Graduate Product Security Engineer
Company:
Boeing Defence United Kingdom Limited
We're looking for a Graduate Product Security Engineer here at Boeing to join our growing team in Bristol and help shape the future of integrating security and resiliency across our products and services.
Product security engineering is a cross-cutting engineering function and a critical element of designing, delivering, and maintaining Boeing products and services. Our mission is to influence designs and implement security solutions that protect product integrity. You will join a highly energised team which is committed to staying ahead of evolving cyber threats, developing effective security measures, consistent standards, practices, and tools.
As a Product Security Engineer, you will support our vision to be the trusted global leader in product security engineering, contributing to product safety, integrity, and assurance across cyber-contested environments.
You will work with a multidisciplinary, enterprise-wide community to learn and apply best practices, tools, and solutions that protect complex systems, including IT, embedded, and non-IT environments. This role provides an opportunity to gain hands-on experience solving security challenges, contribute to security engineering practices, and help strengthen the resilience of Boeing’s commercial and defence offerings.
Ideal candidates bring foundational knowledge and interest in some or all of the following: system security, systems engineering, safety/airworthiness, and testing.
If you are eager to start or grow a career advancing cybersecurity in aerospace & digital systems and want to make a meaningful impact on the future of our products and services, we encourage you to apply.
Position Responsibilities:
As a Graduate Product Security Engineer, you will engage in one or more of the following activities under guidance and supervision:
- Assists with the identification and support of product security requirements and architectures to meet certification and customer requirements.
- Participates in design and build activities to help integrate security features into products and services.
- Applies cybersecurity risk analysis techniques and supports threat assessments by collecting and documenting likelihood, impact, and mitigation information.
- Contributes to security assessments and audits to help identify vulnerabilities and recommend mitigations.
- Supports integration of security practices across the product lifecycle through collaboration with cross-functional teams.
- Communicates product security implications to internal stakeholders.
- Supports Senior PSEs in coordinating activities with governments, customers, suppliers, and industry to identify risks and help improve program and interfacing‑system security standards and requirements.
- Gathers and applies cyber threat intelligence findings to inform product security activities.
- Participates in research and development tasks aligned to PSE goals and objectives and assists with basic R&D activities.
- Performs assigned system analysis and trade studies to help define technical concepts and proposed security solutions.
- Helps develop and improve tools, processes, and efficiencies to increase team productivity.
- Participates in program boards and reviews: collects data, prepares briefings, documents action items, and facilitates cross-team collaboration.
- Monitors emerging threats, vulnerabilities, and security technologies and reports findings to the team to improve product security posture.
- Assists with ensuring security of equipment, tools, data, networks, and resources used for product design, development, build, test, storage, delivery, operations, and support.
- Responds to assigned security-related requests and documents outcomes for review by senior engineers.
- Supports advisement activities by assisting with preparation of materials that describe security and certification considerations for customers, including potential consequences of modifying products and services.
Employer will not sponsor applicants for employment visa status.
This role is hybrid 3 days per week on-site.
Basic Qualifications (Required Skills/Experience):
The ability to obtain UK Security Clearance
Hands‑on coursework, internships, or practical experience in one or more of the following areas:
- Cybersecurity and security risk / threat assessment
- Security design and analysis
- Network security architecture
- Embedded systems security and cyber‑physical systems
- Systems hardening and security control implementation
- Cryptography and PKI
- Security testing and evaluation
- Trusted computing & anti‑tamper engineering
- Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.)
- Secure Software Development Lifecycle (SDLC)
Preferred Qualifications (Desired Skills/Experience):
- Understanding of Concept of Operations (ConOps), requirements development, and use‑case definition.
- Exposure to risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
- Familiarity with cybersecurity audits & investigations and security incident response practices.
- Awareness of malware analysis, attack surface reduction, and security analysis techniques.
- Knowledge or interest in DevSecOps principles and practices.
- Familiarity with common networking and computing protocols and architectures (TCP/IP, OSI, UDP, serial/parallel communications, bus architectures).
- Understanding of hardware and software integration processes and secure-by-design principles.
- Familiarity with relevant standards and frameworks, including:
- RTCA/EUROCAE: DO‑326B/ED‑202B, DO‑356A/ED‑203A
- NIST: Risk Management Framework and SPs 800‑30, 800‑53, 800‑160
- ISO/IEC: 27001/27002, 62443
- DEFSTAN: 05‑138, 05‑139
- Experience using or willingness to learn Model‑Based Engineering (MBE) tools and languages such as UML/SysML, 3DX, CATIA, Cameo, and MagicDraw.
- Participation in competitions, collaborative projects, or contributions to student/professional organizations focused on cybersecurity and systems engineering is a plus.
Typical Education & Experience:
- Level 1: Typically 0–2 years' related work experience or an equivalent combination of technical education and experience.
- Education — Bachelor's degree or equivalent in Engineering, Engineering Technology (includes Manufacturing Engineering Technology), Computer Science, Engineering Data Science, Mathematics, Physics, or Chemistry.
- One or more early-career security certifications are desirable, including but not limited to: CompTIA Security+, (ISC)2 Certified in Cybersecurity, entry-level Cisco certifications, or similar.
Relocation:
This position does not offer relocation. Candidates must live in the immediate Bristol area or relocate at their own expense.
What Boeing offers you:
The Boeing benefits package goes above and beyond, focusing on your physical, emotional, financial and social well-being. Here’s a snapshot of what we offer:
Competitive salary and annual incentive plans
Continuous learning: You’ll develop the approach and skills to navigate whatever comes next
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs
23 days plus UK public holidays and a Winter Break between Christmas and New Year!
Pension Plan with 10% employer contribution
Company paid BUPA Medical Plan
Short Term Sickness: 100% pay for the first 26 weeks!
Long Term Sickness: 66.67% of annual salary from 27th week
6x annual salary life insurance
Learning Together Programme to support your ongoing personal and career development
Access to Boeing’s Well Being Programs, tool and incentives
Parental leave options are available!
Other appropriate background, experience and qualifications may be deemed acceptable
Language Requirements:
Not Applicable
Education:
Not Applicable
Relocation:
Relocation assistance is not a negotiable benefit for this position.
Security Clearance:
This position requires the ability to obtain United Kingdom Security Check.
Visa Sponsorship:
Employer will not sponsor applicants for employment visa status.
Contingent Upon Award Program
This position is not contingent upon program award
Shift:
Not a Shift Worker (United Kingdom)