Senior Product Security Consultant - Defense Systems (UK Nationals) in London

We are seeking a Senior Product Security Consultant to join our Cybersecurity Engineering Defense practice. This hybrid role combines deep technical security evaluation, client‑facing pre‑sales support, and technical project management. You will play a central role in designing and validating secure systems for the defense sector, aligning with international compliance standards and platform‑specific security requirements.

Responsibilities

• Product Security Evaluation
  • Perform architecture and implementation reviews of embedded, cloud‑based, or mission‑critical systems.
  • Analyze and validate secure boot flows, cryptographic controls, and firmware integrity mechanisms.
  • Conduct threat modeling and traceability analysis against defense‑aligned frameworks (e.g., NIST SP 800‑53, NIST RMF, Common Criteria, NATO NIAG, ISO 15408).
  • Evaluate usage of post‑quantum and hybrid cryptographic algorithms in secure communication and key management schemes.
  • Conduct security testing of control systems, secure enclaves, radios, mission payload platforms, or ICS/SCADA endpoints.
• Defense Industry Compliance & Assurance
  • Map system security evaluations to high‑assurance certification needs (e.g., FIPS 140‑3, Common Criteria EAL, DoD STIGs, DoDIN APL).
  • Support technical evidence creation for compliance‑driven assurance cases and authority‑to‑operate (ATO) processes.
  • Identify platform‑specific hardening strategies (e.g., RTOS, containerized defense apps, ruggedized embedded systems).
• Pre‑Sales Engineering Support
  • Collaborate with business development to define secure system architectures and value propositions.
  • Author technical sections of proposals, whitepapers, and compliance alignment reports.
  • Translate mission objectives and operational constraints into viable secure‑by‑design implementation pathways.
  • Conduct technical workshops and demos to engage with defense primes, integrators, and government clients.
• Project and Stakeholder Management
  • Lead technical execution of security engagements with clear milestones, deliverables, and resourcing plans.
  • Maintain ongoing communication with client technical leads and internal engineering teams.
  • Ensure deliverables meet both compliance obligations and real‑world threat resilience expectations.

Qualifications

Minimum Qualifications

• MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.
• 5+ years of hands‑on experience in cybersecurity for embedded systems, secure communications, or mission‑critical platforms.
• Strong technical writing and documentation skills in English.
• Excellent analytical skills and attention to detail.

Required Skills

• In‑depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).
• Hands‑on experience performing design‑level security reviews and verifying implementation alignment with defined threat models.
• Familiarity with defense‑specific cybersecurity requirements (e.g., DFARS/NIST 800‑171, CMMC, MIL‑STD‑882, STANAGs).
• Understanding of tactical system constraints and secure integration challenges in C4ISR, unmanned systems, or EW contexts.
• Exposure to Zero Trust principles in disconnected, intermittently connected, and low‑bandwidth environments (D‑DIL).
• Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).
• Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).
• Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).
• Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.
• Experience in collaborative proposal development and interfacing with government acquisition stakeholders.
• Problem‑solving skills, analytical thinking, and willingness to learn/grow.

Nice‑to‑Have Skills

• Ability to read and analyze source code for logic flaws in one or more language families.
• Native/Embedded: C, C++.
• Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.
• Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.
• Exposure to fuzzing, symbolic execution, or static analysis techniques.
• Experience collaborating with distributed teams across different time zones and cultures.