Experienced Product Security Engineer

We're proud to be working with a specialist defence engineering company based across Surrey and Dorset, to find a Product Security Engineer to join their Supportability Engineering function. They design and deliver complex, bespoke defence products — and security isn't something they bolt on at the end. It's engineered in from the start. This role exists to make sure that stays true across every project they run. About them A well-established SME with a flat structure, a genuinely interesting product portfolio and a team culture where good engineers are given the space to do great work. With only a few levels between a junior role and a department head, you'll spend more time on technical application and less time navigating corporate machinery. The role Reporting to the Supportability Team Lead, you'll act as the security authority across multiple live projects — working closely with engineering, product development and QA teams to integrate Secure by Design principles throughout the product lifecycle. Day to day you'll be: Conducting project security risk analysis (NCSC methodology) Developing and delivering security documentation to SbD principles Developing and implementing Product Security Policies Chairing internal and external Security Reviews and Working Groups Ensuring all deliverables meet customer requirements and compliance standards Contributing to bid processes with manpower estimates Supporting the wider Supportability function as needed What is needed from you Essential: Project security planning and implementation experience — NIST 800 series Proven SbD documentation delivery Security / Information Assurance experience — e.g. CESG Good Practice Guides Security risk assessment — NCSC methodology Ability to work autonomously and adapt quickly to changing project demands Excellent communication and literacy skills SC UK security clearance (or ability to obtain) Desirable: MoD, military or defence contracting background Knowledge of Def Stan 05-138, Def Stan 05-139, JSP440 or the Security Policy Framework DevSecOps experience TEMPEST or Electromagnetic Compatibility knowledge Risk Management background What's on offer ✅ Flexible working around core hours — 09:30–12:00 & 14:00–16:00 ✅ Paid overtime or TOIL — up to 24 extra days per year ✅ Private medical — 50+ clinics and hospitals nationwide ✅ Competitive employer-matched pension ✅ Onsite gym at Chertsey + gym discounts nationwide ✅ Salary sacrifice — bikes, tech, and more ✅ Company kit — laptop, mobile, home office equipment ✅ Holiday closedown 24 Dec – 2 Jan ✅ Relocation package available ✅ Full career lifecycle — you choose your direction