Lead Product Security Engineer

Lead Product Security Engineer

Location –Flexible, can be based across the South of the UK with 1-day a week on-site across multiple locations.

The Company:

We are proud to be partnered with one of the world’s leading organisations within Electronic Warfare, with over 100-years history providing the latest technological advances to military customers in the UK and further afield.

This is a great opportunity to work on critical programmes in EW and Future Combat Air Systems, where you will take the lead on safety-critical Product Security.

Key Skills:

• Experience of Product Security
• Working in a complex safety-critical engineering environment
• Understanding of the Systems Development Lifecycle / V-Models
• Ideally Electronics experience but can consider other complex product development backgrounds
• Technical leadership experience, including mentoring and development skills
• Understanding of cyber security and cyber resilience

Company Benefits:

• Flexible salary depending on level to be discussed on application
• Annual bonus scheme
• Industry leading pension scheme – up to 15% employer contribution (based on 8% employee contribution).Please see table below.
• Life assurance – 4x annual salary if you have opted into the pension scheme
• Flexi leave – 12 flexi days a year for additional hours worked
• Annual leave – 25 days plus public holidays
• Hybrid working schedule with 1-day a week on-site with occasional UK travel
• Flexible benefits - £500 per year for employees to select their own benefits (ie. private medical insurance, dental insurance etc)

Job Description:

• Experience of owning a security risk management system
• Regulated industry experience in aerospace, nuclear, automotive, rail or oil & gas;
• People management, mentoring and development skills
• Practical experience of the System Development Life Cycle, Software Development Life Cycle, Spiral, V-Models and Agile frameworks;
• The ability to understand complex engineering processes and the inter-dependency of the process components;
• A passion for promoting and improving the safety and security of complex systems.
• Broad breadth of engineering experience in order to be able to review project demands and advise on resourcing needs, development, delivery plans and structures.
• Familiarity with the application of cyber resilience controls to embedded systems

It would bedesirable, but not essential, if you also had one or more of:

• Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
• Knowledge of UK/NATO Information Assurance/Accreditation frameworks;
• Knowledge of EASA/FAA Airworthiness Certification frameworks;
• Awareness of current crypto technologies, Key Management Systems & practical COMSEC;
• Awarded or looking to achieve an NCSC Certified Cyber Professional (CCP) recognition;
• Awareness of Information Security (INFOSEC), Communications Security (COMSEC), Transmission Security (TRANSEC), Product Safety and their inter-relationship
• Familiarity with incident investigation and implementation of an investigation process such as used by the Air Accidents Investigation Branch (AAIB);