×
Register Here to Apply for Jobs or Post Jobs. X

Principal Product Security Engineer

Job in Bristol, Bristol County, BS1, England, UK
Listing for: Expleo Group
Full Time position
Listed on 2026-07-14
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Information Security
Job Description & How to Apply Below
The role requires a strong blend of cybersecurity leadership, secure engineering, technical assurance, stakeholder management, governance, supplier oversight and defence regulatory experience. You will need to operate with autonomy, technical credibility and the ability to provide clear decision support to senior leaders. Own and maintain the Product Security Management Plan, ensuring it defines the approach, governance, assurance expectations and lifecycle security activities required for the programme.

Define and assure the OT and IT security architecture for shipboard and supporting systems. Act as a senior security authority within the Integrated Project Team, providing direction, challenge and assurance across engineering and delivery activity. Embed secure-by-design principles across platform design, system integration, IT/OT architecture, operational technology, networks, communications and mission-supporting systems. Provide security input into formal engineering design reviews, including SRR, PDR, CDR and equivalent programme governance gates.

Conduct threat modelling and risk assessment activity across ship systems, platform services, navigation, propulsion, communications, IT, OT and associated support environments. Define and assure network zoning, segregation, trust boundaries, secure configuration baselines and identity and access management requirements for shipboard systems. Support the definition and validation of secure architecture patterns across onboard and supporting environments. Apply relevant MOD, NCSC, defence, and maritime security frameworks to support assurance, accreditation, and compliance activities.

Maintain and support security risk registers, ensuring risks are clearly articulated, owned, treated, tracked and escalated where required. Provide cybersecurity input to accreditation, certification, assurance, and acceptance activities. Define supplier security requirements and ensure they are embedded in contracts, delivery expectations, security schedules, and technical acceptance criteria. Review and assess supplier security deliverables, including security claims, compliance evidence, technical designs, assurance artefacts and software bills of materials.

Support the assessment of third-party and supply chain security risks across products, systems, components and supporting services. Scope and support vulnerability assessment, penetration testing, and technical assurance activities across platform, IT, OT, and supporting environments. Define security requirements for factory acceptance testing, integration testing, harbour trials and sea trial cyber validation. Support test planning, test readiness, defect management and security acceptance activity.

Design and support onboard cyber incident response capabilities, including monitoring, logging, forensic readiness, and evidence-capture requirements. Define and assure logging, monitoring and detection requirements across shipboard and supporting environments. Provide security advice on operational resilience, cyber recovery, secure maintenance, patching, configuration control and through-life security management. Work collaboratively with naval architects, systems engineers, platform engineers, OT specialists, IT teams, suppliers, assurance teams and senior programme stakeholders.

Produce clear technical assurance outputs, security design material, decision papers, risk statements, briefing notes and governance updates. Work independently as a senior subject matter expert, determining the day-to-day technical approach, stakeholder engagement and assurance rhythm required to achieve agreed outcomes. Relevant education or industry-recognised certifications in cybersecurity, information assurance, secure engineering, security architecture, risk management or a related discipline. Suitable qualifications may include BSc, MSc, CISSP, CISM, CRISC, CISA, CCP, ISO 27001 Lead Implementer/Lead Auditor, Security, CySA, SABSA, TOGAF, IEC 62443, NCSC CAF-related experience or equivalent professional experience.

Experience working within UK MOD, defence, maritime, shipbuilding, naval, critical national infrastructure or operationally critical environments would be highly beneficial. Strong understanding of security architecture, including zoning, segregation, trust boundaries, secure configuration baselines, identity and access management and secure remote access. Ability to lead security input into formal engineering design reviews and technical governance forums. Ability to translate security risks and regulatory expectations into practical engineering, architecture and delivery actions.

Strong understanding of vulnerability assessment, penetration testing, technical assurance and security validation approaches. Ability to review security evidence, technical designs, SBOMs, assurance artefacts and supplier security claims. Strong stakeholder management skills, including the ability to influence senior technical and programme…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary