Lead Product Security Engineer

Social network you want to login/join with:

Client: Leonardo

Location: Newcastle upon Tyne, United Kingdom

Job Category: -

EU work permit required: Yes

Job Description:

At Leonardo, we have a fantastic opportunity for a Lead Product Security Engineer to join our team within the Customer Support and Service Solutions (CS3) line of business. CS3 operates across the UK, providing innovative and invaluable support solutions to our customers. We help to ensure the availability of front-line capability wherever and whenever required.

We are looking for an experienced security engineer with expertise in developing and maintaining product security management systems for defence and government customers. Within CS3, the term product can include both in-service equipment and support solutions/services provided to customers, which are developed. The Lead Product Security Engineer will be responsible for all security aspects of product design, development, verification, and maintenance throughout all lifecycle phases, including security planning, assessment, risk mitigation, and accreditation activities. The role also involves working closely with product development teams to design, implement, and maintain appropriate security controls, providing technical advice within the area of product security.

• Work with customer security accreditors and SMEs, as well as project engineering teams, to ensure product compliance with security policies and manage residual security risks.
• Produce Security Management Plans, work package descriptions, and cost estimates for product bids, services, and proposals.
• Undertake security risk assessments, create mitigation plans, perform gap analysis, and prepare security documentation for system accreditation.
• Define product security requirements, advise on implementation standards, and oversee development activities.
• Liaise with Security Accreditors and Security Assurance Coordinators for security accreditation support.
• Prepare Protection Profiles, Security Targets, and Evaluation Management Plans, liaising with evaluation teams.
• Advise on platform lockdowns, configurations, and support penetration testing activities, analyzing results and developing remedial plans.
• Manage security through-life support, including vulnerability and patch management.
• Lead security incident management during crises in collaboration with the Chief Product Security Engineer.
• Support review and maintenance of security policies, processes, and procedures, recommending improvements.
• Deliver security training to engineering teams.
• Experience in security solutions development for military or commercial products.
• Registered NCSC certified professional or recognized qualification (e.g., ISC CISSP).
• Knowledge of UK/NATO IA standards, ISO27000, NIST, JSP, guidance from NCSC, CPNI, and NIST.
• Experience in producing Security Accreditation documentation and evaluation techniques.
• Knowledge of crypto technologies and key management.
• Model Based System Engineering (MBSE) knowledge.
• Understanding of OS, firmware, and software security controls.
• Familiarity with emerging technologies like cloud, virtualisation, and web-based systems.
• Excellent communication and stakeholder engagement skills.
• Positive attitude and leadership qualities.
• Experience with Enterprise Security Architectures (SABSA, MODAF).

Security Clearance:

Required

We offer a comprehensive benefits package, commitment to learning and development, and flexible working hours focused on employee and customer needs. A career with Leonardo offers numerous opportunities and accessibility for many.

Flexible Working: Hybrid working options and flexible hours. Part-time options available.

Benefits: Private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle allowances (£500/year).

Holidays: 25 days plus bank holidays, with options to buy/sell leave and accrue up to 12 additional flexi days annually.

Pension: Competitive pension scheme with up to 15% employer contribution.

Wellbeing: Employee Assistance Program, mental health support, financial wellbeing support, and diversity & inclusion networks.

Lifestyle: Discounted gym memberships, Cycle to Work scheme.

Training: Access to over 4000 online courses via Coursera.

Referral Incentive: Rewards for successful referrals.

Bonus Scheme: Available for management level and below.