Lead Security Engineer (contract), Luton
Client:
CBSbutler
Location:
Luton, United Kingdom
Job Category:
Other
EU work permit required:
Yes
Job Views:
2
Posted:
31.05.2025
Expiry Date:
15.07.2025
Job Description:
Lead Security Engineer
* 12 month min contract
We are seeking an experienced Lead Security Engineer with expertise in developing and maintaining product security management systems for defence and government customers.
This position reports to the Head of Engineering Projects and is responsible for all security aspects of product design, development, verification, and maintenance throughout the product lifecycle.
The role involves conducting security risk assessments, preparing mitigation plans, deriving security requirements, and working with development teams to implement security controls and produce Product Security Artefacts.
Key Responsibilities:
* Producing Security Management Plans, work package descriptions, and cost estimates for bids and proposals.
* Conducting security risk assessments, developing risk mitigation plans, and supporting system accreditation documentation.
* Defining security requirements, advising on implementation standards, and overseeing development activities.
* Liaising with Security Accreditors and Assurance Coordinators for security accreditation.
* Preparing Protection Profiles, Security Targets, Evaluation Management Plans, and liaising with evaluation teams.
* Developing TEMPEST Control Plans and advising on implementation and testing.
* Providing guidance on platform security configurations and supporting penetration testing, analyzing results, and planning remediation.
* Managing security throughout the product lifecycle, including vulnerability and patch management.
* Leading security incident response teams during crises in coordination with the Head of Product Security.
Candidate Requirements:
* Experience developing security solutions for military and/or commercial products and systems.
* Senior-level NCSC certification or recognized equivalent (e.g., ISC2 CISSP).
* Knowledge of UK/NATO Information Assurance standards, ISO27000 series, NIST SP800 series, JSP standards, and guidance from NCSC, CPNI, and NIST.
* Experience producing Security Accreditation documentation.
* Familiarity with NCSC and Common Criteria evaluation techniques.
* Knowledge of current cryptography technologies and key management.
* Model-Based System Engineering (MBSE) knowledge.
#J-18808-Ljbffr