Graduate Product Security Engineer

Boeing Boeing · Aerospace · Bristol, UK, United Kingdom

Graduate Product Security Engineer role at Boeing Defence UK, focusing on integrating security and resiliency into products and services. Responsibilities include supporting security requirements, design integration, risk analysis, assessments, and collaborating with cross-functional teams. Requires foundational knowledge in system security, cybersecurity, and related areas, with a preference for experience in risk management, DevSecOps, and relevant industry standards.

What you'd actually do

  1. Assists with the identification and support of product security requirements and architectures to meet certification and customer requirements.
  2. Participates in design and build activities to help integrate security features into products and services.
  3. Applies cybersecurity risk analysis techniques and supports threat assessments by collecting and documenting likelihood, impact, and mitigation information.
  4. Contributes to security assessments and audits to help identify vulnerabilities and recommend mitigations.
  5. Supports integration of security practices across the product lifecycle through collaboration with cross-functional teams.

Skills

Required

  • Cybersecurity and security risk / threat assessment
  • Security design and analysis
  • Network security architecture
  • Embedded systems security and cyber‑physical systems
  • Systems hardening and security control implementation
  • Cryptography and PKI
  • Security testing and evaluation
  • Trusted computing & anti‑tamper engineering
  • Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.)
  • Secure Software Development Lifecycle (SDLC)
  • UK Security Clearance

Nice to have

  • Concept of Operations (ConOps), requirements development, and use‑case definition.
  • Risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
  • Cybersecurity audits & investigations and security incident response practices.
  • Malware analysis, attack surface reduction, and security analysis techniques.
  • DevSecOps principles and practices.
  • Common networking and computing protocols and architectures (TCP/IP, OSI, UDP, serial/parallel communications, bus architectures).
  • Hardware and software integration processes and secure-by-design principles.
  • RTCA/EUROCAE: DO‑326B/ED‑202B, DO‑356A/ED‑203A
  • NIST: Risk Management Framework and SPs 800‑30, 800‑53, 800‑160
  • ISO/IEC: 27001/27002, 62443
  • DEFSTAN: 05‑138, 05‑139
  • Model‑Based Engineering (MBE) tools and languages such as UML/

What the JD emphasized

  • product security
  • security
  • cybersecurity
  • security risk
  • threat assessments
  • security assessments
  • security practices
  • product security posture
  • security of equipment
  • security-related requests
  • security and certification considerations