Information Assurance Technical Security Specialist

Location: Crawley, United Kingdom

In fast‑changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security, and space, our architects design innovative solutions that make tomorrow possible.

Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better and keep us safer. We innovate across the major industries of Aerospace, Defence, Security and Space. Your health and well‑being matters to us and that’s why we offer flexibility: part‑time hours, job sharing, home working, or flexible start and finish times, where possible, to support a working pattern that suits your lifestyle.

Information Assurance/Technical Security Specialist

Reporting to the Thales UK Deputy CISO, the Information Assurance/Technical Security role involves the identification of applicable technical security requirements and their cost‑effective security controls, as well as continual through‑life security assurance of Thales IS environments.

Location: Crawley / Doncaster, but we will consider other Thales locations.

• Performance‑Related Bonus
• Half day every Friday, usually finishing around 13:00
• Hybrid Working
• Pension Scheme
• 28 days annual leave (plus Bank Holidays)
• Life Cover
• 24/7 Employee Assistance Program and access to a mental wellbeing app
• Employee discount shopping schemes on major brands and retailers
• Gym membership discounts

• Technical Security: Support Thales UK in ensuring all IS/IT technical security measures are implemented, enhanced, and developed where necessary, to ensure successful and timely security assurance via ongoing through‑life continuous assurance and compliance programmes.
• Technical Security PoC: Provide a central PoC for all IS/IT technical security matters and concerns, supporting delivery teams and businesses throughout project lifecycles.
• Change management: Conduct security reviews of internal/external platform‑related changes ensuring risks, impacts and mitigations are managed appropriately.
• Cloud Security: Provide security guidance around secure deployment and usage of Thales‑adopted public cloud infrastructure and/or SaaS services (e.g., Azure) in compliance with government security guidelines, Thales policy and industry‑accepted “good practices.”
• Compliance & Governance: Ensure Thales on‑premises and cloud environments comply with government policies such as Cyber Essentials, DefStan 05‑138, UK GDPR, NCSC guidelines and other contractual and regulatory frameworks.
• Evidence Continual Security Assurance: Create, maintain and review all IS/IT technical security documentation, policies and procedures associated with Thales’ IS/IT networks, systems and applications, as per customer (primarily HMG UK MOD) and Thales Group policy.
• Incident Response: Report, investigate and analyse security incidents and potential breaches within classified environments, working with the Thales UK Incident management team to resolve issues promptly.
• IS/IT Squad Engagement: Develop security requirements, epics and stories, and provide governance to squads to ensure data protection and data security are included in scope of IS/IT squad activities, initiatives and projects.
• Risk Focused Delivery: Work collaboratively with other team members to ensure proposed solutions provide required security assurance in line with data processing requirements, Thales and customer risk appetites.
• Risk Management: Develop and coordinate implementation of formal and regular technical risk and compliance assessments of Thales’ IS environments, recommending remedial action.
• Third Party CoCo Assurance: Provide assurance and ensure successful delivery of all Code of Connections (CoCos), associated cryptographic products, key material and required documentation.
• Training & Development: Engage in continuous learning and develop less experienced Thales UK staff.

• Demonstrable experience applying security principles within an agile delivery framework.
• Subject‑matter expertise in evaluating and implementing technical security products for public or private organisations.
• Experience identified, assessed and managed technical security risks, developing mitigation strategies and tracking residual risk.
• Experience managing assurance and/or compliance activities associated with a defined security standard (ISO 27001, Def‑Stan 05‑138, NIST SP 800‑*, NIST CSF).
• Experience developing security assurance frameworks and governance models.
• Experience performing formal risk assessments and producing security reporting artefacts in on‑premises and cloud environments.
• Subject‑matter expertise in evaluating and implementing technical security products for MS Office 365 and Azure.
• Effective communication of highly technical security concepts to management, clients and staff at all levels.
• Interpretation of detailed system design documentation to identify potential security risks and recommend mitigations at appropriate levels.
• Interpretation of security standards and derivation of solution‑specific requirements, assessing solutions against those standards for compliance.
• Analytical advice on security implications of new and existing systems and proposed changes.
• Provision of technical security input to business areas and risk registers.
• Demonstrable understanding of security across network, infrastructure and applications on‑premises and cloud (MS Azure, Oracle, AWS, PaaS, IaaS, SaaS).
• Ensure compliance with MOD/UK Government security governance frameworks.
• Ensure activities embody a compliant approach such that Security Architecture and Services manage risk, maximizing business value with appropriate security.
• In‑depth experience of technical security issues and remediation across system and application platforms.
• Working knowledge of UK Government and MOD security standards (Def Stan 05‑138 v4, DEFCON, NCSC cloud security principles).
• Info. Security Qualification: MSc (InfoSec)/CISSP/CISM or similar certifications.

• Understanding of Azure Stack and its security products.
• Current Cloud Security Qualification (e.g., CCSK, CCSP).
• Understanding of Office 365 Stack and associated security risks.
• Knowledge of emerging security technologies.
• Qualifications: AZ‑500, CCSP, CISSP, SABSA.

This role requires SC Clearance. It would be advantageous if currently held. If not, the successful applicant will undergo, achieve and maintain SC Clearance. For further guidance, please visit the UKSV website. To be eligible for full SC, you generally need to have resided in the UK for the last 5 years; a minimum of 3 years’ residence may be accepted in some circumstances with additional overseas checks.

Candidates will be asked to provide evidence of identity, eligibility to work in the UK and employment/education history for up to three years. Some vacancies may require full Security Clearance requiring further evidence. For detailed evidence, refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.

Thales provides CAREERS, not just jobs. With 80,000 employees in 68 countries, our mobility policy enables career development at home and abroad. We embrace inclusivity and barrier‑free recruitment, offering reasonable adjustments for neuro‑diverse applicants or those with disabilities or long‑term conditions. For adjustments or alternative formats, contact our Resourcing Ops for mid to senior roles or the Early Careers Team for graduate and apprentice roles.

Great journeys start here – apply now!