Job Purpose
The Cybersecurity Engineer will work in a team within the Technology Services Directorate to ensure processes and procedures meet Safety and Security requirements in ATM/ANS and adhere to statutory and regulatory requirements. This involves conducting thorough risk assessments, identifying potential vulnerabilities, and implementing effective security controls.
Main Duties and Responsibilities
* Develop and manage the programme of work in adherence to the requirements of the NIS/NIS-2 Security directive and other applicable regulation. Identify any associated gaps and implement corrective action plans to comply with the requirements of Competent Authority and/or National Cyber Security Centre and implement associated policy, procedural and technical developments as required.
* Coordinate security requirements, enhancements or replacement, of systems and equipment to meet the security specifications and requirements of safety and business cases.
* Evaluate Operational Security Policy to ensure it meets ATM/ANS operational requirements and is in accordance with industry best practices and in compliance with Regulatory requirements.
* Provide guidance and support in the management and provision of technical services and the secure design of ATM Networks & Systems, in line with industry best practice.
* Conduct risk assessments to ensure adherence to standards, guidelines, statutory and regulatory requirements.
* Investigate occurrences and provide recommendations for prevention in future to inform the incident response strategy.
* Maintain good working relationships with all key stakeholders, regulatory and oversight bodies.
* Implement the security strategy through to solution design with hands-on configuration and troubleshooting.
* Oversight ATSEP Security training provided by third party (Training Consultants, third party equipment suppliers).
* Identify areas for improvement and proactively manage such initiatives to closure.
* Develop system restore and repair procedures for critical systems failure scenarios.
* Develop security lab areas in conjunction with engineering management.
* Enhance Incident Response and recovery process and associated procedures.
* Develop strong governance processes to drive security designed solutions in consultation with relevant engineering subject matter experts and management.
* Support Director and Domain Managers as required.
* Attend relevant fora as required.
PERSON SPECIFICATION
Education, Knowledge, Experience & Skills
* A third level degree (Computer Science, System engineering or related discipline)
* Minimum of three years' relevant Safety, compliance and/or regulatory experience working with cyber security responsibilities.
* Experience of and ability to work in a GRC (Governance/Risk/Compliance) role
* Demonstrable experience or knowledge of cybersecurity best practices, security controls (firewalls, IDS and data encryption algorithms), IP networks infrastructure (routers, switches)
* Strong analytical and problem-solving skills
* Ability to think critically and identify risks
* Excellent interpersonal and communication skills
* Proven ability to work independently and as part of a team
* Excellent customer focus