Senior Product Security Consultant – Defense Systems (UK Nationals)

Senior Product Security Consultant – Defense Systems (UK Nationals)

London, England, United Kingdom

Overview

We are seeking a Senior Product Security Consultant to join our Cybersecurity Engineering Defense practice. This hybrid role combines deep technical security evaluation, client‑facing pre‑sales support, and technical project management. You will play a central role in designing and validating secure systems for the defense sector, aligning with international compliance standards and platform‑specific security requirements.

Responsibilities

Product Security Evaluation

• Perform architecture and implementation reviews of embedded, cloud‑based, or mission‑critical systems.
• Analyze and validate secure boot flows, cryptographic controls, and firmware integrity mechanisms.
• Conduct threat modeling and traceability analysis against defense‑aligned frameworks (e.g., NIST SP 800‑53, NIST RMF, Common Criteria, NATO NIAG, ISO 15408).
• Evaluate usage of post‑quantum and hybrid cryptographic algorithms in secure communication and key management schemes.
• Conduct security testing of control systems, secure enclaves, radios, mission payload platforms, or ICS/SCADA endpoints.

Defense Industry Compliance & Assurance

• Map system security evaluations to high‑assurance certification needs (e.g., FIPS 140‑3, Common Criteria EAL, DoD STIGs, DoDIN APL).
• Support technical evidence creation for compliance‑driven assurance cases and authority‑to‑operate (ATO) processes.
• Identify platform‑specific hardening strategies (e.g., RTOS, containerized defense apps, ruggedized embedded systems).

Pre‑Sales Engineering Support

• Collaborate with business development to define secure system architectures and value propositions.
• Author technical sections of proposals, whitepapers, and compliance alignment reports.
• Translate mission objectives and operational constraints into viable secure‑by‑design implementation pathways.
• Conduct technical workshops and demos to engage with defense primes, integrators, and government clients.

Project and Stakeholder Management

• Lead technical execution of security engagements with clear milestones, deliverables, and resourcing plans.
• Maintain ongoing communication with client technical leads and internal engineering teams.
• Ensure deliverables meet both compliance obligations and real‑world threat resilience expectations.

Qualifications

Minimum Qualifications

• MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.
• 5+ years of hands‑on experience in cybersecurity for embedded systems, secure communications, or mission‑critical platforms.
• Strong technical writing and documentation skills in English.
• Excellent analytical skills and attention to detail.

Required Skills

• In‑depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).
• Hands‑on experience performing design‑level security reviews and verifying implementation alignment with defined threat models.
• Familiarity with defense‑specific cybersecurity requirements (e.g., DFARS/NIST 800‑171, CMMC, MIL‑STD‑882, STANAGs).
• Understanding of tactical system constraints and secure integration challenges in C4ISR, unmanned systems, or EW contexts.
• Exposure to Zero Trust principles in disconnected, intermittently connected, and low‑bandwidth environments (D‑DIL).
• Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).
• Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).
• Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).
• Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.
• Experience in collaborative proposal development and interfacing with government acquisition stakeholders.
• Problem‑solving skills, analytical thinking, and willingness to learn/grow.

Nice‑to‑Have Skills

• Ability to read and analyze source code for logic flaws in one or more language families.
• Native/Embedded: C, C++.
• Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.
• Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.
• Exposure to fuzzing, symbolic execution, or static analysis techniques.
• Experience collaborating with distributed teams across different time zones and cultures.

#J-18808-Ljbffr…