Our client, a leading player in the Defence & Security sector, is currently seeking a Product Security Lead to join their team in Marlow on a contract basis.
Key Responsibilities:
1. Cyber Requirement Implementation
- Interpret and implement US Government-flowed cyber and information-assurance requirements across the product lifecycle.
- Ensure compliance with the following (non-exhaustive) set of standards and contractual flows:
- DoD 8140.01 (cyber workforce qualification)
- NIST SP 800-171 (CUI protection)
- DI-IPSC-82249, DISA STIGs, DI-MGMT-82191, DI-MISC-80508
2. Product and Engineering Assurance
- Define and maintain the programme Cyber Security Plan, including CUI handling, secure development practices and compliance evidence.
- Lead cyber risk assessments, threat modeling and vulnerability assessments for embedded systems, software, firmware and Special Test Equipment (STE).
- Guide teams on secure coding, static/dynamic code analysis, secure configuration, hardening baselines, cryptographic controls and data-at-rest/data-in-transit protection.
- Ensure firmware, embedded applications and STE conform to defined security controls, logging, access control and audit requirements.
3. Programme Execution
- Own the cyber schedule, deliverables and risks within the programme.
- Drive timely completion of artefacts required for customer acceptance, including SSPs, POA&Ms, incident response plans, configuration baselines and security test evidence.
- Coordinate with US prime/DoD representatives on security clarifications and compliance submission.
4. Governance and Compliance
- Implement a compliant environment for development, test and integration, aligned to NIST 800-171, DFARS, STIGs and applicable ITAR/Export Control constraints.
- Ensure cyber incident reporting processes are in place and tested per DFARS 252.204-7012.
- Support internal audit, external customer audit and formal assessment activities.
5. Technical Leadership
- Provide expert coaching to firmware, software, systems and STE engineers.
- Ensure cyber requirements are correctly decomposed, allocated and verified.
- Act as the technical authority for all product cyber security matters on the programme.
Job Requirements:
Essential
- Extensive cyber security experience in defence, aerospace or other mission-critical regulated environments.
- Strong understanding of secure development for embedded systems, firmware, RTOS platforms and bespoke STE.
- Demonstrable experience implementing NIST SP 800-171, DoD cyber requirements, and DISA STIGs on hardware/software products.
- Experience producing and maintaining programme-level cyber security documentation and compliance evidence.
- Ability to lead cyber work packages and influence multi-disciplinary engineering teams.
- Eligibility to work with ITAR-controlled and Controlled Unclassified Information (CUI).
Desirable
- US DoD 8140.01/8570 certification (e.g., CISSP, Security+, CEH).
- Experience working with US primes or on US DoD-funded programmes.
- Knowledge of export control, CUI marking, and classified information handling.
If you are an experienced Product Security Lead looking for a challenging and rewarding contract role in the Defence & Security sector, apply now to join our client's dynamic team in Marlow.
