Principal Platform Engineer; Privileged Access Management

Salary Range

£53,269 - £71,400 (grade‑based salary framework, benchmarked against the external market).

Leonardo UK seeks a Principal Platform Engineer to lead the delivery, maintenance and improvement of secure platform and systems engineering solutions for critical defence, government and public sector services. The role involves a blended hybrid working model, combining remote and on‑site collaboration with teams and customers.

• Act as the technical authority on a specified platform engineering domain (e.g., virtualisation), providing specialist expertise to projects and programmes.
• Lead the design and implementation of secure platforms across on‑premise, hybrid and cloud environments.
• Capture, analyse and interpret complex customer requirements to drive system design and architecture.
• Develop high‑ and low‑level designs, ensuring alignment with secure‑by‑design principles.
• Take ownership of technical delivery within work packages, including planning, estimation and progress reporting.
• Mentor, coach and develop junior and senior engineers, raising technical capability across the community.
• Provide input to technology strategies, feasibility studies and innovation projects.
• Engage with internal and external stakeholders, presenting technical solutions and justifying design decisions.

• Extensive technical expertise across multiple platform domains, with a track record of delivering secure solutions.
• The ability to balance hands‑on engineering with technical leadership and mentorship.
• A problem‑solving mindset, able to innovate and recommend the best approach for complex challenges.
• Core Areas (must have):
  • Windows and Linux operating systems
  • Virtualisation platforms (VMware, Hyper‑V)
  • Privileged Access Management (Cyber Ark or similar), secure credential storage and rotation, access control models
  • Integration of PAM into enterprise platforms and services
  • Networking concepts (TCP/IP, DNS, DHCP, firewalls)
  • Automation and scripting (Power Shell, Bash, Python, Ansible, Terraform)
  • Knowledge of cyber security controls and accreditation requirements
  • Experience across the systems engineering lifecycle
  • Design and implementation of privileged access models across complex systems
  • Delivery within highly controlled / secure environments (e.g., air‑gapped, defence)
• Desirable (experience with):
  • Cloud platforms (AWS, Azure) and Infrastructure as Code
  • Enterprise services integration (Active Directory, PKI, monitoring, SIEM)
  • Dev Sec Ops  tools and CI/CD pipelines
  • Automation of account onboarding/off‑boarding (API‑driven)
  • SIEM / SOC tooling for audit and monitoring
  • Containerisation platforms (Kubernetes, Docker)
  • Enterprise identity and access management solutions

This role requires a Developed Vetting (DV) clearance prior to starting. UK Government Baseline Personnel Security Standard (BPSS) and National Security Vetting (NSV) controls apply.

Yeovil, UK (local site).

• Generous leave, including up to 12 additional flexi‑days per year.
• Company‑funded pension scheme with up to 15% employer contribution.
• Free access to mental health support, financial advice and employee‑led networks.
• Free access to 4,000+ online courses via Coursera and Linked In Learning.
• Flexible benefits: up to £500 annually on private healthcare, lifestyle discounts and gym memberships.
• Flexible hours with hybrid working options.

Leonardo is committed to building an inclusive, accessible and welcoming workplace. We value diversity, which drives creativity, innovation and better outcomes for our people and customers. Accessibility support is available during the recruitment process.