Security Engineer – Bristol (Hybrid)
Security Clearance: SC (Eligible)
DefStan | NIST | Threat Modelling
Are you passionate about securing the future of critical technology? Do you have deep working knowledge of NIST standards and Defence Standards like DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1?
We’re hiring a Product Security Engineer to help shape the security architecture of next-generation defence and technology systems. This is a high-impact role where your expertise in threat modelling, risk assessment, and secure-by-design engineering will drive innovation and resilience from day one.
What You’ll Be Doing:
* Leading product risk assessments and driving security improvements across the full development lifecycle.
* Conducting threat modelling and collaborating closely with engineers to embed security at every layer.
* Applying your hands-on knowledge of DefStan 05-138 and 05-139 to ensure products meet UK defence requirements.
* Leveraging the NIST 800 series (an absolute must) to establish best-in-class security frameworks.
* Performing code reviews, penetration testing, and guiding remediation efforts.
* Producing clear, robust documentation such as RMADS and Security Assurance artefacts.
What You Bring:
* Proven experience with NIST 800-30, 800-37, 800-53 and related frameworks. (Essential)
* Practical, working knowledge of Defence Standards, especially DefStan 05-138 and DefStan 05-139.
* Familiarity with threat modelling tools and methodologies.
* Solid understanding of ISO 27001/2, ISO 31000, and JSPs.
* Strong communication skills with the ability to simplify complex risks for non-technical stakeholders.
* A passion for secure design, ethical problem solving, and delivering high-assurance solutions.
You’ll Thrive In This Role If You:
* Enjoy working at the intersection of engineering, cyber, and defence.
* Are detail-oriented and solutions-driven with a calm, analytical approach to security challenges.
* Can manage multiple projects and priorities in a dynamic, agile environment.