Being part of the Leidos team is a commitment to push yourself and those around you to do better, constantly adapt and learn new technologies. We’re a passionate team and are committed to developing and growing our staff.

Leidos is a global science and technology solutions leader working to solve the worlds toughest challenges in the defence, intelligence, homeland security, civil, and health markets. The companys 33,000 employees support vital missions for government and commercial customers.

What Will You Be Doing?

As a result of some exciting programme wins, we currently have a permanent vacancy for a Cyber Security Engineer to support the development and transition into live of a new IT application and infrastructure solution providing support to a critical operational end user.

Leidos is seeking an enthusiastic protective security specialist to lead the implementation and assurance of security within a key defence project. The incumbent will possess specialist skills in all areas of protective and information security and have demonstrable experience of applying security frameworks such as Government Functional Standard .

You will be joining a team of highly skilled and highly motivated individuals who are working on one of the UKs leading programmes.

Required Skills:

The Cyber Security Engineer plays a crucial role in protecting THOR IT infrastructure by using a blend of technical expertise and strategic planning to ensure that the digital infrastructure remains secure from various types of attacks and vulnerabilities. You will be responsible for planning and implementing appropriate security controls to ensure that the information within THOR is kept secure.

Key functions/outputs:

1. Vulnerability Scanning & Reporting

2. Endpoint Security

3. Incident Management & Tickets

4. System Hardening

5. Change Work

6. Participation in Regular Meetings

7. Documentation

Main Objectives:

Vulnerability Scanning & Reporting

Perform regular vulnerability scans and generate reports utilising the below tool sets or similar. The process should be focused on ensuring that the below tool sets are kept up to date and ensure that scans are performed regularly to help assist the Vulnerability and Patch Manager with identifying weaknesses in the system.

• Code Scans: perform regular code scans to audit code quality metrics, potential bugs, and security vulnerabilities.

• Vulnerability Management Tooling: perform regular Vulnerability Management Scans and ensure that the warehouse and plugins are kept up to date to capture new vulnerabilities.

• Reporting: assist the Vulnerability and Patch Manager with generating regular vulnerability management reports, which are to be provided to the THOR cyber security and IA lead.

Endpoint Security:

• Endpoint Protection: perform regular updates to Endpoints to ensure the latest packages are applied and policies are amended to keep up to date with new and emerging threats.

• Antivirus and Anti-malware Protection: perform compliance checks to ensure that antivirus and anti-malware protection is deployed successfully and being kept up to date by the relevant team.

• Network Controls: perform compliance checks and regular audits of network controls (i.e. firewall rules) to ensure that unauthorised access and threats are being blocked.

• Access Control: ensuring that access controls have been implemented correctly to only allow authorised users to gain access to certain data and systems.

Incident Management & Tickets:

• Incident Identification: help to recognise and confirm potential incidents through alerts, logs and user reports. This includes distinguishing between true threats and false positives.

• Incident Response: respond to potential security breaches or cyber-attacks. The main effort should focus on containment, mitigating the damage, investigation of the root cause of the incident and restoring to normal operations.

• Ticket Requests: respond to and resolve any tickets raised to the Leidos Security group on SD+ that require Cyber Security Engineering input.

System Hardening:

• Patch Updates to Security Products: ensure that the security tool sets are kept up to date with regular security patches and software updates to fix vulnerabilities and improve system security.

• System Compliance: perform regular system compliance audits and updates to ensure that the systems are compliant with industry best practices. This includes CIS, STIG, NIST etc.

• Security Enforcing Function Configuration: Assist in the design, reviews and updates to security enforcing functions (i.e. GPOs or System Policies) and system controls to ensure that they are compliant and fit for purpose.

• Vulnerability Assessments: conduct periodic assessments to identify and address potential vulnerabilities.

Change Work:

• Security Impact Triage Tool (SITT): Assist in evaluation and impact assessment of system change to security posture of the environments.

• Security Evaluation, Testing and Assurance (ST&V): perform Security, Evaluation, Testing and Assurance activities for any new changes that are planned in as part of PI Planning.

Participation in Regular Meetings:

Cyber Security Engineers are expected to lead or attend numerous meetings that require their input. This may include the following depending on work activity.

• Security Working Group (SWG

• Vulnerability Triage

• Security Workshop

• PI Planning

• Daily Standups (Blue/Green Team)

Documentation:

Cyber Security Engineers are responsible for creating, maintaining and reviewing detailed documentation. This includes High-Level & Low-Level Designs (HLD/LLD), Standard Operating Procedures (SOP) and compliance reports, and other ad-hoc security documentation, etc.

Clearance Requirements:

• Clearance to Start SC

• Clearance for Role DV

Intrigued? We’d love to hear from you...

What we do for you:

At Leidos we are PASSIONATE about customer success, UNITED as a team and INSPIRED to make a difference. We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance.

We provide an employment package that attracts, develops and retains only the best in talent. Our reward scheme includes:

• Contributory Pension Scheme

• Private Medical Insurance

• 33 days Annual Leave (including public and privilege holidays)

• Access to Flexible benefits (including life assurance, health schemes, gym memberships, annual buy and sell holidays and a cycle to work scheme)