We’re inventing the future, right here, right now, at Thales. We design the critical security solutions of tomorrow by combining the curiosity to explore, the intelligence to question and the vision to create. Together we solve complicated problems by combining our experience in the market with our leading research and development capabilities.
About Your Role
This permanent full-time Cybersecurity GRC Specialist reports into the Cyber System Engineering Lead on the Thales ENMP project in Melbourne. Your primary responsibilities on this project are to execute cybersecurity activities with a focus on cyber governance, risk, and compliance, to achieve a full Secure by Design lifecycle for the customer, and support the security objective of system accreditation.
The main activities of the role:
Develop the Statement of Applicability (SOA) to contain the derived system security requirements and support each of the sub-system engineering streams to embed the Security functional requirements in their product selection, design work and testing activities.
Analyse the ISM, PSPF and all applicable policies and standards to identify all relevant Security Engineering requirements to be captured in the SOA and forms the basis of the System Requirements Specifications (SRS).
Work closely with the lead engineers in every subsystem, to provide security guidance and ensure system security requirements are being implemented as per the ISM intent.
Engage closely with the lead engineers in every subsystem, and ensure that the security requirements are addressed in each of their system designs and solutions.
Contribute to the description in the System Security Plan (SSP) of the subsystems’ security design and solution and the functional security requirements.
Contribute to the identification and assessment of the security risks, to be documented in the Security Risk Management Plan (SRMP) as well as proposing mitigation options to address them.
Contribute to the test strategy and to the development of the detailed test procedures to achieve effective and re-usable testing methods for the verification of the security requirements for security accreditation.
Participate as appropriate in relevant technical meetings and strategy/planning meetings. Participate to the different sub-system engineering meetings, as well as working group with the ENMP services teams.
Contribute to the preparation activities identified for the Security Engineering activities at each of the project reviews (SRR, IBR, CDR, C/DRR, IRD, ESV and SAT).
Support where required the development of the security artefacts necessary to achieve the Security Accreditation of the system and support (Development and Test) system(s).
Support and contribute to the V&V testing activities across the range of subsystem engineering teams.
Facilitate the IRAP assessor engagement by assisting with the audit and review activities.
Engage and coordinate penetration testing activities, including the preparation of the activities, organisation of the facilities and system access. Support the development of the report and track the remediation activities and effort.
Provide cybersecurity engineering support during the Operate and Maintain phase of the project, up to the system-of-system level.
Optimise processes and work activities, focusing on the efficiency of project execution (structure, roles, interfaces, artefacts, template, re-use. coordination).
Apply and tailor as appropriate the system and cyber engineering processes, practices and tools applicable to the project.
Identify and review security risks and issues, and propose effective solutions; execute agreed mitigation actions and report on outcomes or cost savings and residual risks.
Analyse the ISM, PSPF and other standards and policies to identify potential new security requirements or constraints to the system engineering.
How About You?
A tertiary qualification in Engineering, Computer Science, IT or other relevant qualification with a focus on cybersecurity, or can demonstrate a high level of competence through career experience and self-study
Demonstrated knowledge of the engineering life cycle, from concept design, requirements capture and management, system and subsystem design, system integration through to test strategies, acceptance and support phase.
Strong ability to turn complex issues into an appropriate level of detail in a methodological manner through the application of structure systems analysis and associated engineering processes and tools.
Experience working in multi-skilled engineering teams within a matrix environment.
Solid understanding of cybersecurity and its application in the engineering of systems.
Strong appreciation and adherence to security engineering processes, and high-quality delivery.
Demonstrated ability to analyse and solve problems, working with a range of colleagues and stakeholders in a project context.
Proficient knowledge and use of DOORS.
Advanced knowledge of ISM, PSPF and NIST standards
Good to Know
You’ll get an email acknowledgement after you’ve applied, Thales strives to provide a personalised experience for all suitable applicants.
Prior to offer you’ll complete a pre-employment police and medical check.
For more information on Thales visit us @ThalesCareers on Instagram
Thales is committed to promoting and maintaining a workplace culture of shared respect that enables all of us to feel valued, do our best, and remain truly passionate about the place that we work. We encourage applications from Aboriginal and Torres Strait Islander people and individuals from diverse backgrounds. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive workplace.
Wellbeing matters at Thales, and where possible we encourage flexible working.
