Aerospace Cybersecurity Technical Lead

This role will lead the technical delivery of cybersecurity artefacts aligned to EASA, UK CAA and associated airworthiness regulations. You will support developing and refining our client's Airworthiness Security Process (AWSP) and oversee the creation of core artefacts to support certification. This client-facing role ideally suits someone with deep experience in aerospace system security, airworthiness security assurance, and regulatory alignment. You will be a trusted advisor to engineering teams and Expleo cybersecurity consultants, ensuring best-practice alignment, efficient delivery, and high-quality outputs across the certification lifecycle.

Responsibilities

Act as the technical lead for cybersecurity delivery to aerospace clients, ensuring alignment with the development roadmap and certification programme.
Provide subject matter expertise on airworthiness security, system security engineering, and certification artefact production aligned to EASA and UK CAA expectations.
Lead the development and review of cybersecurity documentation, including the PSecAC (Airworthiness Security Process Plan), PASRA (Preliminary Aircraft Security Risk Assessment), ASAM (Aircraft Security Architecture Model), and Security Verification Methods.
Provide input into the AWSP frameworks, including the tailoring of compliance checklists, activity outcomes, and document templates.
Ensure traceability between security risk assessments, controls, and compliance objectives across the aircraft systems and software architecture.
Coordinate the development of cybersecurity methods and processes, contributing to their alignment with recognised standards.
Engage with DAG's internal stakeholders, including engineering, safety, and systems integration teams, to embed cybersecurity into the design and certification lifecycle.
Act as the primary technical interface for cybersecurity between Expleo and clients, supporting queries, reviews, and audits.
Support internal QA and delivery governance for all security engineering artefacts, ensuring consistency, rigour, and traceability to certification requirements.
Provide mentoring and support to Expleo consultants embedded in the client workstreams, sharing knowledge and building internal aerospace security capability.

Qualifications

A degree (or equivalent experience) in Aerospace Engineering, Systems Engineering, Cybersecurity, or a related technical discipline.
Recognised cybersecurity certifications (e.g., CISSP, CISM, GICSP, CCSK) and/or relevant systems engineering accreditations (INCOSE ASEP/CSEP).
Formal training or applied experience with aviation cybersecurity standards such as ED-202A/DO-326A, DO-355A, ED-203A, DO-356A.

Skills

In-depth knowledge of aircraft systems, avionics networks, data buses (ARINC 429, AFDX), and embedded platform architectures.
Strong grasp of cybersecurity engineering principles in the context of safety-critical systems and regulated environments.
Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes.
Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios.
Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance objectives.
Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders.
Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments.

Experience

Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments.
Proven track record of delivering security artefacts in support of product certification or aircraft programme development.
Previous experience supporting or working within a DOA or similar regulated environment.
Hands-on involvement with aircraft-level cybersecurity engineering, including network segmentation, security zones, access control, and data integrity assurance.
Experience working across multi-disciplinary teams involving engineering, avionics, software, safety, and regulatory specialists.
Familiarity with regulatory alignment processes and compliance checklists for EASA and/or UK CAA cybersecurity requirements
Experience supporting cybersecurity assurance within other EASA/UK CAA-regulated aerospace programmes.
Familiarity with Capella, Polarion, or other MBSE platforms in the context of security architecture and systems modelling.
Practical understanding of Secure Software Development Assurance (SSDA) and interaction between security and safety lifecycles.
Experience responding to regulatory audits, design reviews, and certification authority engagements.
Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity.
Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM).
Ability to contribute to internal capability development, methodology refinement, and knowledge transfer across delivery teams.

Benefits

Collaborative working environment - we stand shoulder to shoulder with our clients and our peers through good times and challenges
We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
Competitive company benefits
Always working as one team, our people are not afraid to think big and challenge the status quo