Engineer in opleiding in Belfast

As part of the Expleo UK Cybersecurity Practice, you will support a key client engagement in Belfast, providing cyber engineering expertise across hardware, embedded systems, and software. This is not an IT-only cybersecurity role; it requires practical experience of developing, assuring and securing engineered solutions across the project lifecycle.

The role will involve working closely with engineering teams, bid teams, customer stakeholders, internal cyber assurers and MOD-related security groups to ensure secure-by-design delivery, robust threat and risk assessment, effective security requirements management, and the production of cybersecurity artefacts required to support accreditation and assurance.

Responsibilities

• Provide cyber engineering expertise across hardware, embedded and software engineering projects, bids and delivery teams.
• Support the development of secure engineered solutions, ensuring cybersecurity is embedded across the project lifecycle rather than treated as a late-stage compliance activity.
• Create, estimate and maintain cyber engineering plans for projects and bids, including activities, artefacts, assumptions, dependencies and delivery effort.
• Generate, iterate and maintain threat models and cyber risk assessments throughout the project lifecycle, using appropriate frameworks and methods such as NIST RMF.
• Identify and define proportionate risk treatments by applying suitable security baselines, including NIST RMF and IEC 62443, where appropriate.
• Generate, manage and track security requirements, ensuring traceability from threat, risk and control decisions through to solution design and assurance evidence.
• Support MOD security working groups and Secure by Design cybersecurity accreditation activities.
• Create, maintain, and contribute to the cybersecurity case, ensuring that evidence, risk decisions, assumptions, and assurance arguments are clearly documented.
• Commission, manage and interpret the results of external vulnerability analysis, ensuring outputs are assessed and incorporated into risk treatment, assurance and delivery planning.
• Contribute cyber operations content to technical documentation, including security operating procedures, operational guidance and cyber operations manuals.
• Support supplier product cybersecurity assurance, ensuring supplier-provided components, products or systems can be integrated into the wider cybersecurity case.
• Review hardware embedded and software solution designs for potential cybersecurity weaknesses and recommend proportionate mitigations.
• Work independently without day-to-day supervision, taking responsibility for the delivery of assigned task deliverables.
• Deliver cyber engineering outputs to agreed cost, schedule and quality expectations.
• Lead and contribute to meetings relevant to the delivery of cyber engineering activities.
• Produce clear written material and brief effectively to senior stakeholders within the client organisation, customer teams and internal cyber assurance functions.
• Work closely with engineering, systems, software, hardware, safety, assurance and programme teams to support secure delivery.
• Support the growth of Expleo's Cybersecurity Practice through knowledge sharing, technical contribution and client-facing delivery excellence.

Qualifications

• Relevant education or industry-recognised certification in cybersecurity, systems engineering, software engineering, hardware engineering, computer science or a related discipline.
• Suitable qualifications may include BSc, MSc, CISSP, CISM, CRISC, Security+, CySA+, CASP+, GIAC, IEC 62443-related certifications, systems engineering qualifications or equivalent professional experience.
• Defence, MOD, secure engineering, product security or accreditation-related experience would be highly beneficial.

Essential skills

• Strong understanding of cyber engineering within hardware, embedded and software engineering environments.
• Experience supporting the development of secure, engineered solutions; IT-only cybersecurity experience is insufficient.
• Ability to create cyber engineering plans, delivery estimates and security work packages for projects and bids.
• Practical experience producing threat models and cyber risk assessments across the full project lifecycle.
• Knowledge of risk management approaches and frameworks such as NIST RMF.
• Knowledge of security baselines and control frameworks such as NIST, IEC 62443 or equivalent.
• Ability to define, manage and track cybersecurity requirements.
• Understanding of Secure by Design principles and their application within complex engineering or defence environments.
• Ability to develop and maintain a cybersecurity case, including evidence, assurance arguments, risk decisions and supporting artefacts.
• Understanding of vulnerability analysis, including commissioning external assessments and interpreting findings.
• Strong technical documentation skills, including the ability to contribute to cyber operations manuals and technical assurance material.
• Ability to assess supplier cybersecurity evidence and support product cybersecurity assurance activities.
• Strong stakeholder engagement skills, including the ability to brief senior stakeholders, customers and internal cyber assurers.
• Ability to work independently, manage assigned deliverables and take responsibility for delivery to cost and schedule.

Experience

• Proven experience in cyber engineering, product cybersecurity, secure systems engineering or a closely related discipline.
• Experience working on hardware, embedded systems and/or software engineering projects.
• Experience developing secure solutions rather than only assessing enterprise IT environments.
• Experience producing cybersecurity artefacts to support assurance, accreditation or customer acceptance.
• Experience working with engineering teams across the project lifecycle, from concept and design through to implementation, assurance and in-service support.
• Experience supporting defence, MOD, secure government, aerospace, critical systems or other highly regulated engineering environments would be advantageous.
• Experience engaging with senior stakeholders, customers, technical authorities, engineering leads and cyber assurance teams.
• Experience supporting MOD security working groups or MOD Secure by Design accreditation processes.
• Experience developing in-service cyber support plans and capabilities, including: Incident response plans, Vulnerability management plans, Security monitoring or operational support arrangements, Security maintenance and update processes.
• Understanding of software, hardware and embedded development and testing pipelines.
• Ability to review hardware and software designs for cybersecurity weaknesses.
• Experience supporting security assurance for suppliers, third-party products or integrated systems.
• Experience working with safety-related, mission-critical or operationally constrained systems.
• Familiarity with secure development, systems engineering, model-based engineering or requirements management.