Jacobs Jobs

Job Information

Jacobs Cyber Security Engineer – Northwest in Moor Row, United Kingdom

Your Impact:

At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed – today and into tomorrow. With more than 55,000 people in 40+ countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities.

People are Jacobs’ greatest asset, and we offer a competitive package to retain and attract the best talent.

In addition to the benefits you’d expect, UK employees also receive free single medical cover and digital GP service, family-friendly benefits such as enhanced parental leave pay and free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations.

Work-life balance and flexibility is a key focus area for Jacobs. We’re happy to discuss hybrid, part-time and flexible working hours, patterns and locations to suit you and our business.

About the Opportunity

The Security Operations team manages requirements in relation to cyber security and other technical aspects for the Cyber Programme. Based in the Northwest of England and reporting to the Senior Cyber Client, we seek suitably qualified, Blue Team Cyber Security Engineers to operate with the Security Operations team to provide cyber security support and through-life technical author definition against a key set of disciplines.

Reporting to the Head of Nuclear, you will perform IT and OT cyber security consultancy and security engineering work for a major nuclear client. By providing crucial support to the Security Operations Team, you will support them in delivering their key cyber security role in accordance with the programme, its activities during the term of the programme, and its ultimate goals.

This role is 80% site based and 20% remote.

Key Responsibilities

• Provide security engineering design support by

o Producing design installation packs

o Reviewing design deliverables and collating comments

o Validating security architecture documentation prior to intelligent client review

o Attending design reviews

o Respond to technical queries (TQs) as subject matter expert (SME)

• Forensic capability implementation (including documentation) across Site Security Architecture Upgrade, Security Management System, Emergency Management System, SIEM

• Configuration, implementation, and management of change control across different engineering environments.

• Maintain the Mitre ATT&CK documentation to reflect tactics, techniques, and procedures (TTPs), validate use cases, and allow creation of the relevant rules for the tooling

• Implement the identified rules and alarms into the relevant technologies across the environments

• Validate log sources, events, and ensure these are integrated and processed correctly by the relevant technologies

• Rule tuning and configuration validation for associated tooling

• Technical validation of controls in place i.e., prove and document the controls protect and detect against identified threats prior to production and during production for the first 6 months

• Provide assurance and configuration management of business requirement specifications in accordance with facility risk assessments and countermeasures

• Preparation of test plans, scripts, use cases for technology solutions with oversight of supply chain product development and works & site acceptance testing.

• Supporting final commissioning and handover to ‘Security and Resilience’ service arrangements (Operations and Maintenance)

• Commissioning of the networked systems including handover to Operations

What you can expect from us

• Training towards professional certifications.

• 1 to 1 mentorship led by seasoned professionals.

• The chance to work across an exciting and diverse portfolio of work to help you grow your experience.

Here’s What You’ll Need:

Qualifications

• Cybersecurity & Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) Training

• AttackIQ - MITRE ATT&CK

• SANS Global Industrial Cyber Security Professional (GICSP)

• SANS Global Industrial Cyber Security Professional (GRID)

• Certified Information Systems Security Professional (CISSP)

We have a strong team culture at Jacobs where every member strengthens the team with their own experience, so even if you feel you don’t have experience in everything listed below, we’d still like to hear from you.

Experience

• Delivery of cybersecurity support/services in the civil nuclear sector and/or equivalent regulated industry

• Incident Response and Digital Forensics

• Continuous monitoring

• Demonstrable experience in the production of monitoring strategies and collection frameworks across both IT Enterprise and OT environments as part of their detect and respond capabilities for both SIEM and incident response capabilities.

• Knowledge of using attack MITRE ATTACK framework to show areas of focus required with regards to Tactics, Techniques and Procedures (TTPs)

• Interpersonal skills that enable effective stakeholder engagement at all levels

• Demonstrable experience/knowledge of relevant national and international laws and standards related to cybersecurity in the civil nuclear sector

• Ability to lead on external issues (legislative, regulatory, best practice standards etc) relevant to cybersecurity

• Strong influencing skills and stakeholder management skills, able to wield influence over other senior leaders in the organisation

• Ability to think and plan strategically.

Disciplines

• Practical experience of (nuclear) engineering environments, including safety cases

• Practical experience of developing IT and/or OT cyber security assessment approaches to ensure pro-active identification of threats, leading into proactive delivery of Jacobs’ cyber security services to clients

• Experience of undertaking cyber security risk assessments in OT environments and providing a risk mitigation strategy to the client

• Understanding of how OT environments, and systems within, function and how best to apply security practices to protect those systems

• Understanding of control system design considerations with emphasis on operational safety and the availability/security of operating environments in the Nuclear sector

Technologies

• Working knowledge and hands-on experience in a variety of operating systems ranging from Windows NT to Windows 10 and Linux Distributions

• Working knowledge and practical experience of IT environments

• Working knowledge and hands-on practical experience of OT environments including associated technologies such as DCS, EWS, HMI, IIoT, PLC, RTU, SCADA, SIS, etc.

• Experience of security engineering and associated solutions (Endpoint Protection, IDS/IPS, Firewalls, etc.) for IT and/or OT environments

• Working knowledge and understanding of networking technologies including architectures, key components, and common IT/OT protocols

Standards & Frameworks

• EU NIS Directive

• ISA/IEC 62443 Series / ISO 27000 Series

• MITRE ATT&CK and ATT&CK for ICS

• NIST Cyber Security Framework (CSF)

• Office for Nuclear Regulation (ONR) Security Assessment Principles, Technical Assessment Guides, and supplementary guidance

Sectors

• Experience working within the Nuclear sector

General

• A passion for security

• Excellent presentation and written skills.

• Ability to analyse and break down complex problems

• Currently hold SC clearance

• Ability to work in a team and independently

• UK domestic and International travel may be required at times

Our Culture

Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs.

We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we’re more connected, and if we are diverse, we’re more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you’re pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity – ACE, Careers, Enlace, Harambee, OneWorld, Prism, Vetnet, and Women’s – find out more about our employee networks here.

Jacobs partners with VERCIDA to help us attract and retain diverse talent. For greater online accessibility please visit www.vercida.com to view and access our roles. As a Disability Confident employer, we will interview all disabled applicants who meet the minimum criteria for a vacancy. We welcome applications from candidates who are seeking flexible working and from those who may not meet all the listed requirements for a role

If you require further support or reasonable adjustments with regards to the recruitment process (for example, you require the application form in a different format), please contact the team.

Your application experience is important to us and we’re keen to adapt to make every interaction even better. We welcome feedback on our recruitment process and if you need more from us before deciding to join Jacobs then please let us know.

DirectEmployers