Reading, United KingdomThales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity.
We are ground breaking new digital technologies such as 4G mobile communications, cryptography, cloud computing and big data for use in physical protection systems, and critical information systems.
Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer.
We innovate across five major industries; Aerospace, Defence, Ground Transportation, Security and Space. Your health and well-being matters to us and that’s why we offer you the flexibility to do what’s important to you;
whether that’s part time hours, job sharing, home working, or the ability to flex your start and finish times. Where possible, we support a working pattern that suits your lifestyle and helps you reach your ambitions.
Primary Purpose of the Role :
To provide business driven, cost effective advice on the design for Industrial Control Systems (ICS) customers that follows international standards and guidance :
Advise clients on regulation and standards that are applicable to the sector of operation.
Provide guidance on how a client can turn their enterprise requirements into secure ICS designs.
Undertake asset discovery activities to identify an ICS estate.
Identify the vulnerabilities in the ICS environment and provide advice on mitigations.
Support the design of secure operational environments.
Support clients in the development of policies and procedures to contribute to the resiliency of organisations and their ICS environments.
Support early client engagement to develop business opportunities.
Act as a trusted advisor to clients undertaking change activities.
Principle Relationships :
Internally with :
Head of Cyber Security and Network Engineering
Principal Industrial Controls Consultant
NDEC Technical Lead
Externally With :
Customer representatives from shop floor to Board level, including Government’s National Technical Authorities.
Key Responsibilities and Tasks :
Assists customers in the routine application and interpretation of OT security legislation, standards, policies and practices.
Undertakes Asset discovery activities.
Production of ICS network diagrams.
Develop security evidence as required and specified by the customer to enable the effective investment decisions.
Check or report compliance with applicable security standards and procedures.
Selects or creates an appropriate methodology for use across the client programme.
Identifies ICS risks which are systemic across the programme or business.
Understands and provides guidance on the threat environment.
Recommends implementation of new ICS security controls across the programme or enterprise to provide more cost effective risk mitigation in the long term and ensures these are traceable.
Plans and manages delivery of an ICS work programme.
Skills and Experience
Skills : Essential
Understanding of industrial control systems device configuration and possesses the ability to test, diagnose, configure and maintain control systems.
Articulate how security in the connected world is best implemented at the point where IT meets other industry domains such as manufacturing / CNI.
An understanding of the threats arising from the exploitation of vulnerabilities in the attack surfaces created across a distributed system and how these can be managed.
Understanding of how to secure a network using technologies and security protocols.
Undertake vulnerability assessments of networks and devices using tools and databases to produce a contextualised list of vulnerabilities.
Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls.
Selection of appropriate security components to provide security enforcing functions that can be justified through the evaluation of component's security function and implementation.
Demonstrate a working knowledge of the Policies and Standards that are required for systems operating in a controlled environment.
Such as ISO, industry specific for Nuclear / CNI / transportation or government / department policies.
Production of security risks through identification of vulnerabilities, assessment of exposure, likelihood and severity of the risk in a quantitative or qualitative format that follows an industry recognised risk assessment methodology.
Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security posture.
Ability to plan control, report and manage the risk for a defined package of work to ensure delivery of on time, budget and quality products.
Experience : Essential
Working in an Industrial Control / Operational Technology environment such asAutomated manufacturing facility;Utility provider;
Critical National Infrastructure.
Previously employed in a security related role
In line with Thales' Baseline Security requirements, candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment and / or education history for up to three years.
Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.
At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields.
Together we believe that embracing flexibility is a smarter way of working. Great journeys start here,