Cyber Security Engineer
Job in
Southampton, Hampshire County, SO15, England, UK
Listed on 2026-03-01
Listing for:
Ocean Infinity Group
Full Time
position Listed on 2026-03-01
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, Security Manager
Job Description & How to Apply Below
** Employee
* * Application End Date:
** 10-03-2026
We are using and creating technology to transform operations at sea to enable people and the planet to thrive.
We are open-minded and fearless in our approach to innovation and don't believe in boundaries. We challenge everything and have massive ambitions to drag aging industries into the tech era.
We take safety, equality and education very seriously, and our responsibilities don't stop at our front door. Our business is built on the belief that there's definitely a more environmentally responsible way to operate employ people who share our core values. We expect our people to be courageous, trustworthy, and conscientious, driven by a desire to do the right thing. We strive for excellence, work collaboratively, and are genuinely excited by our work.
We offer opportunities for our people to develop beyond their role and span a multitude of disciplines. These are open to all, regardless of background and experience level. Working with us means being part of a team that is harnessing technology and creativity to disrupt a traditional industry.
We are not your average workplace.## Cyber Security Engineer (Defence & GRC Focus)
Ocean Infinity is seeking a Cyber Security Engineer with a defence and governance focus to design, enforce, and assure security controls across highly regulated and mission-critical environments. This role sits at the intersection of security engineering, governance, and operational assurance, ensuring that cyber security controls are not only compliant on paper, but defensible in practice against capable and persistent adversaries.
You will support audit, regulatory assurance, defence procurement, and supply chain security activities while acting as a technical authority for risk-based security decisions across enterprise IT, cloud, and operational technology environments.
*
* Reports to:
** Head of Cyber Security
** What will you do:
*** Defence, Audit and Regulatory Assurance
* Act as a primary cyber security interface for auditors, regulators, defence stakeholders, and customers.
* Maintain and evidence compliance against relevant frameworks such as ISO
27001, NIST CSF, NIST SP 800-53, CMMC, DFARS, NIS Regulations, and applicable MOD or defence standards.
* Support compliance with Cyber Essentials and Cyber Essentials Plus where required.
* Coordinate internal and external audits, penetration test remediation, and formal assurance activities.
* Maintain authoritative compliance artefacts including Statements of Applicability, control mappings, risk registers, and remediation plans.
* Translate regulatory and contractual obligations into engineering-ready security requirements.
* Risk Management and Governance
* Identify, assess, and track cyber security risks across enterprise, cloud, and OT environments.
* Conduct structured risk assessments aligned with ISO
27005 or NIST risk management principles.
* Define and maintain security policies, standards, and baselines aligned to defence-grade threat models.
* Support executive and programme-level reporting on residual risk, exposure, and operational impact.
* Defence Procurement and Supply Chain Security
* Provide cyber security input to defence, public sector, and critical infrastructure tenders.
* Support secure-by-design requirements in procurement, contracts, and supplier onboarding.
* Conduct third-party and supply chain security assessments covering control assurance, data handling, access, connectivity, and segmentation risks.
* Ensure supplier security controls align with contractual and regulatory obligations.
* Security Engineering and Operational Assurance
* Work with Cyber Security Engineers, Architects, and IT and OT teams to ensure controls are implemented correctly, operating as intended, and continuously monitored.
* Validate logging, monitoring, and incident response capabilities against regulatory and contractual requirements.
* Identify and drive remediation of control weaknesses, security debt, and non-compliance.
* Support incident response activities, including post-incident assurance, reporting, and regulatory engagement.
* Awareness and Executive Communication
* Support development and delivery of cyber security awareness training and workshops.
* Assist with phishing simulations and tabletop exercises.
* Prepare concise, decision-ready briefings for senior leadership on threat posture, compliance status, and risk exposure.
** Who you are:
** You are a technically credible cyber security professional with strong governance instincts and the confidence to operate in defence-adjacent environments. You understand that compliance is a baseline, not the objective, and you focus on controls that withstand real-world adversarial pressure. You are comfortable engaging with engineers, auditors, regulators, and senior stakeholders alike.
*
* Qualifications and skills:
*** Strong experience in cyber security engineering, governance, risk, or assurance roles within regulated or defence-aligned…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×