Product Security Consultant

Leonardo UK
Belfast, United Kingdom
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Belfast, United Kingdom

Tech stack

Java
JavaScript
PHP
User Authentication
C Sharp (Programming Language)
C++
Cloud Computing
Static Program Analysis
Computer Security
Software Debugging
Multi-Factor Authentication
Federal Information Processing Standards (FIPS)
Firmware
Fuzz Testing
Supervisory Control and Data Acquisition (SCADA)
Identity and Access Management
Python
Key Management
OAuth
Open Web Application Security
Public Key Infrastructure
Queueing Systems
Real-Time Operating Systems
Ruby
SharePoint
Single Sign-On
C4ISR
Kotlin
Information Technology
Hashicorp
Dart
Api Gateway
Go
Microservices

Job description

We are seeking a Senior Product Security Consultant to join our Cybersecurity Engineering Defense practice. This hybrid role combines deep technical security evaluation, client-facing pre-sales support, and technical project management. You will play a central role in designing and validating secure systems for the defense sector, aligning with international compliance standards and platform-specific security requirements.

You will work with engineering managers, technical stakeholders, and defense clients to assess product security posture, define security controls, and ensure system resilience through structured evaluations. You will also engage in proposal development, solution scoping, and roadmap planning for security-centric projects in line with mission and operational requirements.

Key Responsibilities

Product Security Evaluation

  • Perform architecture and implementation reviews of embedded, cloud-based, or mission-critical systems.

  • Analyze and validate secure boot flows, cryptographic controls, and firmware integrity mechanisms.

  • Conduct threat modeling and traceability analysis against defense-aligned frameworks (e.g., NIST SP 800-53, NIST RMF, Common Criteria, NATO NIAG, ISO 15408).

  • Evaluate usage of post-quantum and hybrid cryptographic algorithms in secure communication and key management schemes.

  • Conduct security testing of control systems, secure enclaves, radios, mission payload platforms, or ICS/SCADA endpoints.

Defense Industry Compliance & Assurance

  • Map system security evaluations to high-assurance certification needs (e.g., FIPS 140-3, Common Criteria EAL, DoD STIGs, DoDIN APL).

  • Support technical evidence creation for compliance-driven assurance cases and authority-to-operate (ATO) processes.

  • Identify platform-specific hardening strategies (e.g., RTOS, containerized defense apps, ruggedized embedded systems).

Pre-Sales Engineering Support

  • Collaborate with business development to define secure system architectures and value propositions.

  • Author technical sections of proposals, whitepapers, and compliance alignment reports.

  • Translate mission objectives and operational constraints into viable secure-by-design implementation pathways.

  • Conduct technical workshops and demos to engage with defense primes, integrators, and government clients.

Project and Stakeholder Management

  • Lead technical execution of security engagements with clear milestones, deliverables, and resourcing plans.

  • Maintain ongoing communication with client technical leads and internal engineering teams.

  • Ensure deliverables meet both compliance obligations and real-world threat resilience expectations., Job Description: Job Description Leonardo UK is seeking a Senior Consultant to join the Cyber & Security Solutions Division team. This role is focused on supporting the delivery of security aspects to the company's core products and to external stakeholders. This requires...

Requirements

  • MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.

  • 5+ years of hands-on experience in cybersecurity for embedded systems, secure communications, or mission-critical platforms.

  • Strong technical writing and documentation skills in English.

  • Excellent analytical skills and attention to detail.

Required Skills

  • In-depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).

  • Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models.

  • Familiarity with defense-specific cybersecurity requirements (e.g., DFARS/NIST 800-171, CMMC, MIL-STD-882, STANAGs).

  • Understanding of tactical system constraints and secure integration challenges in C4ISR, unmanned systems, or EW contexts.

  • Exposure to Zero Trust principles in disconnected, intermittently connected, and low-bandwidth environments (D-DIL).

  • Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).

  • Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).

  • Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).

  • Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.

  • Experience in collaborative proposal development and interfacing with government acquisition stakeholders.

  • Problem solving skills, analytical thinking, and willingness to learn/grow.

Nice-to-Have Skills

  • Ability to read and analyze source code for logic flaws in one or more language families:

  • Mobile: Swift, Obj-C, Kotlin, Java, Dart, JavaScript

  • Web/Cloud: Java, Python, Go, PHP, Ruby, C#, JavaScript

  • Native/Embedded: C, C++

  • Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.

  • Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.

  • Exposure to fuzzing, symbolic execution, or static analysis techniques. xhkmmrq

  • Experience collaborating with distributed teams across different time zones and cultures.

Benefits & conditions

Location: Hybrid; with occasional travel expected to client site or Logiq's offices in Bristol or Chippenham. Salary: Negotiable Dependent on Experience , plus car allowance, plus up to 10% performance bonus*, plus excellent benefits package. Logiq is a fast-growing..., Location: Hybrid; with occasional travel expected to client site or Logiq's offices in Bristol or Chippenham.Salary: Negotiable Dependent on Experience, plus car allowance, plus up to 10% performance bonus*, plus excellent benefits package.Logiq is a fast-growing Technology..., Location: Hybrid; with occasional travel expected to client site or Logiq's offices in Bristol or Chippenham. Salary: Negotiable Dependent on Experience, plus car allowance, plus up to 10% performance bonus*, plus excellent benefits package. Logiq is a fast-growing...

About the company

CENSUS LABS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Our identity is rooted in professionalism, engineering excellence, a scientific mindset, and hacking demeanor. We are research-driven, enabling us to deliver a diverse range of professional services. CENSUS is trusted to conduct high-impact product security engagements, helping our clients secure their solutions from design to deployment, using realistic and risk-informed approaches. Our expertise spans end-to-end systems, including Secure Communications, IoT, Medical Devices, Mobile, and Vehicle Computing platforms. Learn more about CENSUS at ., Job DescriptionYour impactYour work at Leonardo UK will see you take the lead in solving customer problems in an agile, innovative and team-centric manner. The role may involve a blended hybrid working model, with a mixture of working from home and working on site at one of..., Overview One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world's most trusted organisations. We are the..., Our Mission At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are a company built on the..., Overview SMITHS DETECTION MAKING THE WORLD A SAFER PLACE Every minute of every day, in nearly every country across the globe, Smiths Detection people and technology make the world a safer place. We safeguard people, business and infrastructure with the latest innovations..., Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total..., Our MissionAt Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are a company built on the...

Apply for this position