Lead Product Security Engineer

Social network you want to login/join with:

Client: Leonardo

Location: Edinburgh, United Kingdom

Job Category: -

EU work permit required: Yes

Job Description:

At Leonardo, we have a fantastic opportunity for a Lead Product Security Engineer to join our team within the Customer Support and Service Solutions (CS3) line of business. CS3 operates across the UK, providing innovative and invaluable support solutions to our customers. We help to ensure the availability of front-line capability wherever and whenever required.

We are looking for an experienced security engineer with expertise in developing and maintaining product security management systems for defence and government customers. Within CS3, the term 'product' includes both in-service equipment and support solutions/services developed for customers. The Lead Product Security Engineer will be responsible for all security aspects of product design, development, verification, and maintenance throughout the product lifecycle, including security planning, assessment, risk mitigation, and accreditation activities. The role involves working closely with product development teams to design, implement, and maintain appropriate security controls, and providing technical advice within the domain of product security.

• Work with customer security accreditors and SMEs, as well as project engineering teams, to ensure product compliance with security policies and manage residual security risks.
• Produce Security Management Plans, work package descriptions, and cost estimates to support bids, services, and proposals.
• Undertake security risk assessments, create risk mitigation plans, perform gap analysis, and prepare security documentation for accreditation.
• Define product security requirements, advise on implementation standards, oversee development activities.
• Liaise with Security Accreditors and Security Assurance Coordinators for security accreditation.
• Prepare Protection Profiles, Security Targets, Evaluation Management Plans, and liaise with evaluation teams.
• Advise development teams on platform security, support penetration testing, analyze results, and develop remedial plans.
• Manage through-life support for product security, including vulnerability and patch management.
• Lead security incident management during crises in conjunction with the Chief Product Security Engineer.
• Support review and maintenance of security policies, suggesting improvements.
• Deliver security training to engineering teams.
• Experience in developing security solutions for military and/or commercial products.
• Registered NCSC certified professional at senior level or recognized qualification (e.g., ISC CISSP).
• Knowledge of UK/NATO IA standards, procedures, and systems, including GovS 007, HMG IS1&2, ISO27000, NIST, JSPs, guidance from NCSC, CPNI, NIST.
• Experience in producing security accreditation documentation and evaluation techniques.
• Knowledge of cryptography and key management systems.
• Understanding of MBSE, operating systems, firmware, and software security controls.
• Familiarity with emerging technologies like cloud, virtualization, web-based systems.
• Excellent communication and interpersonal skills for stakeholder interaction.
• Positive attitude, drive for improvement, and leadership capabilities.
• Experience with Enterprise Security Architectures (SABSA, MODAF).

Security Clearance:

Required.

We offer a comprehensive benefits package, commitment to learning, flexible working hours, and opportunities for career development. Our benefits include private healthcare, dental schemes, Workplace ISA, Go Green Car Scheme, technology and lifestyle allowances (£500/year), 25 days holiday plus bank holidays, option to buy/sell leave, up to 12 additional flexi days, a pension scheme with up to 15% employer contribution, wellbeing programs, discounted gym memberships, cycle-to-work scheme, free online courses via Coursera, referral incentives, and bonuses for management level employees.