Overview
Our client, a leading player in the Defence & Security sector, is currently seeking a Product Security Lead to join their team in Marlow on a contract basis.
Responsibilities
1. Cyber Requirement Implementation
o Interpret and implement US Government-flowed cyber and information-assurance requirements across the product lifecycle.
o Ensure compliance with the following (non-exhaustive) set of standards and contractual flows:
+ DoD #removed# (cyber workforce qualification)
+ NIST SP (Apply online only) (CUI protection)
+ DI-IPSC-82249, DISA STIGs, DI-MGMT-82191, DI-MISC-80508
2. Product and Engineering Assurance
o Define and maintain the programme Cyber Security Plan, including CUI handling, secure development practices and compliance evidence.
o Lead cyber risk assessments, threat modeling and vulnerability assessments for embedded systems, software, firmware and Special Test Equipment (STE).
o Guide teams on secure coding, static/dynamic code analysis, secure configuration, hardening baselines, cryptographic controls and data-at-rest/data-in-transit protection.
o Ensure firmware, embedded applications and STE conform to defined security controls, logging, access control and audit requirements.
3. Programme Execution
o Own the cyber schedule, deliverables and risks within the programme.
o Drive timely completion of artefacts required for customer acceptance, including SSPs, POA&Ms, incident response plans, configuration baselines and security test evidence.
o Coordinate with US prime/DoD representatives on security clarifications and compliance submission.
4. Governance and Compliance
o Implement a compliant environment for development, test and integration, aligned to NIST (Apply online only), DFARS, STIGs and applicable ITAR/Export Control constraints.
o Ensure cyber incident reporting processes are in place and tested per DFARS (phone number removed).
o Support internal audit, external customer audit and formal assessment activities.
5. Technical Leadership
o Provide expert coaching to firmware, software, systems and STE engineers.
o Ensure cyber requirements are correctly decomposed, allocated and verified.
o Act as the technical authority for all product cyber security matters on the programme.
Job Requirements
Essential
* Extensive cyber security experience in defence, aerospace or other mission-critical regulated environments.
* Strong understanding of secure development for embedded systems, firmware, RTOS platforms and bespoke STE.
* Demonstrable experience implementing NIST SP (Apply online only), DoD cyber requirements, and DISA STIGs on hardware/software products.
* Experience producing and maintaining programme-level cyber security documentation and compliance evidence.
* Ability to lead cyber work packages and influence multi-disciplinary engineering teams.
* Eligibility to work with ITAR-controlled and Controlled Unclassified Information (CUI).
Desirable
* US DoD #removed#/8570 certification (e.g., CISSP, Security+, CEH).
* Experience working with US primes or on US DoD-funded programmes.
* Knowledge of export control, CUI marking, and classified information handling.
If you are an experienced Product Security Lead looking for a challenging and rewarding contract role in the Defence & Security sector, apply now to join our client's dynamic team in Marlow
#J-18808-Ljbffr