Our client, a leading player in the Defence & Security sector, is currently seeking a Product Security Lead to join their team in Marlow on a contract basis.
Key Responsibilities:
1. Cyber Requirement Implementation
Interpret and implement US Government-flowed cyber and information-assurance requirements across the product lifecycle.
Ensure compliance with the following (non-exhaustive) set of standards and contractual flows:
DoD 8140.01 (cyber workforce qualification)
NIST SP (Apply online only) (CUI protection)
DI-IPSC-82249, DISA STIGs, DI-MGMT-82191, DI-MISC-80508
2. Product and Engineering Assurance
Define and maintain the programme Cyber Security Plan, including CUI handling, secure development practices and compliance evidence.
Lead cyber risk assessments, threat modeling and vulnerability assessments for embedded systems, software, firmware and Special Test Equipment (STE).
Guide teams on secure coding, static/dynamic code analysis, secure configuration, hardening baselines, cryptographic controls and data-at-rest/data-in-transit protection.
Ensure firmware, embedded applications and STE conform to defined security controls, logging, access control and audit requirements.
3. Programme Execution
Own the cyber schedule, deliverables and risks within the programme.
Drive timely completion of artefacts required for customer acceptance, including SSPs, POA&Ms, incident response plans, configuration baselines and security test evidence.
Coordinate with US prime/DoD representatives on security clarifications and compliance submission.
4. Governance and Compliance
Implement a compliant environment for development, test and integration, aligned to NIST (Apply online only), DFARS, STIGs and applicable ITAR/Export Control constraints.
Ensure cyber incident reporting processes are in place and tested per DFARS (phone number removed).
Support internal audit, external customer audit and formal assessment activities.
5. Technical Leadership
Provide expert coaching to firmware, software, systems and STE engineers.
Ensure cyber requirements are correctly decomposed, allocated and verified.
Act as the technical authority for all product cyber security matters on the programme.
Job Requirements:
Essential
Extensive cyber security experience in defence, aerospace or other mission-critical regulated environments.
Strong understanding of secure development for embedded systems, firmware, RTOS platforms and bespoke STE.
Demonstrable experience implementing NIST SP (Apply online only), DoD cyber requirements, and DISA STIGs on hardware/software products.
Experience producing and maintaining programme-level cyber security documentation and compliance evidence.
Ability to lead cyber work packages and influence multi-disciplinary engineering teams.
Eligibility to work with ITAR-controlled and Controlled Unclassified Information (CUI).
Desirable
US DoD 8140.01/8570 certification (e.g., CISSP, Security+, CEH).
Experience working with US primes or on US DoD-funded programmes.
Knowledge of export control, CUI marking, and classified information handling.
If you are an experienced Product Security Lead looking for a challenging and rewarding contract role in the Defence & Security sector, apply now to join our client's dynamic team in Marlow
:quality(80))
:quality(80))
:quality(80))