Product Cyber Security Lead

Copello are looking for Product Cyber Security Lead to join an organisation in the Buckinghamshire area on an initial 12 month contract.

The Cyber Security Lead will assist with the end‑to‑end implementation of US Department of Defense (DoD) cyber security requirements for a mission‑critical product development programme.

Key Responsibilities

1. Cyber Requirement Implementation
   
   

• Interpret and implement US Government‑flowed cyber and information‑assurance requirements across the product lifecycle.
  
  
• Ensure compliance with the following (non‑exhaustive) set of standards and contractual flows:
  
  
  • DoD 8140.01 (cyber workforce qualification)
    
    
  • NIST SP 800‑171 (CUI protection)
    
    
  • DI-IPSC‑82249, DISA STIGs, DI‑MGMT‑82191, DI-MISC‑80508
    
    

1. Product and Engineering Assurance
   
   

• Define and maintain the programme Cyber Security Plan, including CUI handling, secure development practices and compliance evidence.
  
  
• Lead cyber risk assessments, threat modelling and vulnerability assessments for embedded systems, software, firmware and Special Test Equipment (STE).
  
  
• Guide teams on secure coding, static/dynamic code analysis, secure configuration, hardening baselines, cryptographic controls and data‑at‑rest/data‑in‑transit protection.
  
  
• Ensure firmware, embedded applications and STE conform to defined security controls, logging, access control and audit requirements.
  
  

1. Programme Execution
   
   

• Own the cyber schedule, deliverables and risks within the programme.
  
  
• Drive timely completion of artefacts required for customer acceptance, including SSPs, POA&Ms, incident response plans, configuration baselines and security test evidence.
  
  
• Coordinate with US prime/DoD representatives on security clarifications and compliance submission.
  
  

1. Governance and Compliance
   
   

• Implement a compliant environment for development, test and integration, aligned to NIST 800‑171, DFARS, STIGs and applicable ITAR/Export Control constraints.
  
  
• Ensure cyber incident reporting processes are in place and tested per DFARS 252.204‑7012.
  
  
• Support internal audit, external customer audit and formal assessment activities.
  
  

1. Technical Leadership
   
   

• Provide expert coaching to firmware, software, systems and STE engineers.
  
  
• Ensure cyber requirements are correctly decomposed, allocated and verified.
  
  
• Act as the technical authority for all product cyber security matters on the programme.
  
  Required Qualifications and Experience
  
  Essential
  
  
• Extensive cyber security experience in defence, aerospace or other mission‑critical regulated environments.
  
  
• Strong understanding of secure development for embedded systems, firmware, RTOS platforms and bespoke STE.
  
  
• Demonstrable experience implementing NIST SP 800‑171, DoD cyber requirements, and DISA STIGs on hardware/software products.
  
  
• Experience producing and maintaining programme‑level cyber security documentation and compliance evidence.
  
  
• Ability to lead cyber work packages and influence multi‑disciplinary engineering teams.
  
  
• Eligibility to work with ITAR‑controlled and Controlled Unclassified Information (CUI).
  
  The role will require the candidate to be based onsite 4 days a week. The role will also require SC or eligibility for SC clearance.
  
  This role is offering a flexible hourly rate dependant on experience and will be INSIDE IR35