PSEC Engineer/Product Security Analyst

Job ID
Job Locations
Position Type
Permanent or Fixed Term Contract
Position Category
IT & Digital
# of Openings


The PSA Engineer will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team and will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life.
They will provide subject matter expertise and advice to other functional and capability areas to support overall project delivery and performance and advice and consultancy to design authorities and interested stakeholders.


The following activities are those which are required of the PSA Engineer, in full or part dependent on the role and the place the project is in the engineering lifecycle:

  • Developing Risk Management Accreditation Document Set (RMADs)
  • Performing risk assessments using multiple methods including IS1, ISO27001, NIST, Mitre, STRIDE.
  • Selection of security controls, providing guidance on implementation and capture of compliance.
  • Attendance at Security Working Groups (SWGs), design reviews and gate reviews
  • Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.
  • Be able to recommend appropriate controls to mitigate identified risks in line with government and MOD policies and good practice, to provide more cost effective risk mitigation in the longer term.


  • Former CLAS consultant
  • Current CISSP or CISM qualification
  • Degree (or equivalent experience) in a relevant STEM subject or Information Security related.
  • Holds NCSC CCP SIRA status
  • Industry Security Qualifications held, CCNP, MS, Comptia, SANS


The PSA Engineer will be responsible for, or provide input to the following typical key deliverables, dependent on the role and the place the project is in the engineering lifecycle:

  • Strong experience of developing Risk Management Accreditation Document Set (RMADS).
  • Strong background in HMG and MoD Policies, SPF, JSP440, JSP 604, and TEMPEST
  • Proven experience of assessing and managing information risk in line with industry good practice.
  • Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar).
  • Experience of Product Security Engineering activities in the defence, maritime or closely linked domain.

What do I need before I apply

  • Applicant must be SC Cleared and a Sole UK National.



  • Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges 
  • We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects  
  • Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses 
  • Competitive company benefits such as medical and dental insurance, pension, life assurance, employee wellbeing programme, sports and social events, birthday hampers and much more!  
  • Always working as one team, our people are not afraid to think big and challenge the status quo 


“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”. 




Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Expleo

Can't find the right role? Click here to contact us and discover where your talent can take you!