Principal Network Engineer
Principal Network Engineer – Distributed Networks
Bristol - Hybrid | Permanent | SC Clearance Required
The problem space
Most networks are designed for environments where connectivity is reliable, bandwidth is abundant, and failure is the exception.
This role is the opposite.
You will be designing and building networks that operate across moving nodes, multiple bearer types, and degraded or denied links. Systems where topology changes in real time, where path selection has to happen automatically, and where the assumption is that links, nodes, and services will fail.
This is greenfield work. There is no existing architecture to maintain. You will define it.
What you will actually be doing
Designing mesh and overlay topologies that hold together when conditions fall apart. Building multi-bearer link aggregation and path selection across LTE, satellite, and RF links. Implementing zero-trust connectivity at the edge: certificate-based device identity, mutual authentication, policy enforcement. Owning routing, traffic engineering, and QoS across constrained and adversarial links. Building observability into networks that are partly opaque by nature. Writing the automation and infrastructure-as-code that makes it repeatable and deployable.
You will also be shaping the architecture standards and reference patterns the wider engineering team builds against.
The technical depth this needs
- You should be genuinely comfortable at packet level in Linux. Not as an occasional debugging tool but as a working environment. nftables, namespaces, tc, eBPF-adjacent tooling. You understand what is actually happening on the wire, not just what the dashboard says.
- On the overlay and tunnelling side, WireGuard and IPsec in production rather than in a lab. SD-WAN or software-defined networking applied to real operational problems, not vendor demos.
- If you have worked with MANET routing protocols (OLSR, BATMAN, OSPF-MDR) or disruption-tolerant networking approaches, that is directly relevant here. So is experience with multi-bearer or multi-path systems combining cellular, satellite, and bespoke RF links.
- Zero-trust architecture experience matters: PKI, certificate lifecycle, identity-aware policy at the network edge.
- Scripting and automation are not optional extras. You should be comfortable writing the code that configures, validates, and deploys network infrastructure.
The Package
- Salary from £90,000, open for the right person
- Bristol-based, hybrid, three days per week on site
- Discretionary performance bonus
- Annual salary review
- Flexible start/finish hours
Clearance
Candidates must be eligible for UK SC clearance and hold the right to work in the UK. Existing clearance isn't required.
CleanTech Talent are working as a Hiring Partner, and our client's name will be shared at the first conversation. Apply or reach out to Daniel Salway at Cleantech Talent for more guidance.