LOCATION(S): UK, EUROPE & AFRICA : UK : GLOUCESTER || UK, EUROPE & AFRICA : UK : GUILDFORD || UK, EUROPE & AFRICA : UK : LEEDS || UK, EUROPE & AFRICA : UK : LONDON || UK, EUROPE & AFRICA : UK : MANCHESTER

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.
Job Title: STARA(R) – Enterprise Security Threat and Risk Consultant
Location: London – Guildford, Gloucester, London, Manchester, Leeds (Hybrid working)

SKILLS & EXPERIENCE:

• You have at least 5 years’ experience in a security, defence, government, or intelligence role involving risk, threat, or vulnerability analysis
• You understand modern threat landscapes, including hybrid attack vectors and blended threat actors
• You can apply critical thinking to complex and ambiguous environments, making informed decisions under pressure
• You have strong knowledge of cyber risk frameworks (e.g. NIST, ISO27001, NCSC CAF) and experience in applying them
• You’re experienced in one or more of: counterintelligence, human intelligence and security, physical security assessments, operational technology, supply chain security, military platforms assessments, or penetration testing, OSINT, Insider Risk, Security Culture and Behaviour Change.
• You’re a confident communicator, able to build trusted relationships and influence senior stakeholders
• You thrive when solving difficult problems and bring structure and clarity to risk management challenges
• You hold or are eligible for high-level security clearance

WHAT YOU’LL BE DOING

As an Enterprise Security Threat and Risk Consultant, you will lead and deliver advanced threat and risk assessments across physical, personnel, cyber, and governance domains. Working on mission-critical programmes in government, financial, CNI, and defence, your role will shape how organisations understand and manage threats in the context of a hybrid threat environment and evolving adversary tactics. You’ll collaborate with internal and external stakeholders, advise on strategic risk posture, and ensure delivery of high-impact STARA® engagements.

RESPONSIBILITIES

• Lead, deliver and support Security Threat and Risk Assessments (STARA®) across ICT, Operational Technology, physical, and personnel security
• Analyse threats including cyber, insider, physical and hybrid actors, using counterintelligence and HUMINT principles where relevant
• Evaluate security risk across full-spectrum domains, integrating inputs from technical testing, behavioural analysis, and environmental factors
• Develop and present comprehensive risk assessment reports, including clear recommendations for mitigation and investment
• Apply frameworks such as NIST 800-53, ISO/IEC 27001, and NCSC CAF to assess current controls and identify improvement opportunities
• Contribute to the development of organisational threat models and security postures aligned to national security objectives
• Provide guidance on the implementation of physical and technical security controls based on STARA® findings
• Collaborate with cyber, intelligence, and engineering teams to integrate threat-informed risk management
• Lead and mentor high-performing teams, and support the professional growth of junior consultants