Description
Location: Harwell, Oxfordshire (Hybrid)
Company: Agilent Technologies - Spectroscopy & Vacuum Division
Overview
We are seeking an experienced Product Cybersecurity Engineer to lead and support cybersecurity activities across our spectroscopy and vacuum product portfolio. This role is critical to ensuring our products meet evolving global cybersecurity regulations, customer requirements, and industry best practices—particularly in regulated markets such as aviation security, customs & borders, pharmaceuticals, and defence.
You will work cross-functionally with R&D, Product Security, Agilent IT, Sales, and Marketing teams, ensuring cybersecurity is embedded throughout the product lifecycle—from design and development through to deployment and ongoing support.
You will report to the R&D Software Manager as part of the team responsible for writing the software/firmware that runs our instruments but it is expected that this will be a cross-functional and cross-product role.
The role will be based out of our Harwell, Oxfordshire office in the UK. There is some expectation to be on-site for hands-on work with our products, but we operate a hybrid model (2-3 days working from home, 2-3 days on-site) as a standard option.
Key Responsibilities
1. Cybersecurity Compliance & Regulation
1. Interpret and apply global cybersecurity and privacy regulations ( GDPR, EU Cyber Resilience Act). Aligning approach with Legal and the CISO organisation.
2. Act as product line lead for EU CRA readiness, including:Product cybersecurity documentationPolicy and procedure developmentCoordination and collaboration with product teams and central security functions
3. Own and track remediation plans to ensure continued product compliance.
4. Maintain and review cybersecurity requirements aligned to target markets ( defence, aviation, customs).
5. Ensure products are GDPR compliant.
2. Sales & Customer Cybersecurity Support
6. Support Sales and Marketing with cybersecurity content for tenders and bids:Contribute to cybersecurity whitepapers and standard documentationProvide technical input for tender compliance submissions
7. Participate in customer-facing cybersecurity discussions, where needed.
8. Review customer and regulatory documentation and translate requirements into product development inputs.
9. Stay aligned with industry developments and best practices.
3. Secure Product Development
10. Ensure products meet:Internal Agilent security policies and proceduresExternal regulatory and customer requirements
11. Drive a proactive cybersecurity approach within product development.
12. Conduct or support cybersecurity testing and assessments, identifying vulnerabilities and providing reports.
13. Collaborate with R&D to:Analyse vulnerabilitiesIdentify false positives and controlsConduct threat modellingDefine, implement and track remediation plans
14. Provide technical guidance on:Encryption and key managementPatch managementIdentity and user management
15. Contribute to infrastructure security ( certificate and secret management).
16. Support secure product configuration tailored to customer needs.
4. DevSecOps & Security Engineering
17. Drive adoption of DevSecOps practices, including:CI/CD security integrationAutomated vulnerability scanning ( Nessus)
18. Implement and maintain:Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Software Composition Analysis (SCA)
19. Lead Software Bill of Materials (SBOM) creation and management in the spectroscopy and vacuum product lines.
20. Perform application security and penetration testing in collaboration with the internal Product Security Program team.
5. Embedded Systems Security
21. Secure Windows 10/11 IoT-based embedded systems, including:Group policy and registry hardeningAttack surface reduction (services, ports, etc.)Patch and update managementEndpoint protection and antivirusMobile Device Management ( Intune)
22. Implement Microsoft security features such as:BitLocker, AppLocker, Unified Write Filter (UWF)
23. Support development and maintenance of embedded OS images.
24. (Desirable) Knowledge of Embedded Linux security.
6. Continuous Improvement & Future-Proofing
25. Monitor emerging threats, vulnerabilities, and regulatory changes.
26. Ensure products remain secure throughout their lifecycle.
27. Promote continuous improvement in cybersecurity practices.
7. Operational Security Activities
28. Manage OS patching and release cycles for product platforms.
29. Maintain secure embedded OS builds ( FFU images).
30. Ensure regular:Vulnerability scanning ( Nessus)Security testing and validation
31. Support CI/CD environment hardening and security patching.
Qualifications
Essential
32. Bachelor’s or master’s degree or equivalent
33. Proven experience in product cybersecurity or application security – typically 4+ years relevant experience.
34. Strong understanding of:Secure software development lifecycle (SSDLC)Vulnerability management and remediationRegulatory compliance (GDPR, EU CRA, emerging EU and global regulations)
35. Hands-on experience with:Security testing (SAST, DAST, SCA)Penetration testing or vulnerability analysisThreat modelling
36. Knowledge of Windows OS security (preferably embedded/IoT variants).
37. Experience working with cross-functional engineering teams.
Desirable
38. Relevant cybersecurity certifications ( CISSP, CompTIA PenTest, ISC2 CSSLP would be beneficial
39. Familiarity with DevSecOps tools and CI/CD pipelines
40. Experience with:Nessus or similar scanning toolsSoftware Bill of Materials (SBOM)
41. Embedded Linux security knowledge.
42. Exposure to regulated industries (defence, aviation, pharma, border security).
43. Experience leveraging modern AI-assisted tools ( Copilot, LLMs) to enhance secure development, documentation, and cybersecurity analysis while applying appropriate engineering judgement and data security controls
Personal Attributes
44. Strong analytical and problem-solving skills
45. Ability to translate regulations into actionable engineering requirements
46. Excellent communication skills, including customer-facing interactions
47. Proactive, self-driven, and detail-oriented
48. Comfortable working across multiple stakeholders and geographies
What we offer
49. Exciting projects in a multifaceted collaborative team grounded on an Agile Culture and Approach
50. Career development opportunities in an international company
51. Competitive compensation and benefits package
52. Work-Life-Balance programs
53. Permanent contract in a fast-growing global company
54. Company pension scheme
55. Private health care
Agilent inspires and supports discoveries that advance the quality of life. We provide life science, diagnostic and applied market laboratories worldwide with instruments, services, consumables, applications, and expertise. Agilent enables customers to gain the answers and insights they seek, so they can do what they do best: improve the world around us. More about Agilent on
Additional Details
This job has a full time weekly schedule.Our pay ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. During the hiring process, a recruiter can share more about the specific pay range for a preferred location. Pay and benefit information by country are available at: Agilent Technologies Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other protected categories under all applicable laws.
Travel Required:
Occasional
Shift:
Day
Duration:
No End Date
Job Function:
R&D