Bright Ascension Ltd
Product Security Architect

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
At Bright Ascension
We're building the software that powers the next generation of space missions. Our flagship platform, HELIX®, enables organisations to develop, deploy, and operate complex space systems faster, more efficiently, and with greater confidence.
As we continue to grow across commercial, government, defence, and national security sectors, we're looking for an exceptional Security Architect to help define how security is designed, implemented, and governed across our technology ecosystem.
This is a unique opportunity to influence the security architecture of a cutting-edge software platform that supports mission-critical systems deployed in some of the world's most demanding environments.
The Opportunity
Reporting to the Chief Architect, this role ensures that security is embedded by design across HELIX’s model-based, component-based and service-oriented approach.
The Product Security Architect drives a distributed, zero-trust security architecture that is deployable across diverse computing infrastructures, including cloud, on-premise, air-gapped and mission-critical environments.
The role bridges abstract architectural principles and real-world implementation, translating security principles into product security features, engineering standards, secure deployment patterns and assurance activities for customers, including those in National Security and Defence domains in the UK and US.
If you are passionate about Zero Trust Architecture, cloud security, secure deployment patterns, and influencing technical strategy at scale, we'd love to hear from you.
What You'll Be Doing
Security Architecture
- Define, develop, and maintain the security aspects of the HELIX reference architecture.
- Embed security principles (e.g., zero trust, least privilege, defence-in-depth) within HELIX’s model-based, service-oriented, and component-based paradigms.
- Ensure architectural consistency across all HELIX products and development kits.
- Own the translation of security principles into product security capabilities, engineering standards and secure-by-design product patterns.
Technology Mapping and Standards
- Identify, evaluate, and select key security technologies and standards appropriate for HELIX applications.
- Define clear mappings from technology-independent architecture to implementation using selected technologies.
- Maintain alignment with industry and government security standards relevant to defence and sensitive applications.
Product Security Feature Design
- Define and architect product security capabilities within HELIX and associated products, including authentication, authorisation, identity federation, role-based access control and policy-based access control.
- Specify product requirements for audit logging, security event capture, tamper evidence, compliance reporting and customer security administration.
- Define encryption, key management, secrets management and secure configuration approaches appropriate for product and deployment contexts.
- Work with product managers, architects and engineering teams to translate security architecture into product backlog items, acceptance criteria and implementation guidance.
- Ensure security features are usable, scalable and appropriate for customer deployment environments.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Implementation Guidance and Assurance
- Provide expert guidance to product architects and engineering teams on implementing security architecture.
- Support assurance activities, including verification of security controls and architectural compliance.
- Collaborate with teams to ensure secure coding, secure system integration, and appropriate use of cryptography and identity services.
Secure Software Development and DevSecOps
- Establish and mature secure software development practices across product engineering teams
- Define security requirements, secure coding standards, security acceptance criteria and release gates
- Embed threat modelling, attack surface analysis and security design reviews into product development processes
- Guide the integration of security tooling into CI/CD pipelines, including static application security testing, software composition analysis, secrets scanning, container scanning and dependency vulnerability management
- Support vulnerability triage, remediation prioritisation and product security risk reporting
Deployment Architecture
- Define and maintain a reference set of secure deployment patterns supporting distributed and cloud-based environments
- Ensure deployment approaches meet both architectural principles and customer-specific needs
- Support product engineering teams in implementing deployment architectures across varied infrastructure environments (e.g., public cloud, private cloud, on-premise, air-gapped systems)
Technology Selection for Deployment
- Identify and guide the adoption of deployment technologies (e.g., containerisation, orchestration, infrastructure-as-code)
- Ensure deployment approaches support secure operations, scalability, and resilience
Customer and Stakeholder Engagement
- Understand and incorporate customer deployment and security requirements, particularly in regulated and high-assurance environments.
- Act as a product security subject matter expert for customer assurance, bids, security questionnaires, audits and due diligence activities.
What We're Looking For
Essential technical skills and experience
- Strong experience in security architecture for distributed and cloud-based systems.
- Practical knowledge of zero trust architecture principles and their application in complex systems
- Experience with cloud platforms (e.g., AWS, Azure, or similar), including secure architecture patterns.
- Deep understanding of; Identity and Access Management (IAM), federation, and authentication protocols (e.g., OAuth 2.0, OpenID Connect, SAML)
- Cryptography and key management (e.g., PKI, TLS, HSMs)
- Network security principles (segmentation, secure communication, service mesh)
- Secure API design, audit logging, tenant isolation, access control models and product security administration patterns
- Familiarity with containerisation and orchestration technologies (e.g., Docker, Kubernetes) and their security implications
- Experience with infrastructure-as-code and repeatable deployment patterns.
- Knowledge of relevant standards and frameworks such as:
- NIST Cybersecurity Framework / NIST 800-53
- ISO/IEC 27001
- UK NCSC guidance and Cloud Security Principles
- Zero Trust Architecture (NIST SP 800-207)
- OWASP Top 10, OWASP SAMM and NIST Secure Software Development Framework
- Experience embedding secure software development practices, threat modelling and security design reviews into product development processes
- Experience integrating application security and supply-chain security tooling into CI/CD pipelines, including SAST, SCA, secrets scanning and container scanning
- Experience defining architectures independently of specific technologies and then mapping them onto implementations


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Essential personal skills and experience
- Strong systems thinking and ability to operate at both conceptual and implementation levels
- Excellent communication skills with the ability to convey complex security concepts to engineers and other stakeholders
- Collaborative mindset with experience working across architecture and engineering teams
- Ability to influence technical direction without direct authority
- High attention to detail combined with strategic thinking
- Strong problem-solving capabilities in complex, ambiguous environments
Desirable skills and experience
- Experience in National Security, Defence, or highly regulated domains in the UK or US
- Familiarity with:
- Secure by Design and DevSecOps practices
- Cross-domain solutions and handling data at different classification levels
- Service mesh technologies (e.g., Istio, Linkerd)
- Knowledge of compliance frameworks such as:
- UK OFFICIAL/SECRET handling requirements
- US DoD Zero Trust Strategy
- FedRAMP/IL-level environments
- Experience with high-assurance systems, mission-critical systems, or accreditation processes.
- Exposure to model-based engineering approaches.
Why Join Bright Ascension?
At Bright Ascension, you'll have the opportunity to work on technology that directly supports the future of space exploration, satellite operations, and mission-critical systems around the world.
You'll join a collaborative, innovative team where your expertise will have genuine impact, helping shape the architecture of products used in some of the most challenging and exciting technical environments.
We offer:
- The opportunity to influence the future direction of a market-leading space software platform
- Exposure to cutting-edge cloud, security, and distributed systems technologies
- A highly collaborative engineering culture
- The chance to work with customers across commercial, government, defence, and international markets
- Professional growth in a rapidly expanding company at the forefront of the space industry
Additional Information
- Occasional travel may be required to support customers, partners, and internal teams.
- Eligibility for UK and/or US Security Clearance may be required depending on project involvement.
- A strong alignment with Bright Ascension's values, culture, and engineering excellence is essential.
If you're excited by the challenge of securing the next generation of space software and want to play a key role in shaping the future of HELIX®, we'd love to hear from you.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills