Senior Product Security Consultant - Defense Systems (UK Nationals)

Senior Product Security Consultant – Defense Systems (UK Nationals)Join to apply for the Senior Product Security Consultant – Defense Systems (UK Nationals) role at CENSUSContinue with Google Continue with GoogleSenior Product Security Consultant – Defense Systems (UK Nationals)2 days ago Be among the first 25 applicantsJoin to apply for the Senior Product Security Consultant – Defense Systems (UK Nationals) role at CENSUSGet AI-powered advice on this job and more exclusive features.About CENSUSCENSUS LABS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Our identity is rooted in professionalism, engineering excellence, a scientific mindset, and hacking demeanor. We are research-driven, enabling us to deliver a diverse range of professional services.About CENSUSCENSUS LABS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Our identity is rooted in professionalism, engineering excellence, a scientific mindset, and hacking demeanor. We are research-driven, enabling us to deliver a diverse range of professional services.CENSUS is trusted to conduct high-impact product security engagements, helping our clients secure their solutions from design to deployment, using realistic and risk-informed approaches. Our expertise spans end-to-end systems, including Secure Communications, IoT, Medical Devices, Mobile, and Vehicle Computing platforms.Learn more about CENSUS at census-labs.com.About The JobWe are seeking a Senior Product Security Consultant to join our Cybersecurity Engineering Defense practice. This hybrid role combines deep technical security evaluation, client-facing pre-sales support, and technical project management. You will play a central role in designing and validating secure systems for the defense sector, aligning with international compliance standards and platform-specific security requirements.You will work with engineering managers, technical stakeholders, and defense clients to assess product security posture, define security controls, and ensure system resilience through structured evaluations. You will also engage in proposal development, solution scoping, and roadmap planning for security-centric projects in line with mission and operational requirements.Key ResponsibilitiesProduct Security EvaluationPerform architecture and implementation reviews of embedded, cloud-based, or mission-critical systems.Analyze and validate secure boot flows, cryptographic controls, and firmware integrity mechanisms.Conduct threat modeling and traceability analysis against defense-aligned frameworks (e.g., NIST SP 800-53, NIST RMF, Common Criteria, NATO NIAG, ISO 15408).Evaluate usage of post-quantum and hybrid cryptographic algorithms in secure communication and key management schemes.Conduct security testing of control systems, secure enclaves, radios, mission payload platforms, or ICS/SCADA endpoints.Defense Industry Compliance & AssuranceMap system security evaluations to high-assurance certification needs (e.g., FIPS 140-3, Common Criteria EAL, DoD STIGs, DoDIN APL).Support technical evidence creation for compliance-driven assurance cases and authority-to-operate (ATO) processes.Identify platform-specific hardening strategies (e.g., RTOS, containerized defense apps, ruggedized embedded systems).Pre-Sales Engineering SupportCollaborate with business development to define secure system architectures and value propositions.Author technical sections of proposals, whitepapers, and compliance alignment reports.Translate mission objectives and operational constraints into viable secure-by-design implementation pathways.Conduct technical workshops and demos to engage with defense primes, integrators, and government clients.Project and Stakeholder ManagementLead technical execution of security engagements with clear milestones, deliverables, and resourcing plans.Maintain ongoing communication with client technical leads and internal engineering teams.Ensure deliverables meet both compliance obligations and real-world threat resilience expectations.Minimum QualificationsMSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.5+ years of hands-on experience in cybersecurity for embedded systems, secure communications, or mission-critical platforms.Strong technical writing and documentation skills in English.Excellent analytical skills and attention to detail.Required SkillsIn-depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models.Familiarity with defense-specific cybersecurity requirements (e.g., DFARS/NIST 800-171, CMMC, MIL-STD-882, STANAGs).Understanding of tactical system constraints and secure integration challenges in C4ISR, unmanned systems, or EW contexts.Exposure to Zero Trust principles in disconnected, intermittently connected, and low-bandwidth environments (D-DIL).Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.Experience in collaborative proposal development and interfacing with government acquisition stakeholders.Problem solving skills, analytical thinking, and willingness to learn/grow.Nice-to-Have SkillsAbility to read and analyze source code for logic flaws in one or more language families:Mobile: Swift, Obj-C, Kotlin, Java, Dart, JavaScriptWeb/Cloud: Java, Python, Go, PHP, Ruby, C#, JavaScriptNative/Embedded: C, C++Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.Exposure to fuzzing, symbolic execution, or static analysis techniques.Experience collaborating with distributed teams across different time zones and cultures.Seniority levelSeniority levelMid-Senior levelEmployment typeEmployment typeFull-timeJob functionJob functionInformation TechnologyIndustriesComputer and Network SecurityReferrals increase your chances of interviewing at CENSUS by 2xSign in to set job alerts for “Product Security Consultant” roles.London, England, United Kingdom 1 week agoSalesforce Industry Architect (Automotive)Feltham, England, United Kingdom 2 weeks agoWe’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr