Information Assurance Specialist
Surrey
£50,00 to £55,00 Per Hour (Inside IR35) 


Purpose of the Role

We are seeking an experienced and detail-oriented Information Assurance Specialist to ensure the security and integrity of systems, data, and processes within our organisation. The ideal candidate will focus on protecting information, designing secure systems, and ensuring compliance with industry standards—with a primary emphasis on FIPS (Federal Information Processing Standards) compliance. This role spans across software, hardware, and system architecture to safeguard against cyber threats and ensure the confidentiality, integrity, and availability of critical systems.
 

Key Responsibilities:
Software Security:

• Perform comprehensive code reviews to identify and mitigate potential security vulnerabilities.
• Design and implement secure communication protocols for embedded systems.
• Conduct rigorous testing to ensure software adheres to security standards, including encryption and secure boot mechanisms.
• Monitor software systems for unauthorized access, malicious activity, and vulnerabilities.

Hardware Security:

• Collaborate with hardware engineers to embed security features such as trusted platform modules (TPMs) and hardware encryption.
• Ensure that programmable logic devices and other hardware components are tamper-resistant.
• Test hardware for vulnerabilities, including side-channel attacks and backdoor exploits.

Systems Architecture Security:

• Define and document security requirements aligned with organizational goals and FIPS compliance.
• Conduct risk assessments to identify and mitigate potential system-level threats.
• Guide software and hardware teams to integrate secure practices into designs.
• Monitor and manage the system’s security throughout its lifecycle, addressing emerging threats proactively.

Risk Assessment and Incident Response:

• Identify security risks across hardware, software, and systems architecture.
• Propose and implement mitigation strategies to reduce these risks.
• Develop and test incident response plans for potential breaches or system compromises.

Compliance and Standards:

• Ensure projects meet compliance requirements with FIPS, ISO 27001, NIST, and other relevant industry standards.
• Keep the team updated and compliant with applicable regulations in industries such as defense, aerospace, and critical infrastructure.
• Security Testing and Validation:
• Conduct penetration testing and vulnerability scanning across software and hardware.
• Validate the effectiveness of security measures, including encryption and access controls.
   

Experience & Skills required:
Technical Expertise:

• Strong understanding of software development, hardware systems, and system architecture.
• Expertise in encryption, access control, secure design principles, and risk management.

Cybersecurity Knowledge:

• Proficiency in tools for vulnerability scanning, penetration testing, and risk assessment.
• Hands-on experience with security standards such as FIPS, DISA STIGs, and NIST frameworks.

Collaboration and Leadership Skills:

• Proven ability to work closely with multidisciplinary teams, including software engineers, hardware designers, and systems architects, to embed security into designs.

Required Experience:

• 5 years of experience in cybersecurity, information assurance, or related roles.
• Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CEH (Certified Ethical Hacker) are highly desirable.
   

apply to anthonii.oakehudsonshribman.co.uk