OVERVIEW

Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness unrelenting technological change to deliver innovations that provide a competitive advantage and improve everyday life worldwide.
As part of the Expleo Digital and Emerging Technology (DET) team, you will report to the Head of Cybersecurity and join our established Cybersecurity Practice. We seek a highly experienced Aerospace Cybersecurity Technical Lead to support our strategic aerospace engagements and deliver cybersecurity engineering and assurance support to our client base.
This role will lead the technical delivery of cybersecurity artefacts aligned to EASA, UK CAA and associated airworthiness regulations. You will support developing and refining our client’s Airworthiness Security Process (AWSP) and oversee the creation of core artefacts to support certification.
This client-facing role ideally suits someone with deep experience in aerospace system security, airworthiness security assurance, and regulatory alignment. You will be a trusted advisor to engineering teams and Expleo cybersecurity consultants, ensuring best-practice alignment, efficient delivery, and high-quality outputs across the certification lifecycle.

QUALIFICATIONS

• A degree (or equivalent experience) in Aerospace Engineering, Systems Engineering, Cybersecurity, or a related technical discipline.
• Recognised cybersecurity certifications (e.g., CISSP, CISM, GICSP, CCSK) and/or relevant systems engineering accreditations (INCOSE ASEP/CSEP).
• Formal training or applied experience with aviation cybersecurity standards such as ED-202A/DO-326A, DO-355A, ED-203A, DO-356A.
• Understanding of EASA and UK CAA certification frameworks.
• Familiarity with MBSE tools and model-based security approaches, ideally including experience with Capella, MagicDraw, or SysML.
• Experience working within Design Organisations (DOA) or with organisations under delegated regulatory oversight.

ESSENTIAL SKILLS

• In-depth knowledge of aircraft systems, avionics networks, data buses (ARINC 429, AFDX), and embedded platform architectures.
• Strong grasp of cybersecurity engineering principles in the context of safety-critical systems and regulated environments.
• Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes.
• Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios.
• Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance objectives.
• Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders.
• Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments.
• Collaborative and detail-oriented, able to work across international teams and regulatory boundaries.

DESIRED SKILLS

• Experience supporting cybersecurity assurance within other EASA/UK CAA-regulated aerospace programmes.
• Familiarity with Capella, Polarion, or other MBSE platforms in the context of security architecture and systems modelling.
• Practical understanding of Secure Software Development Assurance (SSDA) and interaction between security and safety lifecycles.
• Experience responding to regulatory audits, design reviews, and certification authority engagements.
• Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity.
• Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM).
• Ability to contribute to internal capability development, methodology refinement, and knowledge transfer across delivery teams.

EXPERIENCE

• Minimum of 7–10 years of experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments.
• Proven track record of delivering security artefacts in support of product certification or aircraft programme development.
• Previous experience supporting or working within a DOA or similar regulated environment.
• Hands-on involvement with aircraft-level cybersecurity engineering, including network segmentation, security zones, access control, and data integrity assurance.
• Experience working across multi-disciplinary teams involving engineering, avionics, software, safety, and regulatory specialists.
• Familiarity with regulatory alignment processes and compliance checklists for EASA and/or UK CAA cybersecurity requirements

• Act as the technical lead for cybersecurity delivery to aerospace clients, ensuring alignment with the development roadmap and certification programme.
• Provide subject matter expertise on airworthiness security, system security engineering, and certification artefact production aligned to EASA and UK CAA expectations.
• Lead the development and review of cybersecurity documentation, including the PSecAC (Airworthiness Security Process Plan), PASRA (Preliminary Aircraft Security Risk Assessment), ASAM (Aircraft Security Architecture Model), and Security Verification Methods.
• Provide input into the AWSP frameworks, including the tailoring of compliance checklists, activity outcomes, and document templates.
• Ensure traceability between security risk assessments, controls, and compliance objectives across the aircraft systems and software architecture.
• Coordinate the development of cybersecurity methods and processes, contributing to their alignment with recognised standards.
• Engage with DAG’s internal stakeholders, including engineering, safety, and systems integration teams, to embed cybersecurity into the design and certification lifecycle.
• Act as the primary technical interface for cybersecurity between Expleo and clients, supporting queries, reviews, and audits.
• Support internal QA and delivery governance for all security engineering artefacts, ensuring consistency, rigour, and traceability to certification requirements.
• Provide mentoring and support to Expleo consultants embedded in the client workstreams, sharing knowledge and building internal aerospace security capability.