Senior Product Security Engineer
Senior Product Security Engineer - 12 Months contract - Bristol/Remote
Must be able to visit the Bristol office if required
MUST BE SC LEVEL SECURITY CLEARED and current
Inside IR35
Senior Product Security Engineer Job Description
The Senior Product Security Engineer will be involved in the security of my client's designs and related current and emerging technology solutions on advanced next generation.
The Opportunity
Senior Product Security Engineer will be responsible for defining, implementing, and assuring the security strategy for defence shipping. This role ensures that cyber security, information assurance, and secure-by-design principles are Embedded across both the platform (ship) design and the IT/OT architecture throughout the full engineering life cycle.
The role operates at the intersection of naval architecture, marine systems engineering, combat/logistics support systems, and enterprise IT/operational technology (OT), ensuring compliance with MOD security policies and relevant maritime cyber regulations.
Duties
Senior Product Security Engineer - Security Leadership & Strategy
Ensure security requirements are Embedded into programmable elements and systems included but not limited too:
Define secure network zoning and segregation between:
Lead security risk management in alignment with MOD/NCSC frameworks. Manage security risk registers and treatment plans. Coordinate accreditation and authority-to-operate activities. Support JSP 440/JSP 604 compliance activities. Provide evidence for security case development and formal assurance reviews. Supply Chain & Third-Party Security. Define security requirements within supplier contracts. Conduct supplier security assessments. Ensure secure development practices across the supply chain. Validate SBOMs (Software Bill of Materials) where required. Testing & Validation.
Define security test strategies including:
Define onboard cyber incident response requirements. Ensure monitoring and logging architecture supports detection and forensic investigation. Contribute to life cycle security planning, including in-service support.
Qualifications
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Must be able to visit the Bristol office if required
MUST BE SC LEVEL SECURITY CLEARED and current
Inside IR35
Senior Product Security Engineer Job Description
The Senior Product Security Engineer will be involved in the security of my client's designs and related current and emerging technology solutions on advanced next generation.
The Opportunity
Senior Product Security Engineer will be responsible for defining, implementing, and assuring the security strategy for defence shipping. This role ensures that cyber security, information assurance, and secure-by-design principles are Embedded across both the platform (ship) design and the IT/OT architecture throughout the full engineering life cycle.
The role operates at the intersection of naval architecture, marine systems engineering, combat/logistics support systems, and enterprise IT/operational technology (OT), ensuring compliance with MOD security policies and relevant maritime cyber regulations.
Duties
Senior Product Security Engineer - Security Leadership & Strategy
- Develop and maintain the Product Security Management Plan (PSMP) for the vessel programme, covering all aspects of security.
- Define the security architecture strategy for both ship systems (OT) and IT networks.
- Act as the security authority within the Integrated Project Team (IPT).
- Provide leadership on secure-by-design principles across naval platform development.
- Secure Ship Design Integration
Ensure security requirements are Embedded into programmable elements and systems included but not limited too:
- Platform management systems
- Navigation systems
- Propulsion and machinery control systems
- Communications systems (internal & external)
- Mission/logistics systems (if applicable)
- Conduct threat modelling and risk assessments for marine and hybrid IT/OT environments.
- Define physical security requirements and access controls.
- Support management of TEMPEST where required.
- Support design reviews (SRR, PDR, CDR) with formal security assurance inputs.
- Ensure compliance with relevant standards (eg, Def Stan, NCSC guidance, IEC 62443, NIST, IMO cyber guidance).
- IT & OT Architecture Security
Define secure network zoning and segregation between:
- Operational Technology (OT)
- Information Technology (IT)
- Communications systems
- Approve system boundary definitions and trust zones.
- Ensure secure configuration baselines for onboard systems.
- Oversee secure integration of third-party vendors and subcontractors.
- Define Identity and Access Management (IAM) and privileged access strategies for afloat systems.
- Risk, Assurance & Compliance
Lead security risk management in alignment with MOD/NCSC frameworks. Manage security risk registers and treatment plans. Coordinate accreditation and authority-to-operate activities. Support JSP 440/JSP 604 compliance activities. Provide evidence for security case development and formal assurance reviews. Supply Chain & Third-Party Security. Define security requirements within supplier contracts. Conduct supplier security assessments. Ensure secure development practices across the supply chain. Validate SBOMs (Software Bill of Materials) where required. Testing & Validation.
Define security test strategies including:
- Vulnerability assessments
- Penetration testing
- Factory Acceptance Testing (FAT) security scope
- Harbour and Sea Trial cyber validation
- Oversee remediation of identified vulnerabilities.
- Ensure secure configuration prior to vessel acceptance.
- Incident Preparedness & Operational Security
Define onboard cyber incident response requirements. Ensure monitoring and logging architecture supports detection and forensic investigation. Contribute to life cycle security planning, including in-service support.
Qualifications
- Significant experience in cyber security within defence, maritime, or critical infrastructure environments.
- Experience in both the application of security accreditation and Secure by Design in a UK MOD environment.
- Experience securing complex IT/OT systems.
- Strong understanding of secure systems engineering principles.
- Experience working within MOD or defence regulatory frameworks.
- Demonstrated experience leading security through engineering design reviews.
- Knowledge of maritime systems and shipboard integration challenges.
- Strong understanding of network architectures, design and operation.
- Experience in the application of TEMPEST measures to design including use of Def-Stan 08-050 and 59-411, NCSC GPG14 and SDIP-29.
- Knowledge of maritime facility requirements for handling of high and extremely high classified data, eg STRAP, in line with UK MOD and NCSC requirements.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.