Head of Cyber

Set up in 2011, Synoptix is rapidly becoming recognised as one of the UK’s most capable suppliers of systems engineering expertise and know-how. We have built up an enviable customer base in aerospace and defence and are now seeking to extend our presence and influence in the rail, transportation and public utility sectors – all of which are showing a growing appetite for the type of rigorous system engineering we advocate.

We contribute to some of the foremost engineering projects in the UK, typically supporting large and complex engineering programmes through the application of systems engineering principles. Some of our key projects include MBSE support to various submarine programmes, adaptive camouflage for the British Army, Architectural support on Typhoon and F-35 platforms, Cyber Security support to EW systems. Our customers benefit from lean delivery of agile projects, utilising best practices developed across a range of industries.

The Role

Key Responsibilities

• Support the Sales and Business Development team in winning work through the generation of proposals and support to sales meetings.
• Lead and deliver Cybersecurity work packages on behalf of Synoptix clients or as part of internal delivery programmes. This may include:
  • Development of Security Management Plans
  • Understanding and defining the capability context
  • Performance of Risk Assessments (System Driven or Component Driven)
  • Define and architect of Security Controls
  • Development of SyOps
  • Development of CoCos
  • Vulnerability Management Planning
  • Development of Key / Certificate Management Plans
  • Development of Security Case Reports.
  • Support to Security Working Groups
  • Management (but not delivery of) Penetration Testing and/or TEMPEST Testing
• Act as an SME for security requirements.
• Assist in the further development of the Synoptix Cybersecurity capability.
• Lead Cybersecurity related research programmes with Academia.
• Represent Synoptix at conferences, symposia and trade shows.

Skills and Knowledge

We are interested in any experience of the following skills but they are not essential for you to apply:

• Knowledge and application of UK Information Assurance Standards, Frameworks and supporting guidance:
  • HMG IS1 & IS2
  • ISO27000 Series
  • JSP440
  • JSP604
  • NCSC Guidance Material
  • Secure by Design
  • DefStan 05-139
  • Knowledge and application of non-UK Information Assurance Standards
• NIST SP800 (in particular NIST SP 800-53, NIST SP 800-37, NIST SP 800-160)
• NIST Guidance Material
• Knowledge of encryption standards, technologies and key/certificate management.
• Extensive experience in embedding security best practices within multi-disciplinary product teams.
• Experience in conducting security risk assessments.
• Experience of Security Management Plan (SMP) Generation
• Experience of Security Case / Security Case Report Generation
• Strong communication and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Experience scoping and management of Penetration Testing and TEMPEST Testing (nice to have)
• Knowledge of operating systems, firmware and software security controls (nice to have)
• Model Based Systems Engineering Experience (nice to have)

Qualifications

• NCSC Recognised Qualification e.g. Certified Information Systems Security Professional (CISSP)
• Full Membership of ISC2 or CIISe

Security Clearance

• SC (minimum)
• DV (preferred)

Benefits

• Annual Company Bonus
• 25 Days holiday not including bank holidays with option to buy/sell up to 5 days
• Flexible working arrangements
• Bike to work scheme
• Electric car scheme
• Private health care
• Job well done scheme
• Employee Assistance scheme

Please note that due to the nature of our projects we can only accept UK National candidates who will need to be eligible to obtain UK Security Clearance.

By applying to this position, you are confirming that you consent to the retention of your personal data. Your data is held securely on our own premises and under the terms of the Data Protection Act (2018). It will be treated as confidential, and will not be transferred to any third party, or to any other jurisdiction without your consent. We will not hold any data for any longer than is necessary for us to fulfil our obligations and will remove any data at your written request.