Essential:Demonstrated experience with JSP 440 and JSP 604, with specific application to air-gapped, embedded UK military platforms (non-cloud, non-enterprise).Expert knowledge of Def Stan and secure-by-design principles for UK sovereign embedded systems with no reliance on public cloud infrastructure.Proven ability to develop and assess Zero Trust Architectures (ZTA) for highly classified environments—focused on denial by default, least privilege, and strong authentication in tactical C2, SHORAD, and missile platforms.Familiarity with assurance processes and delivery of security artefacts traceable to key MOD/DE&S gate reviews.Proficient in threat modelling and risk assessment using CARVER and MITRE ATT&CK, with clear evidence of practical use in system design and accreditation.Understanding of NIST SP controls, but with the ability to translate them to non-enterprise, air-gapped systems, avoiding assumptions of enterprise/cloud applicability.Strong communication and stakeholder management skills, capable of translating technical and risk concepts to Delivery Teams, OEMs, and DE&S authorities.Desirable:Working knowledge of key tactical weapon systems.