Graduate Product Security Engineer Review

The Graduate Scheme is less structured then sold or expected, however that is both its bane and its benefit. In terms of working for the company itself, you are well looked after with the flexible hours, manageable workloads (and support/offloading if it too heavy a workload) and a range of benefits.

My main responsibility remains the risk reduction to a product, from threat vectors all the way to design requirements. However through Secure by Design, we also manage the through life and disposal of products, systems, and processes.
Its really rewarding when you have taken a threat vector all the way from the first stages to something that is being implemented. It provides a great sense of ownership and responsibility which I deem the most enjoyable part of the job with meaning.

You certainly have to give it some time (by time I mean months) from when you start before the workload starts to be entrusted to you, but once your over that painful hurdle and have learning the business, systems, and procedures it slowly starts being fed to you, with respect to you as if you weren't a graduate.

We have a healthy benefits package with your typical Share Scheme (Which is really good), Pension matching is superior to other companies, your general basic cycle to work, ever so slightly cheaper types of insurance like dental, and some light discounts. However when it comes to the compensation benefits from going above and beyond with the job, the closest remuneration is a small gift card, which isn't the most encouraging.

I feel it is preparing me extremely well for Product Security within the business. However not so much for the Security domain outside of the company. It is unfortunately common for the graduate jobs to be different to what the role was advertised as. The role was described to be providing a wider skill set, when in reality its quite niche and reflects only a small portion of what Product Security offers in other companies potentially making it harder to move in future.

Line Managers are very helpful with the business side of things and signposting. However, a common issue is that sometimes they can be in a completely different role in completely different projects with little understanding of what you do or how to help you with the role. Mentors and buddy's are volunteers and are really helpful. they tend to be other graduates to help you along the path. I cannot speak on HR.

Perfect. If your looking for a comfortable balance. This is the company. We have to work 37hrs a week, you complete that how you like (with Line Manager approval of course). Most people work a half day Friday, and you can really juggle the hours how you like as long as your meeting your deadlines and attending the meetings you need to be in.

Yes

BAE Systems has its pitfalls like most places. However I would say that its the best company I've worked for based on the wide amount of opportunity available to you to explore and learn. I've never been told no when asking to go to a conference, have training paid for, attend forums, learn something outside the jobs role, the perks of Flexi, and most importantly I feel in control of my own workload and management.

This is something that I have highlighted up the chain and that BAE NEED to sort. The reason being is many many graduates were informed of the role they were applying for through the job description, interviews and POC at BAE after the application process. However the issue is that a lot of people end up in either different locations or roles to what they accepted, or the roles being very different to what was discussed prior.
For me personally I was told Product Security would contain both the technical (managing security operation, conducting vulnerability assessments, etc) and non-Technical (Governance, risk assessment/management) responsibilities. However when starting the role I was surprised to find out it would just be the non-technical side, which is wasting away what knowledge I have learned and developed over the last 5 years.
I have seen no activity of this being improved upon.