System Security Officer

Location: Crawley, United Kingdom

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer. We innovate across the major industries of Aerospace, Defence, Security and Space. Your health and well-being matters to us and that’s why we offer you the flexibility to do what’s important to you; whether that’s part time hours, job sharing, home working, or the ability to flex your start and finish times. Where possible, we support a working pattern that suits your lifestyle and helps you reach your ambitions.

System Security Officer

Location: Crawley

Are you passionate about cultivating security excellence and innovation in the cloud? Join our vibrant and supportive UK TrustNest cloud platform team, where we are committed to fostering a robust DevSecOps and information assurance culture.

In this central role you will lead the efforts in threat and risk management, and take the helm in spearheading vulnerability management initiatives. You will play a vital part in embedding best practices within our development team, championing the 'Secure by Design' principles that are core to our mission.

If you are excited to make a meaningful impact and elevate our security standards, we would love to hear from you! Join us and become part of a team where your talents and expertise are celebrated and essential to our collective success.

About the role:

You will be responsible for maintaining a strong DevSecOps and information assurance culture within the UK TrustNest cloud platform team. This will include leading the threat and risk management vulnerability management and embedding best practice within the development team (including ‘Secure by Design’ principles).  In addition you will support the platform delivery teams by  contributing to use case development, supporting platform governance and maintaining continuous assurance processes associated with UK TrustNest (UKTN) in order to ensure meets it’s security requirements.

UK TrustNest is an underpinning greenfield capability forming part of the wider UK Digital Competency Centre playing a pivotal role in Thales UK’s digital transformation agenda. As a member of the team, you will be contributing to transforming how the organisation develops, deploys and manages highly assured software solutions to our Customers.

Key responsibilities:

• Risk and Vulnerability Assessments: Lead the UKTN Threat and Risk management process and participate in identifying, tracking and mitigating vulnerabilities within cloud services. 
• Cloud Security Monitoring: Assist in monitoring and maintaining the security of the Thales adopted public cloud infrastructure (e.g., AWS, Azure, Google Cloud) in compliance with government security guidelines.
• Incident Response: Lead the team on the reporting, investigation and analysis of security incidents and potential breaches within classified environments, working with the Thales UK Incident management team in order to resolve issues swiftly.
• Security Auditing: Help perform regular security audits of the UKTN cloud-based system elements to ensure compliance with security protocols and government regulations and maintain a robust reporting mechanism for compliance traceability.
• Compliance & Governance: Lead the UKTN team in ensuring that the Thales cloud environments comply with government policies, such as GDPR, NCSC guidelines, DEFSTAN 05 138 and other relevant frameworks.
• Collaboration with Development Teams: Working alongside cloud architects, developers, and engineers to ensure security is integrated into all stages of development, from design to deployment, and that the assurance principles of ‘Secure by Design’ are embedded across all SecDevOps stages.
• Technical Security Point of Contact: Be the central point of contact for UK Trustnest technical security matters and concerns, supporting the UK TrustNest team throughout the DevSecOps lifecycle and engaging with key security stakeholders inc. Cloud Security Lead and UK Information Assurance.
• Change management: Conduct security reviews of internal (UKTN) and externally connected platform related changes ensuring that Security risks, impacts and mitigations have been fully defined and recorded.
• Training & Development: Engage in continuous learning and development, including completing certifications relevant to cloud security and government standards.

About you:

• You have the ability to facilitate engagement with peers.
• You are strong in team orientation - someone who can enable others, instil a unified and collaborative atmosphere for a diverse team.
• You are eager to share knowledge and help team members develop their security awareness.
• You are committed towards continuous improvement and learning new skills and capabilities.
• You are curious about the latest developments and tools in your area(s) of expertise, passionate about innovations.
• You are open-minded, experienced or ready to adopt to new ways of working (agile).
• You are experienced and interested in the challenges associated with supporting Cloud Hosting and delivering DevSecOps in an agile environment.

Essential Skills:

• In depth and demonstrable experience in technical security support with a variety of systems and applications.
• Able to provide analytical advice on the security implications of new and existing systems/applications and for all proposed changes to said systems/applications.
• Able to interpret detailed system design documentation and identify potential security risks and mitigations to implement secure and appropriate security solutions.
• Ensure that the activities embody a compliancy approach such that Security Architecture and Services manage risk, maximising business value with appropriate security.
• Able to effectively communicate, both verbally and written, highly technical aspects of your field of expertise, to management, clients and staff at all levels.
• Knowledge of UK sovereign requirements regarding to the safe and secure build and operations of UKGOV supplier organisations. 

Desirable:

• Quantifiable experience in fundamentals of all aspects of Security technical design.
• Experience in performing formal risk assessments and production of security reporting artefacts.
• Experience in security technical support with a variety of systems and applications.
• Formal stakeholder for the successful assessment and delivery of security related change control processes.
• Experience in application of Security Frameworks: E.G. Cyber Essentials Plus, ISO27000 series, NIST-800 (including SP800-37 and SP800-53) and associated assurance activities.

Essential Experience:

• Demonstrable understanding of cloud/ Infrastructure as Code technologies;
• Demonstrable understanding of application of security principles within an agile delivery framework;
• Demonstrable experience of Secure By Design and SecDevOps Principles;
• Proven experience in assessing and managing technical risk; and
• Ability to provide technical security advice to business areas when required and to provide technical security input to the security risk registers.

Desirable:

• Recognised Security certifications e.g. CISSP, CISM, CCSK or equivalent
• Understanding of current and emerging Security technologies.
• Demonstrable understanding of Azure Stack including Security products.
• Reviewing/updating security policies and procedures.

Connect with Andreea Burcea, Talent Acquisition Partner #LI-BA1 who is eager to explore together with you this exciting opportunity.

The successful candidate will need full Security Clearance (SC) - For more information and guidance please visit the UKSV website*

Security Clearance statement

Due to the nature of the work that we do at Thales, many of our roles are subject to security restrictions.  This role requires you to be a UK National and achieve Security Clearance (SC) without any caveats. It would be advantageous if currently held, however, if not currently held, it is a requirement that the successful applicant undergo, achieve, and maintain SC Clearance prior to commencing employment.  If approved by the MOD, a dual national from a Non-ITAR country may be considered.  Please visit the UKSV website for further guidance.

To be eligible for full SC, you generally need to have resided in the UK for the last 5 years.  In some circumstances, a minimum of 3 years’ residence in the UK over the last 5 years may be accepted, with additional overseas checks.

For further details of the evidence required to apply for security clearance please follow this link  https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels .

What We Can Offer

We’re committed to giving you opportunities to be your best. We believe in embracing the passion and potential of our people, and to achieve this we offer market leading training, development and experiences, along with the opportunity to be mentored and coached by some of the smartest minds in the industry. We hire from within as our first priority, so you’ll have a variety of opportunities within our diverse, global organisation.

In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and/or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working.

Thales UK is committed to providing an inclusive and barrier-free recruitment process. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment, if you need this job advert in an alternative format or if you have any questions about the recruitment process, please contact Resourcing Ops for mid to senior roles, or the Early Careers Team for graduate and apprentice roles.

Great journeys start here, apply now!