Navantia UK is a new force in British industry, supporting the UK’s defence, security and energy transition ambitions. We’re doing this by creating state-of-the-art sovereign defence capabilities, investing in the UK to modernise industrial facilities, and bolstering the nation's energy security. Established in 2022, Navantia UK is a subsidiary of Navantia SA, a Spanish state‑owned company with over 300 years of naval shipbuilding history. In January 2025, Navantia UK completed the acquisition of Harland & Wolff and its four historic facilities in Belfast, Appledore, Methil, and Arnish. By combining Harland & Wolff’s proud heritage and facilities with Navantia’s global expertise, Navantia UK is well‑positioned to strengthen Britain’s defence, maritime and energy industrial capabilities, supporting jobs and economic growth across the UK.
Job Description
Navantia UK is a leading provider of innovative naval solutions, specialising in the design, construction, and lifecycle support of naval ships. Based in Bristol, we are seeking a passionate Principal Product Security Engineer to join our team and play a pivotal role in the security of our designs and related current and emerging technology solutions on advanced next‑generation naval and government ships.
This role is offered on a full‑time basis, but we also welcome applications from candidates with the right skills who are interested in part‑time working.
The Opportunity
Based in Bristol, the Principal Product Security Engineer is responsible for defining, implementing, and assuring the security strategy for defence shipping and the Fleet Solid Support Programme. This role ensures that cyber security, information assurance, and secure‑by‑design principles are embedded across both the platform (ship) design and the IT/OT architecture throughout the full engineering lifecycle.
The role operates at the intersection of naval architecture, marine systems engineering, combat/logistics support systems, and enterprise IT/operational technology (OT), ensuring compliance with MOD security policies and relevant maritime cyber regulations.
Duties
Security Leadership & Strategy
Develop and maintain the Product Security Management Plan (PSMP) for the vessel programme, covering all aspects of security.
Define the security architecture strategy for both ship systems (OT) and IT networks.
Act as the security authority within the Integrated Project Team (IPT).
Provide leadership on secure‑by‑design principles across naval platform development.
Secure Ship Design Integration
Ensure security requirements are embedded into programmable elements and systems, including but not limited to:
Platform management systems
Navigation systems
Propulsion and machinery control systems
Communications systems (internal & external)
Mission/logistics systems (if applicable)
Conduct threat modelling and risk assessments for marine and hybrid IT/OT environments.
Define physical security requirements and access controls.
Support management of TEMPEST where required.
Support design reviews (SRR, PDR, CDR) with formal security assurance inputs.
Ensure compliance with relevant standards (e.g., Def Stan, NCSC guidance, IEC 62443, NIST, IMO cyber guidance).
IT & OT Architecture Security
Define secure network zoning and segregation between:
Operational Technology (OT)
Information Technology (IT)
Communications systems
Approve system boundary definitions and trust zones.
Ensure secure configuration baselines for onboard systems.
Oversee secure integration of third‑party vendors and subcontractors.
Define Identity and Access Management (IAM) and privileged access strategies for afloat systems.
Risk, Assurance & Compliance
Lead security risk management in alignment with MOD/NCSC frameworks.
Manage security risk registers and treatment plans.`? Let's revise and ensure all tags are balanced and properly closed.```json
{
#J-18808-Ljbffr