Product Security Engineer
Company:
Boeing Defence United Kingdom Limited
Boeing are seeking an experienced Product Security Engineer to join our growing team in Bristol or Yeovil and help shape the future of integrating security and resiliency across our products and services.
Product security engineering is a cross‑cutting engineering function and a critical element of designing, delivering, and maintaining Boeing products and services. Our mission is to influence designs and implement security solutions that protect product integrity. You will join a highly energised team committed to staying ahead of evolving cyber threats, developing innovative security measures, consistent standards, practices, and tools.
As an experienced Product Security Engineer, you will lead development, implementation, and sustainment of product security and resiliency across the requirements, design, build, test, production, operations, and support lifecycle. You will be expected to independently shape technical approaches, influence program‑level decisions, and provide subject matter expertise to internal and external stakeholders.
You will collaborate with a multidisciplinary, enterprise‑wide community to create and apply best practices, tools, and solutions that protect complex systems, including IT, embedded, and non‑IT environments. This role offers the opportunity to solve high‑impact security challenges, influence next‑generation security engineering, and directly contribute to the resilience and certification posture of Boeing’s commercial and defence offerings.
Ideal candidates bring deep knowledge and experience in system security, systems engineering, safety/airworthiness, security architecture, and verification/validation activities.
If you are motivated to lead product security initiatives across complex programs and to influence engineering decisions that increase system resilience, we encourage you to apply.
Position Responsibilities:
As a Product Security Engineer , you will engage in and lead one or more of the following activities:
- Develops and implements product security requirements and architectures to satisfy certification, regulatory, and customer requirements.
- Defines security design approaches and leads integration of security features into product architectures and designs.
- Conducts and leads cybersecurity risk analysis and threat assessments; evaluates likelihood, impact, and residual risk and determines mitigations.
- Performs and leads security assessments, audits, and vulnerability analyses; prepares mitigation strategies and drives remediation actions.
- Establishes and sustains security practices across the product lifecycle through coordination with cross‑functional teams and program leadership.
- Communicates and documents product security and certification implications, including security consequences of product modifications, to internal stakeholders, suppliers, and customers.
- Identifies and defines product security requirements for suppliers of components and subsystems; coordinates supplier security activities and evaluates supplier deliverables for compliance.
- Coordinates with governments, customers, suppliers, and industry to identify program risks and to improve industry and regulatory security standards and requirements for programs and interfacing systems.
- Independently conducts research and development activities that result in innovative security solutions, tools, or processes; leads pilot implementations and evaluates outcomes.
- Performs system analysis and trade studies to define technical concepts, security architectures, and optimal security solutions; documents rationale and recommendations for program decision makers.
- Develops and improves team tools, processes, and automation to increase productivity and repeatability across programs.
- Leads or contributes to program boards and design reviews: gathers and analyses data, prepares briefings, communicates recommendations, and supports cross‑team decision making.
- Monitors emerging threats, vulnerabilities, and security technologies; assesses applicability to programs and recommends prioritized adoption or mitigations.
- Ensures security of tools, data, networks, and resources used for product design, development, build, test, storage, delivery, operations, and support.
- Responds to program‑level security incidents or findings; coordinates remediation, documents results, and communicates status to stakeholders.
- Advises customers and program teams on maintaining product security and certification, including the security consequences of modifying products and services.
Employer will not sponsor applicants for employment visa status.
This role is hybrid 3 days per week on-site.
Basic Qualifications (Required Skills/Experience):
Applied experience in multiple of the following areas:
- Cybersecurity and security risk / threat assessment
- Security architecture, design, and analysis
- Network security architecture for embedded and enterprise systems
- Embedded systems security and cyber‑physical systems
- Systems hardening and security control implementation
- Cryptography and PKI design or integration
- Security testing, evaluation, and verification activities
- Trusted computing & anti‑tamper engineering
- Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.)
- Secure Software Development Lifecycle (SDLC) and DevSecOps practices
Preferred Qualifications (Desired Skills/Experience):
- The ability to obtain UK Security Clearance
- Experience defining Concept of Operations (ConOps), system requirements, and use‑case driven security requirements.
- Broad experience in risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
- Experience leading or participating in cybersecurity audits, certification activities, and investigations.
- Experience with security incident response, root cause analysis, and trend analysis.
- Familiarity with malware analysis, attack surface reduction, and advanced security analysis techniques.
- Proven knowledge or hands‑on experience with DevSecOps toolchains and automation.
- Familiarity with avionics, embedded computing, and communications systems (ARINC series).
- Proficiency with networking and computing protocols & architectures (TCP/IP, OSI, UDP, serial/parallel communications, bus architectures).
- Understanding of hardware and software integration processes for safety‑critical platforms.
- Familiarity with Secure by Design principles and techniques.
Experience applying relevant standards and frameworks, including:
- RTCA/EUROCAE: DO‑326B/ED‑202B, DO‑356A/ED‑203A
- NIST: Risk Management Framework and SPs 800‑30, 800‑53, 800‑160
- ISO/IEC: 27001/27002, 62443
- DEFSTAN: 05‑138, 05‑139
- Experience with Model‑Based Engineering (MBE) tools and languages such as UML/SysML, 3DX, CATIA, Cameo, and MagicDraw is desirable.
- Proven contributions to industry standards, professional organizations, or cross‑industry working groups are a plus.
Typical Education & Experience:
- Typically 5+ years related work experience or an equivalent combination of technical education and experience; demonstrated progression of increasing responsibility on relevant programs.
- Education — Bachelor’s degree or equivalent in Engineering, Engineering Technology, Computer Science, Engineering Data Science, Mathematics, Physics or Chemistry; advanced degree preferred.
- Relevant security and engineering certifications strongly preferred (e.g., CISSP, SABSA, SANS certifications, CISSP‑ISSMP, CISM, or equivalent).
Relocation:
This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense.
What Boeing offers you:
The Boeing benefits package goes above and beyond, focusing on your physical, emotional, financial and social well-being. Here’s a snapshot of what we offer:
Competitive salary and annual incentive plans
Continuous learning: You’ll develop the approach and skills to navigate whatever comes next
Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way
Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs
23 days plus UK public holidays and a Winter Break between Christmas and New Year!
Pension Plan with 10% employer contribution
Company paid BUPA Medical Plan
Short Term Sickness: 100% pay for the first 26 weeks!
Long Term Sickness: 66.67% of annual salary from 27th week
6x annual salary life insurance
Learning Together Programme to support your ongoing personal and career development
Access to Boeing’s Well Being Programs, tool and incentives
Parental leave options are available!
Other appropriate background, experience and qualifications may be deemed acceptable
Language Requirements:
Not Applicable
Education:
Not Applicable
Relocation:
Relocation assistance is not a negotiable benefit for this position.
Security Clearance:
This position requires the ability to obtain United Kingdom Security Check.
Visa Sponsorship:
Employer will not sponsor applicants for employment visa status.
Contingent Upon Award Program
This position is not contingent upon program award
Shift:
Not a Shift Worker (United Kingdom)