Description Cyber Security EngineerLocation:Farnborough, UK (Hybrid Working Policy)Clearance: High level ofsecurity clearance (SC/ DV 'Developed Vetting')Everything we do isbuilt on a commitment to do the right thing for our customers, ourpeople and our community. Our mission and our values guide the waywe do business. The foundation of our Leidos culture is our Values,Beliefs and Expectations by which we select, recognise and rewardemployees. They create the environment that drives us toward ourmission.Inspired to make a difference, we are committed to solvingthe world’s toughest problems. Passionate about customer success bybeing determined to understand and respond to our customers’ needsas if they were our own.United as a team, we are bound together byour conviction that ethics and integrity is core to how weoperate.Looking for an opportunity to make an impact?..Because of akey strategic development and a new exciting business opportunity,we have a requirement for a security-cleared Cyber SecurityEngineer based in the UK working at our Farnborough site andremotely.Leidos has more than 30 years’ experience of developingand running some of the largest government systems in the world. Weare currently hiring to expand our UK based technical team whosupport our delivery for the UK Govt.Come join our team and furtherdevelop your skills as we deliver and support systems key to thedefence of the UK and partner nations.Being part of the Leidos teamis a commitment to push yourself and those around you to do better,constantly adapt and learn new technologies. We’re a passionateteam and are committed to developing and growing our staff.Leidosis a global science and technology solutions leader working tosolve the world's toughest challenges in the defence, intelligence,homeland security, civil, and health markets. The company's 33,000employees support vital missions for government and commercialcustomers.What Will You Be Doing?As a result of some excitingprogramme wins, we currently have a permanent vacancy for a CyberSecurity Engineer to support the development and transition intolive of a new IT application and infrastructure solution providingsupport to a critical operational end user.Leidos is seeking anenthusiastic protective security specialist to lead theimplementation and assurance of security within a key defenceproject. The incumbent will possess specialist skills in all areasof protective and information security and have demonstrableexperience of applying security frameworks such as GovernmentFunctional Standard 007.You will be joining a team of highlyskilled and highly motivated individuals who are working on one ofthe UKs leading programmes.Required Skills:The Cyber SecurityEngineer plays a crucial role in protecting IT infrastructure byusing a blend of technical expertise and strategic planning toensure that the digital infrastructure remains secure from varioustypes of attacks and vulnerabilities. You will be responsible forplanning and implementing appropriate security controls to ensurethat the information within is kept secure.Key functions/outputs:1.Vulnerability Scanning & Reporting2. Endpoint Security3.Incident Management & Tickets4. System Hardening5. ChangeWork6. Participation in Regular Meetings7. DocumentationMainObjectives:Vulnerability Scanning & ReportingPerform regularvulnerability scans and generate reports utilising the below toolsets or similar. The process should be focused on ensuring that thebelow tool sets are kept up to date and ensure that scans areperformed regularly to help assist the Vulnerability and PatchManager with identifying weaknesses in the system.Code Scans:perform regular code scans to audit code quality metrics, potentialbugs, and security vulnerabilities.Vulnerability ManagementTooling: perform regular Vulnerability Management Scans and ensurethat the warehouse and plugins are kept up to date to capture newvulnerabilities.Reporting: assist the Vulnerability and PatchManager with generating regular vulnerability management reports,which are to be provided to the cyber security and IA lead.EndpointSecurity:Endpoint Protection: perform regular updates to Endpointsto ensure the latest packages are applied and policies are amendedto keep up to date with new and emerging threats.Antivirus andAnti-malware Protection: perform compliance checks to ensure thatantivirus and anti-malware protection is deployed successfully andbeing kept up to date by the relevant team.Network Controls:perform compliance checks and regular audits of network controls(i.e. firewall rules) to ensure that unauthorised access andthreats are being blocked.Access Control: ensuring that accesscontrols have been implemented correctly to only allow authorisedusers to gain access to certain data and systems.IncidentManagement & Tickets:Incident Identification: help to recogniseand confirm potential incidents through alerts, logs and userreports. This includes distinguishing between true threats andfalse positives.Incident Response: respond to potential securitybreaches or cyber-attacks. The main effort should focus oncontainment, mitigating the damage, investigation of the root causeof the incident and restoring to normal operations.Ticket Requests:respond to and resolve any tickets raised to the Leidos Securitygroup on SD+ that require Cyber Security Engineering input.SystemHardening:Patch Updates to Security Products: ensure that thesecurity tool sets are kept up to date with regular securitypatches and software updates to fix vulnerabilities and improvesystem security.System Compliance: perform regular systemcompliance audits and updates to ensure that the systems arecompliant with industry best practices. This includes CIS, STIG,NIST etc.Security Enforcing Function Configuration: Assist in thedesign, reviews and updates to security enforcing functions (i.e.GPOs or System Policies) and system controls to ensure that theyare compliant and fit for purpose.Vulnerability Assessments:conduct periodic assessments to identify and address potentialvulnerabilities.Change Work:Security Impact Triage Tool (SITT):Assist in evaluation and impact assessment of system change tosecurity posture of the environments.Security Evaluation, Testingand Assurance (ST&V): perform Security, Evaluation, Testing andAssurance activities for any new changes that are planned in aspart of PI Planning.Participation in Regular Meetings:CyberSecurity Engineers are expected to lead or attend numerous meetingsthat require their input. This may include the following dependingon work activity.Security Working Group (SWGVulnerabilityTriageSecurity WorkshopPI PlanningDaily Standups (Blue/GreenTeam)Documentation:Cyber Security Engineers are responsible forcreating, maintaining and reviewing detailed documentation. Thisincludes High-Level & Low-Level Designs (HLD/LLD), StandardOperating Procedures (SOP) and compliance reports, and other ad-hocsecurity documentation, etc.Clearance Requirements: Clearance toStart SCClearance for Role DVIntrigued? We’d love to hearfrom you...What we do for you:At Leidos we are PASSIONATE aboutcustomer success, UNITED as a team and INSPIRED to make adifference. We offer meaningful and engaging careers, acollaborative culture, and support for your career goals, all whilenurturing a healthy work-life balance.We provide an employmentpackage that attracts, develops and retains only the best intalent. Our reward scheme includes:• ContributoryPension Scheme• Private MedicalInsurance• 33 days Annual Leave (including publicand privilege holidays)• Access to Flexiblebenefits (including life assurance, health schemes, gymmemberships, annual buy and sell holidays and a cycle to workscheme)• Dynamic Working Commitment toDiversity:We welcome applications from every part of the communityand are committed to a truly diverse and inclusive culture. We foster a sense of belonging, welcoming all perspectives andcontributions, and providing equal access to opportunities andresources for everyone. If you have a disability or need anyreasonable adjustments during the application and selection stagesplease let us know, and we will respond in a way that best fitsyour needs.Who We Are:Leidos UK & EUROPE – we work to make theworld safer, healthier, and more efficient throughtechnology, engineering and science.Leidos is a growingcompany delivering innovative technology and solutions focused onsafeguarding critical capabilities and transformation in frontlineservices, our work in the United Kingdom includes addressing someof the most complex problems in defence, healthcare, government,safety and security, and transportation.What Makes UsDifferent:Purpose: you can use your passion and abilities at Leidosto keep the people you care about safe. We are at the forefront ofmachine learning, AI, cyber security and solutions. Using yourskills in the technology frontline by helping to build a saferworld. You can inspire change.Collaboration: havingflexibility to do your job is one of our core benefits, enablingyou to become part of our extraordinary team. We have beenempowering our people to work flexibly for years. Whether youwork from home, the office or on customer sites, we will give youthe digital tools and the flexibility to work smarter and alignyour needs andours. People:Leidos empowers people from every background to be themselves andgives you the tools to learn new skills by enabling growth whilstdeveloping. We believe that extraordinary people need opportunitiesto grow, to be inspired and to inspire others. At Leidos, we investin technical academies, career rotations and a career developmentplans that enhance your future. #theoOriginal Posting:For U.S.Positions: While subject to change based on business needs, Leidosreasonably anticipates that this job requisition will remain openfor at least 3 days with an anticipated close date of no earlierthan 3 days after the original posting date as listed above.PayRange:The Leidos pay range for this job level is a generalguideline only and not a guarantee of compensation or salary.Additional factors considered in extending an offer include (butare not limited to) responsibilities of the job, education,experience, knowledge, skills, and abilities, as well as internalequity, alignment with market data, applicable bargaining agreement(if any), or other law.
