Job summary

---

Security Engineer - Bristol (Hybrid)

Key skills required for this role

Systems Architect

Important

Working knowledge of defense standards (DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1

Job description

---

Security Engineer - Bristol (Hybrid)
Security Clearance: SC (Eligible)
DefStan | NIST | Threat Modelling

Are you passionate about securing the future of critical technology? Do you have deep working knowledge of NIST standards and Defence Standards like DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1?

We're hiring a Product Security Engineer to help shape the security architecture of next-generation defence and technology systems. This is a high-impact role where your expertise in threat modelling, risk assessment, and secure-by-design engineering will drive innovation and resilience from day one.

What You'll Be Doing:

• Leading product risk assessments and driving security improvements across the full development lifecycle.

• Conducting threat modelling and collaborating closely with engineers to embed security at every layer.

• Applying your hands-on knowledge of DefStan 05-138 and 05-139 to ensure products meet UK defence requirements.

• Leveraging the NIST 800 series (an absolute must) to establish best-in-class security frameworks.

• Performing code reviews, penetration testing, and guiding remediation efforts.

• Producing clear, robust documentation such as RMADS and Security Assurance artefacts.

What You Bring:

• Proven experience with NIST 800-30, 800-37, 800-53 and related frameworks. (Essential)

• Practical, working knowledge of Defence Standards, especially DefStan 05-138 and DefStan 05-139.

• Familiarity with threat modelling tools and methodologies.

• Solid understanding of ISO 27001/2, ISO 31000, and JSPs.

• Strong communication skills with the ability to simplify complex risks for non-technical stakeholders.

• A passion for secure design, ethical problem solving, and delivering high-assurance solutions.

You'll Thrive In This Role If You:

• Enjoy working at the intersection of engineering, cyber, and defence.

• Are detail-oriented and solutions-driven with a calm, analytical approach to security challenges.

• Can manage multiple projects and priorities in a dynamic, agile environment.