Local Unit & Position Description
DNV GL’s UK cyber security team provides consultancy, testing and software services to several different market segments. Its primary focus is to ensure that products and systems have appropriate safeguards in place to reduce/eliminate potential vulnerabilities that could be exploited in the field. Typical customers include technology vendors, utility companies and UK Government.
We are currently seeking a senior evaluator to lead/contribute to a range of cyber security product evaluation projects. Our customers are typically producing or procuring metering, industrial control systems and cyber physical systems for deployment in critical environments.
The ideal candidate will have extensive experience in evaluating products under the banner of Commercial Product Assurance (CPA), Common Criteria (CC) and/or other similar schemes (e.g. IEC62443). In real terms, we are looking for demonstrable experience in evaluating products against pre-defined security characteristics, via a combination of auditing, document review, design assessment, software lifecycle assessment and physical device testing (i.e. protocols, functional, fuzzing etc.) The role holder will also be able to distil complex technical requirements and results into reports that customers can understand and use efficiently to improve the security of their products.
General consultancy and business development skills are also highly desirable as the candidate will be required to both deliver and actively seek out new opportunities. The role reports to the Head of Cyber Security UK and will be based at our laboratory in Peterborough.
You will be an active member of a small, dynamic advisory team. You will be involved in a wide variety of product evaluation/testing activities and (depending on skills/experience) may be leading one or more engagements with customers at any given time.
- Delivering cyber security product evaluations, plus ad-hoc cyber security advisory work.
- Gathering insights which can be used to guide the development of cyber security testing tools to be leveraged for internal or external use.
The individual will need to take an active interest in a broad range of cyber security topics and be willing and able to watch out for and react quickly to new market opportunities.
Technical / Professional Expertise and Qualifications Required:
- Minimum of bachelor’s degree in computer science or software engineering (or more general science/maths if supplemented by enough relevant experience).
- extensive years’ experience in conducting cyber security product evaluations.
- Software development knowledge including both scripting and application programming.
- Knowledge of IT and OT security is desirable (especially OT).
- Knowledge of cryptography and its application to IT protocols and products is also desirable.
- Experience in dealing with product vendors and infrastructure companies (on a technical level) is useful.
- Ability to distil complex ideas/concepts during customer meetings, commercial negotiations, industry events etc.
- Quickly understands and analyses complex issues and problems; comes up with sound and rational judgements.
- Team player.
- Communicates in a clear, precise and structured way; speaks with authority and conviction; presents effectively.
- Ability to constructively challenge/question customers about aspects of their security design approaches.
- Actively monitoring the cyber security landscape for new opportunities and possible attack vectors.
Company & Business Area Description
DNV GL is a global quality assurance and risk management company. Driven by our purpose of safeguarding life, property and the environment, we enable our customers to advance the safety and sustainability of their business. We provide classification, technical assurance, software and independent expert advisory services to the maritime, oil & gas, power and renewables industries. We also provide certification, supply chain and data management services to customers across a wide range of industries.
Combining technical, digital and operational expertise, risk methodology and in-depth industry knowledge, we empower our customers’ decisions and actions with trust and confidence. We continuously invest in research and collaborative innovation to provide customers and society with operational and technological foresight. With origins stretching back to 1864 and operations in more than 100 countries, our experts are dedicated to helping customers make the world safer, smarter and greener.
DNV GL is a world-leading provider of digital solutions for managing risk and improving safety and asset performance for ships, pipelines, processing plants, offshore structures, electric grids, smart cities and more.
Our open industry platform Veracity, cyber security and software solutions support business-critical activities across many industries, including maritime, energy and healthcare.
Equal Opportunity Statement
DNV GL is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity!