Principal Product Security Engineer

Job Locations
GB-ENG-Bristol
Job area
IT & Digital
Employment type
Permanent or Fixed Term Contract
Travel
International and national travel required
Workplace
Hybrid

Overview

Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness technological change to successfully deliver innovation, improve resilience and support secure, regulated and operationally critical environments.


As part of the Expleo UK Cybersecurity Practice, you will support the delivery of product security, cyber assurance and secure-by-design activity for a major defence shipbuilding programme.


This is a senior, client-facing role requiring strong cybersecurity leadership, defence assurance experience, maritime or shipbuilding awareness, and the ability to embed security into complex engineering, platform, IT and OT environments.


The role sits at the intersection of naval architecture, systems engineering, product security, information assurance and MOD/maritime cyber compliance. You will help define, implement and assure the security strategy across the full engineering lifecycle, ensuring security is considered from design through to validation, acceptance, operation and ongoing resilience.


You will act as a trusted security authority within the Integrated Project Team, working across engineering, architecture, platform design, OT, IT, supply chain, assurance and senior stakeholder groups to ensure security risks are identified, understood, managed and evidenced.


The role requires a strong blend of cybersecurity leadership, secure engineering, technical assurance, stakeholder management, governance, supplier oversight and defence regulatory experience. You will need to operate with autonomy, technical credibility and the ability to provide clear decision support to senior leaders.

Responsibilities

  • Own and maintain the Product Security Management Plan, ensuring it defines the approach, governance, assurance expectations and lifecycle security activities required for the programme.
  • Define and assure the OT and IT security architecture for shipboard and supporting systems.
  • Act as a senior security authority within the Integrated Project Team, providing direction, challenge and assurance across engineering and delivery activity.
  • Embed secure-by-design principles across platform design, system integration, IT/OT architecture, operational technology, networks, communications and mission-supporting systems.
  • Provide security input into formal engineering design reviews, including SRR, PDR, CDR and equivalent programme governance gates.
  • Conduct threat modelling and risk assessment activity across ship systems, platform services, navigation, propulsion, communications, IT, OT and associated support environments.
  • Define and assure network zoning, segregation, trust boundaries, secure configuration baselines and identity and access management requirements for shipboard systems.
  • Support the definition and validation of secure architecture patterns across onboard and supporting environments.
  • Apply relevant MOD, NCSC, defence, and maritime security frameworks to support assurance, accreditation, and compliance activities.
  • Maintain and support security risk registers, ensuring risks are clearly articulated, owned, treated, tracked and escalated where required.
  • Provide cybersecurity input to accreditation, certification, assurance, and acceptance activities.
  • Define supplier security requirements and ensure they are embedded in contracts, delivery expectations, security schedules, and technical acceptance criteria.
  • Review and assess supplier security deliverables, including security claims, compliance evidence, technical designs, assurance artefacts and software bills of materials.
  • Support the assessment of third-party and supply chain security risks across products, systems, components and supporting services.
  • Scope and support vulnerability assessment, penetration testing, and technical assurance activities across platform, IT, OT, and supporting environments.
  • Define security requirements for factory acceptance testing, integration testing, harbour trials and sea trial cyber validation.
  • Support test planning, test readiness, defect management and security acceptance activity.
  • Design and support onboard cyber incident response capabilities, including monitoring, logging, forensic readiness, and evidence-capture requirements.
  • Define and assure logging, monitoring and detection requirements across shipboard and supporting environments.
  • Provide security advice on operational resilience, cyber recovery, secure maintenance, patching, configuration control and through-life security management.
  • Work collaboratively with naval architects, systems engineers, platform engineers, OT specialists, IT teams, suppliers, assurance teams and senior programme stakeholders.
  • Produce clear technical assurance outputs, security design material, decision papers, risk statements, briefing notes and governance updates.
  • Work independently as a senior subject matter expert, determining the day-to-day technical approach, stakeholder engagement and assurance rhythm required to achieve agreed outcomes.

Qualifications

  • Relevant education or industry-recognised certifications in cybersecurity, information assurance, secure engineering, security architecture, risk management or a related discipline.
  • Suitable qualifications may include BSc, MSc, CISSP, CISM, CRISC, CISA, CCP, ISO 27001 Lead Implementer/Lead Auditor, Security+, CySA+, SABSA, TOGAF, IEC 62443, NCSC CAF-related experience or equivalent professional experience.
  • Experience working within UK MOD, defence, maritime, shipbuilding, naval, critical national infrastructure or operationally critical environments would be highly beneficial.

Essential skills

  • Strong understanding of security architecture, including zoning, segregation, trust boundaries, secure configuration baselines, identity and access management and secure remote access.
  • Ability to lead security input into formal engineering design reviews and technical governance forums.
  • Ability to translate security risks and regulatory expectations into practical engineering, architecture and delivery actions.
  • Strong understanding of vulnerability assessment, penetration testing, technical assurance and security validation approaches.
  • Ability to review security evidence, technical designs, SBOMs, assurance artefacts and supplier security claims.
  • Strong stakeholder management skills, including the ability to influence senior technical and programme stakeholders.
  • Ability to work across engineering, architecture, platform, IT, OT, assurance, supply chain and programme teams.
  • Strong written and verbal communication skills, with the ability to produce concise technical assurance material, risk statements, executive briefings and decision papers.
  • Ability to work independently and provide senior technical direction without day-to-day supervision.

Experience

  • Proven experience in a senior cybersecurity, product security, information assurance, or secure engineering role.
  • Experience supporting major defence, maritime, naval, shipbuilding, CNI or complex engineering programmes.
  • Experience defining or maintaining a Product Security Management Plan, Security Management Plan, Security Case, accreditation pack or equivalent assurance artefact.
  • Experience embedding cybersecurity across the full engineering lifecycle, from requirements and design through to build, integration, validation, and acceptance.
  • Experience supporting secure architecture across IT and OT environments.
  • Experience with shipboard systems, platform systems, industrial control systems, mission systems, navigation, propulsion, communications or similar complex operational environments would be highly beneficial.
  • Experience leading security input into design reviews, technical governance forums and assurance gates.
  • Experience developing and maintaining security risk registers, treatment plans, control evidence and assurance records.
  • Experience supporting MOD, NCSC, defence or maritime compliance activity.
  • Experience defining supplier security requirements and assessing third-party security evidence.
  • Experience with SBOM review, software assurance, secure configuration, vulnerability management and technical security testing.
  • Experience supporting cyber incident response design, forensic readiness, logging, monitoring and detection requirements.
  • Experience operating within Integrated Project Teams or multi-disciplinary engineering delivery environments.
  • Experience handling high-classification or sensitive defence information in line with UK MOD, NCSC, client security and data protection requirements would be advantageous.
  • Cybersecurity experience within defence, maritime, shipbuilding, critical national infrastructure, or operationally critical environments.
  • Strong experience operating in a senior product security, cyber assurance, information assurance, secure engineering or security architecture role.
  • Strong understanding of secure-by-design principles and their application across complex engineering lifecycles.
  • Experience securing complex IT and OT systems, including platform systems, industrial control systems, operational technology, networks, communications and support environments.
  • Practical experience applying MOD, NCSC, defence security, information assurance or risk management frameworks.
  • Experience supporting security accreditation, assurance, compliance or certification activities in a UK defence or similarly regulated environment.
  • Experience conducting threat modelling, security risk assessment and security requirements definition.
  • Experience supporting FAT, integration testing, harbour trials, sea trials, or equivalent technical acceptance activities from a cybersecurity perspective.
  • TEMPEST awareness or experience, particularly as it relates to defence standards, secure design, and NCSC guidance.
  • Experience with maritime cybersecurity, naval systems, shipboard integration, or platform security.
  • Experience with MOD security policy, defence standards, JSPs, Secure by Design, NCSC guidance or equivalent assurance frameworks.
  • Experience supporting accreditation, security case development, security assurance planning, or certification activities for defence- or safety-related systems.
  • Experience with OT security architecture, industrial control systems, safety-related control environments and operational resilience.
  • Experience defining cybersecurity requirements for harbour trials, sea trials, factory acceptance testing, or operational acceptance.
  • Experience supporting supplier assurance across complex engineering supply chains.
  • Experience contributing to executive-level security reporting, assurance dashboards, risk briefings or programme decision packs.
  • Strong supplier and third-party oversight experience, including security requirements definition, deliverable review, dependency management and acceptance criteria.

What do I need before I apply

  • Have the right to work in the UK.
  • Be willing and able to work in a hybrid model, including client site attendance as required.
  • Hold, or be eligible to obtain, UK Security Clearance where required by the client or programme.
  • Be comfortable working within secure collaboration environments.
  • Be able to work under the terms of applicable confidentiality and non-disclosure arrangements.

Benefits

  • Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges 
  • We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects 
  • Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses 
  • Competitive company benefits
  • Always working as one team, our people are not afraid to think big and challenge the status quo

 

  • As a Disability Confident Committed Employer we have committed to:
    • Ensure our recruitment process is inclusive and accessible
    • Communicating and promoting vacancies
    • Offering an interview to disabled people who meet the minimum criteria for the job
    • Anticipating and providing reasonable adjustments as required
    • Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

 

 

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”. 

 

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive.

 

UK Eng Disability Commitment

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share to social media

Can't find the job of your choice?
Upload your C.V. / Resume here for our recruiters to view.