Product Security Engineer

Boeing Boeing · Aerospace · Bristol, UK, United Kingdom +1

Boeing Defence UK is seeking an experienced Product Security Engineer to integrate security and resiliency across their products and services. The role involves developing and implementing security requirements, leading risk analysis, performing security assessments, and establishing security practices throughout the product lifecycle. The engineer will collaborate with multidisciplinary teams, influence program decisions, and contribute to the resilience and certification posture of Boeing's offerings. Responsibilities include research and development of innovative security solutions, system analysis, and ensuring the security of tools and data.

What you'd actually do

  1. Develops and implements product security requirements and architectures to satisfy certification, regulatory, and customer requirements.
  2. Defines security design approaches and leads integration of security features into product architectures and designs.
  3. Conducts and leads cybersecurity risk analysis and threat assessments; evaluates likelihood, impact, and residual risk and determines mitigations.
  4. Performs and leads security assessments, audits, and vulnerability analyses; prepares mitigation strategies and drives remediation actions.
  5. Establishes and sustains security practices across the product lifecycle through coordination with cross-functional teams and program leadership.

Skills

Required

  • Cybersecurity and security risk / threat assessment
  • Security architecture, design, and analysis
  • Network security architecture for embedded and enterprise systems
  • Embedded systems security and cyber‑physical systems
  • Systems hardening and security control implementation
  • Cryptography and PKI design or integration
  • Security testing, evaluation, and verification activities
  • Trusted computing & anti‑tamper engineering
  • Aircraft communications standards & protocols (ARINC 400, 600, 800 series etc.)
  • Secure Software Development Lifecycle (SDLC) and DevSecOps practices

Nice to have

  • The ability to obtain UK Security Clearance
  • Experience defining Concept of Operations (ConOps), system requirements, and use‑case driven security requirements.
  • Broad experience in risk assessment and management, including threat modelling and vulnerability analysis for networked and embedded systems.
  • Experience leading or participating in cybersecurity audits, certification activities, and investigations.
  • Experience with security inci

What the JD emphasized

  • product security
  • security architecture
  • cybersecurity risk analysis
  • security assessments
  • security practices
  • product lifecycle
  • security requirements
  • security solutions
  • security engineering
  • system security
  • systems engineering
  • security architecture
  • verification/validation activities
  • product security initiatives
  • system resilience
  • security risk / threat assessment
  • Security architecture, design, and analysis
  • embedded systems security
  • Secure Software Development Lifecycle (SDLC)
  • DevSecOps practices