Job Description

Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness technological change to successfully deliver innovation, improve resilience and support the secure delivery of complex products, platforms and systems.As part of the Expleo UK Cybersecurity Practice, you will support a key client engagement in Belfast, providing cyber engineering expertise across hardware, embedded systems, and software. This is not an IT-only cybersecurity role; it requires practical experience of developing, assuring and securing engineered solutions across the project lifecycle.The role will involve working closely with engineering teams, bid teams, customer stakeholders, internal cyber assurers and MOD-related security groups to ensure secure-by-design delivery, robust threat and risk assessment, effective security requirements management, and the production of cybersecurity artefacts required to support accreditation and assurance.This is a customer-facing role requiring strong technical judgement, independence, clear communication, and the ability to deliver agreed outputs within cost, schedule, and quality expectations.

Responsibilities

• Provide cyber engineering expertise across hardware, embedded and software engineering projects, bids and delivery teams.
• Support the development of secure engineered solutions, ensuring cybersecurity is embedded across the project lifecycle rather than treated as a late-stage compliance activity.
• Create, estimate and maintain cyber engineering plans for projects and bids, including activities, artefacts, assumptions, dependencies and delivery effort.
• Generate, iterate and maintain threat models and cyber risk assessments throughout the project lifecycle, using appropriate frameworks and methods such as NIST RMF.
• Identify and define proportionate risk treatments by applying suitable security baselines, including NIST RMF and IEC 62443, where appropriate.
• Generate, manage and track security requirements, ensuring traceability from threat, risk and control decisions through to solution design and assurance evidence.
• Support MOD security working groups and Secure by Design cybersecurity accreditation activities.
• Create, maintain, and contribute to the cybersecurity case, ensuring that evidence, risk decisions, assumptions, and assurance arguments are clearly documented.
• Commission, manage and interpret the results of external vulnerability analysis, ensuring outputs are assessed and incorporated into risk treatment, assurance and delivery planning.
• Contribute cyber operations content to technical documentation, including security operating procedures, operational guidance and cyber operations manuals.
• Support supplier product cybersecurity assurance, ensuring supplier-provided components, products or systems can be integrated into the wider cybersecurity case.
• Review hardware embedded and software solution designs for potential cybersecurity weaknesses and recommend proportionate mitigations.
• Work independently without day-to-day supervision, taking responsibility for the delivery of assigned task deliverables.
• Deliver cyber engineering outputs to agreed cost, schedule and quality expectations.
• Lead and contribute to meetings relevant to the delivery of cyber engineering activities.
• Produce clear written material and brief effectively to senior stakeholders within the client organisation, customer teams and internal cyber assurance functions.
• Work closely with engineering, systems, software, hardware, safety, assurance and programme teams to support secure delivery.
• Support the growth of Expleo’s Cybersecurity Practice through knowledge sharing, technical contribution and client-facing delivery excellence.

Qualifications

• Relevant education or industry-recognised certification in cybersecurity, systems engineering, software engineering, hardware engineering, computer science or a related discipline.
• Suitable qualifications may include BSc, MSc, CISSP, CISM, CRISC, Security+, CySA+, CASP+, GIAC, IEC 62443-related certifications, systems engineering qualifications or equivalent professional experience.
• Defence, MOD, secure engineering, product security or accreditation-related experience would be highly beneficial.

Essential skills

• Strong understanding of cyber engineering within hardware, embedded and software engineering environments.
• Experience supporting the development of secure, engineered solutions; IT-only cybersecurity experience is insufficient.
• Ability to create cyber engineering plans, delivery estimates and security work packages for projects and bids.
• Practical experience producing threat models and cyber risk assessments across the full project lifecycle.
• Knowledge of risk management approaches and frameworks such as NIST RMF.
• Knowledge of security baselines and control frameworks such as NIST, IEC 62443 or equivalent.
• Ability to define, manage and track cybersecurity requirements.
• Understanding of Secure by Design principles and their application within complex engineering or defence environments.
• Ability to develop and maintain a cybersecurity case, including evidence, assurance arguments, risk decisions and supporting artefacts.
• Understanding of vulnerability analysis, including commissioning external assessments and interpreting findings.
• Strong technical documentation skills, including the ability to contribute to cyber operations manuals and technical assurance material.
• Ability to assess supplier cybersecurity evidence and support product cybersecurity assurance activities.
• Strong stakeholder engagement skills, including the ability to brief senior stakeholders, customers and internal cyber assurers.
• Ability to work independently, manage assigned deliverables and take responsibility for delivery to cost and schedule.

Experience

• Proven experience in cyber engineering, product cybersecurity, secure systems engineering or a closely related discipline.
• Experience working on hardware, embedded systems and/or software engineering projects.
• Experience developing secure solutions rather than only assessing enterprise IT environments.
• Experience producing cybersecurity artefacts to support assurance, accreditation or customer acceptance.
• Experience working with engineering teams across the project lifecycle, from concept and design through to implementation, assurance and in-service support.
• Experience supporting defence, MOD, secure government, aerospace, critical systems or other highly regulated engineering environments would be advantageous.
• Experience engaging with senior stakeholders, customers, technical authorities, engineering leads and cyber assurance teams.
• Desirable Skills and Experience
  • Experience supporting MOD security working groups or MOD Secure by Design accreditation processes.
  • Experience developing in-service cyber support plans and capabilities, including:
    • Incident response plans
    • Vulnerability management plans
    • Security monitoring or operational support arrangements
    • Security maintenance and update processes
  • Understanding of software, hardware and embedded development and testing pipelines.
  • Ability to review hardware and software designs for cybersecurity weaknesses.
  • Experience supporting security assurance for suppliers, third-party products or integrated systems.
  • Experience working with safety-related, mission-critical or operationally constrained systems.
  • Familiarity with secure development, systems engineering, model-based engineering or requirements management

What do I need before I apply

• Have the right to work in the UK.
• Be able to work on-site in Belfast.
• Be eligible for, or already hold, the appropriate level of security clearance required for the role.
• Be comfortable working in a client-facing, engineering-led cybersecurity environment.
• Be able to work independently and take ownership of assigned deliverables.

Benefits

• Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges 
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects  
• Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses 
• Competitive company benefits
• Always working as one team, our people are not afraid to think big and challenge the status quo 

• As a Disability Confident Committed Employer we have committed to:
  • Ensure our recruitment process is inclusive and accessible
  • Communicating and promoting vacancies
  • Offering an interview to disabled people who meet the minimum criteria for the job
  • Anticipating and providing reasonable adjustments as required
  • Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive