Security Engineer - Bristol (Hybrid)
Security Clearance: SC (Eligible)
DefStan NIST Threat Modelling
Are you passionate about securing the future of critical technology? Do you have deep working knowledge of NIST standards and Defence Standards like DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1We're hiring a Product Security Engineer to help shape the security architecture of next-generation defence and technology systems. This is a high-impact role where your expertise in threat modelling, risk assessment, and secure-by-design engineering will drive innovation and resilience from day one.
What You'll Be Doing:
Leading product risk assessments and driving security improvements across the full development lifecycle.
Conducting threat modelling and collaborating closely with engineers to embed security at every layer.
Applying your hands-on knowledge of DefStan 05-138 and 05-139 to ensure products meet UK defence requirements.
Leveraging the NIST 800 series (an absolute must) to establish best-in-class security frameworks.
Performing code reviews, penetration testing, and guiding remediation efforts.
Producing clear, robust documentation such as RMADS and Security Assurance artefacts.
What You Bring:
Proven experience with NIST 800-30, 800-37, 800-53 and related frameworks. (Essential)
Practical, working knowledge of Defence Standards, especially DefStan 05-138 and DefStan 05-139.
Familiarity with threat modelling tools and methodologies.
Solid understanding of ISO 27001/2, ISO 31000, and JSPs.
Strong communication skills with the ability to simplify complex risks for non-technical stakeholders.
A passion for secure design, ethical problem solving, and delivering high-assurance solutions.
You'll Thrive In This Role If You:
Enjoy working at the intersection of engineering, cyber, and defence.
Are detail-oriented and solutions-driven with a calm, analytical approach to security challenges.
Can manage multiple projects and priorities in a dynamic, agile environment.