Cyber Security Engineer

Worker Type: Employee Application End Date: 10-03-2026We are using and creating technology to transform operations at sea to enable people and the planet to thrive.We are open-minded and fearless in our approach to innovation and don't believe in boundaries. We challenge everything and have massive ambitions to drag aging industries into the tech era.We take safety, equality and education very seriously, and our responsibilities don't stop at our front door. Our business is built on the belief that there's definitely a more environmentally responsible way to operate at sea.We employ people who share our core values. We expect our people to be courageous, trustworthy, and conscientious, driven by a desire to do the right thing. We strive for excellence, work collaboratively, and are genuinely excited by our work.We offer opportunities for our people to develop beyond their role and span a multitude of disciplines. These are open to all, regardless of background and experience level. Working with us means being part of a team that is harnessing technology and creativity to disrupt a traditional industry.We are not your average workplace. Cyber Security Engineer (Defence & GRC Focus)Ocean Infinity is seeking a Cyber Security Engineer with a defence and governance focus to design, enforce, and assure security controls across highly regulated and mission-critical environments. This role sits at the intersection of security engineering, governance, and operational assurance, ensuring that cyber security controls are not only compliant on paper, but defensible in practice against capable and persistent adversaries.You will support audit, regulatory assurance, defence procurement, and supply chain security activities while acting as a technical authority for risk-based security decisions across enterprise IT, cloud, and operational technology environments. Reports to: Head of Cyber Security What will you do: Defence, Audit and Regulatory Assurance Act as a primary cyber security interface for auditors, regulators, defence stakeholders, and customers. Maintain and evidence compliance against relevant frameworks such as ISO27001, NIST CSF, NIST SP 800-53, CMMC, DFARS, NIS Regulations, and applicable MOD or defence standards. Support compliance with Cyber Essentials and Cyber Essentials Plus where required. Coordinate internal and external audits, penetration test remediation, and formal assurance activities. Maintain authoritative compliance artefacts including Statements of Applicability, control mappings, risk registers, and remediation plans. Translate regulatory and contractual obligations into engineering-ready security requirements. Risk Management and Governance Identify, assess, and track cyber security risks across enterprise, cloud, and OT environments. Conduct structured risk assessments aligned with ISO27005 or NIST risk management principles. Define and maintain security policies, standards, and baselines aligned to defence-grade threat models. Support executive and programme-level reporting on residual risk, exposure, and operational impact. Defence Procurement and Supply Chain Security Provide cyber security input to defence, public sector, and critical infrastructure tenders. Support secure-by-design requirements in procurement, contracts, and supplier onboarding. Conduct third-party and supply chain security assessments covering control assurance, data handling, access, connectivity, and segmentation risks. Ensure supplier security controls align with contractual and regulatory obligations. Security Engineering and Operational Assurance Work with Cyber Security Engineers, Architects, and IT and OT teams to ensure controls are implemented correctly, operating as intended, and continuously monitored. Validate logging, monitoring, and incident response capabilities against regulatory and contractual requirements. Identify and drive remediation of control weaknesses, security debt, and non-compliance. Support incident response activities, including post-incident assurance, reporting, and regulatory engagement. Awareness and Executive Communication Support development and delivery of cyber security awareness training and workshops. Assist with phishing simulations and tabletop exercises. Prepare concise, decision-ready briefings for senior leadership on threat posture, compliance status, and risk exposure. Who you are: You are a technically credible cyber security professional with strong governance instincts and the confidence to operate in defence-adjacent environments. You understand that compliance is a baseline, not the objective, and you focus on controls that withstand real-world adversarial pressure. You are comfortable engaging with engineers, auditors, regulators, and senior stakeholders alike. Qualifications and skills: Strong experience in cyber security engineering, governance, risk, or assurance roles within regulated or defence-aligned environments. Practical experience implementing and assuring controls aligned to ISO27001, NIST, CMMC, DFARS, NIS Regulations, or equivalent frameworks. Experience conducting structured cyber risk assessments and maintaining risk registers. Familiarity with IT, cloud, and operational technology security environments. Ability to translate regulatory requirements into actionable engineering controls. Experience supporting audits, penetration testing remediation, and regulatory reporting. Strong written and verbal communication skills with the ability to brief senior leadership. Comfortable operating in complex, multi-stakeholder environments. Security Clearance: Security clearance is not mandatory on appointment; however, candidates must be eligible and willing to undergo UK security vetting should the role or programme require it. Salary : The salary varies for this position as we are recruiting in multiple regional locations and job grades. The salary process is based on skills, abilities, and experience required. What you can expect: At Ocean Infinity, we believe in creating equal opportunities for all, celebrating each and everyone's differences. We are driven by transforming the industry, through our technology, thoughts, behaviours and actions. Being inclusive and respectful to all is fundamental to who we are. It is the right thing to do and enables innovation and creativity to thrive.There is more work to be done, and we know that we aren't perfect, but our commitment to these values is unwavering. They are central to our mission and the impact we have on the industry, meaning, we cannot live without them.