About the Role

We are seeking a Principal Security Engineer to support complex combat system programmes within a highly regulated engineering environment.

This is not an operational cyber or SOC role. It is a cyber security position embedded directly within engineering teams, focused on identifying and managing risks within the system itself — across hardware, software, IT and operational technology domains. You will join a small team of Security Engineers while also contributing to a wider security community of practice. Operating at Principal level, this role carries no direct line management responsibility, but you will provide technical direction and guidance across programmes and stakeholders.

Responsibilities

* Acting as a strong risk practitioner, identifying and assessing security risks associated with complex physical systems

* Conducting risk analysis aligned to structured engineering lifecycles rather than live operational environments

* Reviewing and shaping security requirements to ensure appropriate mitigation strategies are embedded early

* Producing and maintaining key security artefacts including RMADS, Risk Registers, Security Assurance Case Reports and SIOPs evidence

* Writing and reviewing security test plans, and overseeing outsourced testing activity

* Presenting and defending the security case to internal and external stakeholders

* Supporting supply chain security verification activities

* Contributing to governance reviews and lifecycle assurance processes

Qualifications

* Significant experience in product or systems security within a regulated or safety-critical engineering environment

* Strong understanding of formal risk assessment methodologies and phased engineering lifecycle models

* Proven experience developing security assurance artefacts and supporting structured assurance reviews

* Technical credibility across both IT and Operational Technology environments

* Experience working with RMADS, SIOPs and structured security case development

* Ability to influence multidisciplinary engineering teams without formal line management authority

* Relevant industry certifications (e.g., CISSP, SISP, SISM) are desirable. Chartered status is advantageous but not essential.

Required Skills

You are a technically strong, governance-focused security engineer who understands that product security is about managing risk within engineered systems — not monitoring networks. You are comfortable reviewing complex requirements, challenging assumptions and providing clear, evidence-based risk guidance.

You are confident contributing to assurance forums, sponsoring SIOPs evidence and working within established governance frameworks. You lead through technical credibility and structured thinking rather than hierarchy.

Due to the nature of the work, applicants must be eligible to obtain UK Security Clearance. This is an opportunity to work on complex, high-consequence systems where structured risk management and robust security assurance are fundamental to successful delivery