Expleo
Principal Product Security Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Overview
Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness technological change to successfully deliver innovation, improve resilience and support secure, regulated and operationally critical environments.
As part of the Expleo UK Cybersecurity Practice, you will support the delivery of product security, cyber assurance and secure-by-design activity for a major defence shipbuilding programme.
This is a senior, client-facing role requiring strong cybersecurity leadership, defence assurance experience, maritime or shipbuilding awareness, and the ability to embed security into complex engineering, platform, IT and OT environments.
The role sits at the intersection of naval architecture, systems engineering, product security, information assurance and MOD/maritime cyber compliance. You will help define, implement and assure the security strategy across the full engineering lifecycle, ensuring security is considered from design through to validation, acceptance, operation and ongoing resilience.
You will act as a trusted security authority within the Integrated Project Team, working across engineering, architecture, platform design, OT, IT, supply chain, assurance and senior stakeholder groups to ensure security risks are identified, understood, managed and evidenced.
The role requires a strong blend of cybersecurity leadership, secure engineering, technical assurance, stakeholder management, governance, supplier oversight and defence regulatory experience. You will need to operate with autonomy, technical credibility and the ability to provide clear decision support to senior leaders.
Responsibilities
- Own and maintain the Product Security Management Plan, ensuring it defines the approach, governance, assurance expectations and lifecycle security activities required for the programme.
- Define and assure the OT and IT security architecture for shipboard and supporting systems.
- Act as a senior security authority within the Integrated Project Team, providing direction, challenge and assurance across engineering and delivery activity.
- Embed secure-by-design principles across platform design, system integration, IT/OT architecture, operational technology, networks, communications and mission-supporting systems.
- Provide security input into formal engineering design reviews, including SRR, PDR, CDR and equivalent programme governance gates.
- Conduct threat modelling and risk assessment activity across ship systems, platform services, navigation, propulsion, communications, IT, OT and associated support environments.
- Define and assure network zoning, segregation, trust boundaries, secure configuration baselines and identity and access management requirements for shipboard systems.
- Support the definition and validation of secure architecture patterns across onboard and supporting environments.
- Apply relevant MOD, NCSC, defence, and maritime security frameworks to support assurance, accreditation, and compliance activities.
- Maintain and support security risk registers, ensuring risks are clearly articulated, owned, treated, tracked and escalated where required.
- Provide cybersecurity input to accreditation, certification, assurance, and acceptance activities.
- Define supplier security requirements and ensure they are embedded in contracts, delivery expectations, security schedules, and technical acceptance criteria.
- Review and assess supplier security deliverables, including security claims, compliance evidence, technical designs, assurance artefacts and software bills of materials.
- Support the assessment of third-party and supply chain security risks across products, systems, components and supporting services.
- Scope and support vulnerability assessment, penetration testing, and technical assurance activities across platform, IT, OT, and supporting environments.
- Define security requirements for factory acceptance testing, integration testing, harbour trials and sea trial cyber validation.
- Support test planning, test readiness, defect management and security acceptance activity.
- Design and support onboard cyber incident response capabilities, including monitoring, logging, forensic readiness, and evidence-capture requirements.
- Define and assure logging, monitoring and detection requirements across shipboard and supporting environments.
- Provide security advice on operational resilience, cyber recovery, secure maintenance, patching, configuration control and through-life security management.
- Work collaboratively with naval architects, systems engineers, platform engineers, OT specialists, IT teams, suppliers, assurance teams and senior programme stakeholders.
- Produce clear technical assurance outputs, security design material, decision papers, risk statements, briefing notes and governance updates.
- Work independently as a senior subject matter expert, determining the day-to-day technical approach, stakeholder engagement and assurance rhythm required to achieve agreed outcomes.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Qualifications
- Relevant education or industry-recognised certifications in cybersecurity, information assurance, secure engineering, security architecture, risk management or a related discipline.
- Suitable qualifications may include BSc, MSc, CISSP, CISM, CRISC, CISA, CCP, ISO 27001 Lead Implementer/Lead Auditor, Security+, CySA+, SABSA, TOGAF, IEC 62443, NCSC CAF-related experience or equivalent professional experience.
- Experience working within UK MOD, defence, maritime, shipbuilding, naval, critical national infrastructure or operationally critical environments would be highly beneficial.
Essential skills
- Strong understanding of security architecture, including zoning, segregation, trust boundaries, secure configuration baselines, identity and access management and secure remote access.
- Ability to lead security input into formal engineering design reviews and technical governance forums.
- Ability to translate security risks and regulatory expectations into practical engineering, architecture and delivery actions.
- Strong understanding of vulnerability assessment, penetration testing, technical assurance and security validation approaches.
- Ability to review security evidence, technical designs, SBOMs, assurance artefacts and supplier security claims.
- Strong stakeholder management skills, including the ability to influence senior technical and programme stakeholders.
- Ability to work across engineering, architecture, platform, IT, OT, assurance, supply chain and programme teams.
- Strong written and verbal communication skills, with the ability to produce concise technical assurance material, risk statements, executive briefings and decision papers.
- Ability to work independently and provide senior technical direction without day-to-day supervision.
Experience
- Proven experience in a senior cybersecurity, product security, information assurance, or secure engineering role.
- Experience supporting major defence, maritime, naval, shipbuilding, CNI or complex engineering programmes.
- Experience defining or maintaining a Product Security Management Plan, Security Management Plan, Security Case, accreditation pack or equivalent assurance artefact.
- Experience embedding cybersecurity across the full engineering lifecycle, from requirements and design through to build, integration, validation, and acceptance.
- Experience supporting secure architecture across IT and OT environments.
- Experience with shipboard systems, platform systems, industrial control systems, mission systems, navigation, propulsion, communications or similar complex operational environments would be highly beneficial.
- Experience leading security input into design reviews, technical governance forums and assurance gates.
- Experience developing and maintaining security risk registers, treatment plans, control evidence and assurance records.
- Experience supporting MOD, NCSC, defence or maritime compliance activity.
- Experience defining supplier security requirements and assessing third-party security evidence.
- Experience with SBOM review, software assurance, secure configuration, vulnerability management and technical security testing.
- Experience supporting cyber incident response design, forensic readiness, logging, monitoring and detection requirements.
- Experience operating within Integrated Project Teams or multi-disciplinary engineering delivery environments.
- Experience handling high-classification or sensitive defence information in line with UK MOD, NCSC, client security and data protection requirements would be advantageous.
- Cybersecurity experience within defence, maritime, shipbuilding, critical national infrastructure, or operationally critical environments.
- Strong experience operating in a senior product security, cyber assurance, information assurance, secure engineering or security architecture role.
- Strong understanding of secure-by-design principles and their application across complex engineering lifecycles.
- Experience securing complex IT and OT systems, including platform systems, industrial control systems, operational technology, networks, communications and support environments.
- Practical experience applying MOD, NCSC, defence security, information assurance or risk management frameworks.
- Experience supporting security accreditation, assurance, compliance or certification activities in a UK defence or similarly regulated environment.
- Experience conducting threat modelling, security risk assessment and security requirements definition.
- Experience supporting FAT, integration testing, harbour trials, sea trials, or equivalent technical acceptance activities from a cybersecurity perspective.
- TEMPEST awareness or experience, particularly as it relates to defence standards, secure design, and NCSC guidance.
- Experience with maritime cybersecurity, naval systems, shipboard integration, or platform security.
- Experience with MOD security policy, defence standards, JSPs, Secure by Design, NCSC guidance or equivalent assurance frameworks.
- Experience supporting accreditation, security case development, security assurance planning, or certification activities for defence- or safety-related systems.
- Experience with OT security architecture, industrial control systems, safety-related control environments and operational resilience.
- Experience defining cybersecurity requirements for harbour trials, sea trials, factory acceptance testing, or operational acceptance.
- Experience supporting supplier assurance across complex engineering supply chains.
- Experience contributing to executive-level security reporting, assurance dashboards, risk briefings or programme decision packs.
- Strong supplier and third-party oversight experience, including security requirements definition, deliverable review, dependency management and acceptance criteria.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
What do I need before I apply
- Have the right to work in the UK.
- Be willing and able to work in a hybrid model, including client site attendance as required.
- Hold, or be eligible to obtain, UK Security Clearance where required by the client or programme.
- Be comfortable working within secure collaboration environments.
- Be able to work under the terms of applicable confidentiality and non-disclosure arrangements.
Benefits
- Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges
- We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
- Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
- Competitive company benefits
- Always working as one team, our people are not afraid to think big and challenge the status quo
As a Disability Confident Committed Employer we have committed to:
- Ensure our recruitment process is inclusive and accessible
- Communicating and promoting vacancies
- Offering an interview to disabled people who meet the minimum criteria for
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location