We are looking for a skilled Freelance Senior Cybersecurity Consultant to assist in securing and certifying a high-security defence/aerospace product. The project involves ensuring compliance with rigorous security standards, including achieving Common Criteria certification (EAL4+) and securing NATO SECRET classification. The consultant will guide the development of secure processes, work with regulatory bodies, and implement effective cybersecurity measures for the defence sector.

Core Responsibilities:

• Manage Certification Process: Take charge of leading the Common Criteria (ISO 15408) certification for the defence product, targeting EAL4+ assurance level. Collaborate with regulatory bodies to ensure the product meets all necessary compliance and security requirements.

• Achieve NATO SECRET Classification: Manage the product’s approval for NATO SECRET classification, overseeing the preparation of documents and conducting thorough security assessments.

• Implement ISMS (ISO 27001): Lead the development and implementation of an Information Security Management System (ISMS) based on ISO 27001 standards and the BSI IT-Grundschutz framework, ensuring the company meets compliance benchmarks for information security.

• Develop Secure Development Processes: Establish and integrate a secure software development lifecycle (SDLC) that incorporates robust security measures from initial design through to product launch.

• Create Security Guidelines & Strategies: Draft clear security protocols, best practice guidelines, and long-term roadmaps to strengthen the organization’s cybersecurity posture for aerospace and defense products.

• Security Awareness & Training Programs: Design and deliver specialized cybersecurity training for internal teams to enhance awareness of security practices, regulatory requirements, and threat management techniques.

• Collaborate with Stakeholders: Work alongside internal engineering teams, external auditors, and certification authorities to ensure the defence product adheres to all required security protocols and industry standards.

• Incident Response & Risk Mitigation: Help establish incident response strategies and conduct risk assessments to proactively safeguard the defence product from potential cybersecurity breaches.

• Strong hands-on experience in achieving Common Criteria certification and managing NATO SECRET classification for secure products.

• Deep knowledge of ISO 27001 and the BSI IT-Grundschutz security frameworks, with experience leading risk assessments and compliance initiatives.

• Proven ability to design and implement a secure development lifecycle (SDLC) and manage security throughout a product’s lifecycle.

• Expertise in creating actionable cybersecurity roadmaps and security guidelines for highly regulated industries.

• Familiarity with cybersecurity frameworks such as NIST, CIS, or ISO 27001 and their practical application in aerospace and defense contexts.

Cyber Security ++++ (excellent), > 4 yrs.
Stundensatz Remote Addons