Key skills
Cyber SecuritySDLCTCP/IPLeadershipRisk ManagementDecision MakingNetwork Security
About this role
Role Overview
- Develops and implements product security requirements and architectures to satisfy certification, regulatory, and customer requirements.
- Defines security design approaches and leads integration of security features into product architectures and designs.
- Conducts and leads cybersecurity risk analysis and threat assessments; evaluates likelihood, impact, and residual risk and determines mitigations.
- Performs and leads security assessments, audits, and vulnerability analyses; prepares mitigation strategies and drives remediation actions.
- Establishes and sustains security practices across the product lifecycle through coordination with cross‑functional teams and program leadership.
- Communicates and documents product security and certification implications, including security consequences of product modifications, to internal stakeholders, suppliers, and customers.
- Identifies and defines product security requirements for suppliers of components and subsystems; coordinates supplier security activities and evaluates supplier deliverables for compliance.
- Coordinates with governments, customers, suppliers, and industry to identify program risks and to improve industry and regulatory security standards and requirements for programs and interfacing systems.
- Independently conducts research and development activities that result in innovative security solutions, tools, or processes; leads pilot implementations and evaluates outcomes.
- Performs system analysis and trade studies to define technical concepts, security architectures, and optimal security solutions; documents rationale and recommendations for program decision makers.
- Develops and improves team tools, processes, and automation to increase productivity and repeatability across programs.
- Leads or contributes to program boards and design reviews: gathers and analyses data, prepares briefings, communicates recommendations, and supports cross‑team decision making.
- Monitors emerging threats, vulnerabilities, and security technologies; assesses applicability to programs and recommends prioritized adoption or mitigations.
- Ensures security of tools, data, networks, and resources used for product design, development, build, test, storage, delivery, operations, and support.
- Responds to program‑level security incidents or findings; coordinates remediation, documents results, and communicates status to stakeholders.
- Advises customers and program teams on maintaining product security and certification, including the security consequences of modifying products and services.
Requirements
- Applied experience in multiple of the following areas:
- Cybersecurity and security risk / threat assessment
- Security architecture, design, and analysis
- Network security architecture for embedded and enterprise systems
- Embedded systems security and cyber‑physical systems
- Systems hardening and security control implementation
- Cryptography and PKI design or integration
- Security testing, evaluation, and verification activities
- Trusted computing & anti‑tamper engineering
- Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.)
- Secure Software Development Lifecycle (SDLC) and DevSecOps practices
- The ability to obtain UK Security Clearance
- Broad experience in risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
- Experience leading or participating in cybersecurity audits, certification activities, and investigations.
- Experience with security incident response, root cause analysis, and trend analysis.
- Familiarity with malware analysis, attack surface reduction, and advanced security analysis techniques.
- Proven knowledge or hands‑on experience with DevSecOps toolchains and automation.
- Familiarity with avionics, embedded computing, and communications systems (ARINC series).
- Proficiency with networking and computing protocols & architectures (TCP/IP, OSI, UDP, serial/parallel communications, bus architectures).
- Understanding of hardware and software integration processes for safety‑critical platforms.
- Familiarity with Secure by Design principles and techniques.
- Experience applying relevant standards and frameworks, including:
- RTCA/EUROCAE: DO‑326B/ED‑202B, DO‑356A/ED‑203A
- NIST: Risk Management Framework and SPs 800‑30, 800‑53, 800‑160
- ISO/IEC: 27001/27002, 62443
- DEFSTAN: 05‑138, 05‑139
- Experience with Model‑Based Engineering (MBE) tools and languages such as UML/SysML, 3DX, CATIA, Cameo, and MagicDraw is desirable.
- Proven contributions to industry standards, professional organizations, or cross‑industry working groups are a plus.
Tech Stack
- Cyber Security
- SDLC
- TCP/IP
Benefits
- Competitive salary and annual incentive plans
- Continuous learning: You’ll develop the approach and skills to navigate whatever comes next
- Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way
- Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs
- 23 days plus UK public holidays and a Winter Break between Christmas and New Year!
- Pension Plan with 10% employer contribution
- Company paid BUPA Medical Plan
- Short Term Sickness: 100% pay for the first 26 weeks!
- Long Term Sickness: 66.67% of annual salary from 27th week
- 6x annual salary life insurance
- Learning Together Programme to support your ongoing personal and career development
- Access to Boeing’s Well Being Programs, tool and incentives
- Parental leave options are available!