Chief Product Security Engineer

Social network you want to login/join with:

Client: Leonardo

Location: Edinburgh, United Kingdom

Job Category: -

EU work permit required: Yes

Job Reference: d2de593be37c

Job Views: 5

Posted: 05.05.2025

Expiry Date: 19.06.2025

Job Description:

At Leonardo, we have a fantastic opportunity for a Chief Product Security Engineer to join our team within the Customer Support and Service Solutions (CS3) line of business. CS3 operates across the UK, providing innovative and invaluable support solutions to our customers. We help to ensure the availability of front-line capability wherever and whenever required.

We are looking for an experienced product security practitioner with expertise in developing and maintaining robust product security management systems for defence and government customers.

Within CS3, the term product can include both in-service equipment and the support solutions/services provided to customers, which are developed. The Chief Product Security Engineer will ensure that all security aspects of the design, development, verification, and maintenance of this range of products, through all phases of their lifecycle, adhere to policy and process. They will collaborate closely with development teams to guide the design, implementation, and maintenance of appropriate security controls.

• Provide security advice and support to product development teams, including deriving security requirements, undertaking security risk assessments, preparing security risk mitigation plans, and reviewing and approving Security Management plans.
• Maintain and monitor security policies.
• Produce security metrics for the Line of Business (LoB).
• Manage attendance at external security forums.
• Support attendance at the Security Special Interest Group.
• Lead security incident management teams during incident/crisis situations in conjunction with the Lead Product Security Engineer(s).

The Chief Product Security Engineer has delegated authority within the independent Design Integrity function, responsible for:

• Maintaining and monitoring security processes and competence frameworks.
• Assessing security competence in line with the framework.
• Chairing and maintaining a LoB security Community of Interest (CoI).
• Promoting and sharing knowledge and best practices to improve product security awareness.
• Training engineering teams on security frameworks, policies, and processes.
• Developing robust security risk management systems for a range of products and services, aligned with customer, regulatory, and legislative expectations.
• Familiarity with legislation such as IPA, DPA, Official Secrets Act.
• Being a Registered NCSC Certified Professional at lead level or holding an equivalent NCSC-recognized qualification.
• Knowledge of UK/NATO Information Assurance standards, procedures & systems, including HMG Security Policy Framework, ISO security standards, RTCA DO326A.
• Understanding incident investigation principles and implementation processes.
• Practical experience with NCSC and Common Criteria security evaluation techniques up to High Grade.
• Knowledge of current crypto technologies, Key Management Systems, and practical COMSEC implementations.
• Experience in identifying future product security needs, delivering training, and awareness presentations.
• Understanding of product security implications related to safety.
• Excellent communication and interpersonal skills for engaging with stakeholders at all levels.
• Experience in delivering and maintaining products to meet regulatory requirements such as MAA DAOS, ARP4754.
• Understanding of operational concepts for products to assess security risks and define mitigations.
• Ability to identify and implement innovative security management solutions and secure buy-in from regulatory bodies.
• Knowledge of advisory boards within UK Government or NATO for security.
• Active membership in external security groups or forums.

Security Clearance

Required.

Leonardo offers a funded benefits package, commitment to learning and development, and flexible working hours focused on employee and customer needs. A career here provides numerous opportunities and accessibility.

Flexible Working: Hybrid working options available. Part-time opportunities can be discussed.

Company Benefits: Private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle allowances (£500/year).

Holidays: 25 days plus bank holidays, with options to buy/sell leave and accrue up to 12 additional flexi leave days annually.

Pension: Up to 15% employer contribution on pension schemes.

Wellbeing: Employee Assistance Programme, mental health support, financial wellbeing support, and diversity & inclusion networks.

Lifestyle: Discounted gym memberships, Cycle to Work scheme.

Training: Access to over 4000 online courses via Coursera.

Referral Incentive: Rewards for successful referrals.

Bonus Scheme: Available for employees at management level and below.