The Cyber Security Lead will assist with the end‑to‑end implementation of US Department of Defense (DoD) cyber security requirements for a mission‑critical product development programme.
Key Responsibilities
1. Cyber Requirement Implementation
* Interpret and implement US Government‑flowed cyber and information‑assurance requirements across the product lifecycle.
* Ensure compliance with the following (non‑exhaustive) set of standards and contractual flows:
* DoD 8140.01 (cyber workforce qualification)
* NIST SP 800‑171 (CUI protection)
* DI-IPSC‑82249, DISA STIGs, DI‑MGMT‑82191, DI-MISC‑80508
2. Product and Engineering Assurance
* Define and maintain the programme Cyber Security Plan, including CUI handling, secure development practices and compliance evidence.
* Lead cyber risk assessments, threat modelling and vulnerability assessments for embedded systems, software, firmware and Special Test Equipment (STE).
* Guide teams on secure coding, static/dynamic code analysis, secure configuration, hardening baselines, cryptographic controls and data‑at‑rest/data‑in‑transit protection.
* Ensure firmware, embedded applications and STE conform to defined security controls, logging, access control and audit requirements.
3. Programme Execution
* Own the cyber schedule, deliverables and risks within the programme.
* Drive timely completion of artefacts required for customer acceptance, including SSPs, POA&Ms, incident response plans, configuration baselines and security test evidence.
* Coordinate with US prime/DoD representatives on security clarifications and compliance submission.
4. Governance and Compliance
* Implement a compliant environment for development, test and integration, aligned to NIST 800‑171, DFARS, STIGs and applicable ITAR/Export Control constraints.
* Ensure cyber incident reporting processes are in place and tested per DFARS 252.204‑7012.
* Support internal audit, external customer audit and formal assessment activities.
5. Technical Leadership
* Provide expert coaching to firmware, software, systems and STE engineers.
* Ensure cyber requirements are correctly decomposed, allocated and verified.
* Act as the technical authority for all product cyber security matters on the programme.
Required Qualifications and Experience
Essential
* Extensive cyber security experience in defence, aerospace or other mission‑critical regulated environments.
* Strong understanding of secure development for embedded systems, firmware, RTOS platforms and bespoke STE.
* Demonstrable experience implementing NIST SP 800‑171, DoD cyber requirements, and DISA STIGs on hardware/software products.
* Experience producing and maintaining programme‑level cyber security documentation and compliance evidence.
* Ability to lead cyber work packages and influence multi‑disciplinary engineering teams.
* Eligibility to work with ITAR‑controlled and Controlled Unclassified Information (CUI).
The role will require the candidate to be based onsite 4 days a week. The role will also require SC or eligibility for SC clearance.
This role is offering a flexible hourly rate dependant on experience and will be INSIDE IR35
Salary description
£80.00 - £110.00 per hour