Lead Security Engineer (contract)

Lead Security Engineer (contract), Watford, Hertfordshire

Client: CBSbutler

Location: Watford, Hertfordshire, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views: 4

Posted: 06.06.2025

Expiry Date: 21.07.2025

Lead Security Engineer

• 12 month minimum contract

We are seeking an experienced Lead Security Engineer with expertise in developing and maintaining product security management systems for defence and government customers.

This position reports to the Head of Engineering Projects and is responsible for all security aspects of product design, development, verification, and maintenance throughout the product lifecycle.

The role involves conducting security risk assessments, preparing mitigation plans, deriving security requirements, and working with development teams to implement security controls and produce security artefacts.

• Producing Security Management Plans, work package descriptions, and cost estimates for bids and proposals.
• Conducting security risk assessments, mitigation plans, gap analysis, and supporting system accreditation.
• Defining security requirements, advising on standards, and overseeing development activities.
• Liaising with Security Accreditors and Assurance Coordinators for accreditation.
• Preparing Protection Profiles, Security Targets, Evaluation Plans, and liaising with evaluation teams.
• Preparing TEMPEST Control Plans and advising on implementation techniques.
• Supporting platform lockdown, configurations, penetration testing, and remedial actions.
• Managing product security throughout its lifecycle, including vulnerability and patch management.
• Leading security incident management during crises.

• Experience with security solutions for military and/or commercial products.
• Senior-level NCSC certification or recognized qualification (e.g., ISC2 CISSP).
• Knowledge of UK/NATO standards, ISO27000, NIST, JSP standards, and guidance from NCSC, CPNI, NIST.
• Experience producing Security Accreditation documentation.
• Knowledge of security evaluation techniques like NCSC and Common Criteria.
• Understanding of current cryptography technologies and key management.
• Knowledge of Model-Based System Engineering (MBSE).