Principal Platform Engineer (Privileged Access Management)

Job Description:

Salary Range: £53,269 - £71,400

Leonardo UK operates a grade-based salary framework with broad bands. The salary range shown reflects the approved grade band for this role, or a narrower hiring range published within that band, and is benchmarked against the external market. Exceptions above the standard range are managed through governance controls to protect internal equity.

Your Impact

Are you ready to take on complex technical challenges at the forefront of cyber and platform engineering? At Leonardo, our Principal Platform Engineers (Technical Specialist Path) are hands-on experts who shape the design, integration, and delivery of secure platforms that keep our customers’ missions running.
Your work at Leonardo UK will see you take the lead in solving customer problems in an agile, innovative and team-centric manner. The role may involve a blended hybrid working model, with a mixture of working from home and working on site at one of our Leonardo offices to ensure close collaboration with the wider team and with our customers.

Leonardo UK is seeking a Principal Platform Engineer to join the Cyber & Security Solutions Division team. This role is focused on delivering, maintaining, and improving platform and systems engineering solutions that underpin critical defence, government and public sector services.
What you will do as a Principal Platform Engineer

• Act as the technical authority on one of our platform engineering domains (e.g. virtualisation) providing specialist domain expertise to projects and programmes.

• Lead the design and implementation of secure platforms across on-premise, hybrid, and cloud environments.

• Capture, analyse, and interpret complex customer requirements to drive system design and architecture.

• Develop high- and low-level designs, ensuring alignment with secure-by-design principles.

• Take ownership of technical delivery within work packages, including planning, estimation, and progress reporting.

• Mentor, coach, and develop junior and senior engineers, raising technical capability across the community.

• Provide input to technology strategies, feasibility studies, and innovation projects.

• Engage with internal and external stakeholders, presenting technical solutions and justifying design decisions.

What you’ll bring

• Extensive technical expertise across multiple platform domains, with a track record of delivering secure solutions.

• The ability to balance hands-on engineering with technical leadership and mentorship.

• A problem-solving mindset, able to innovate and recommend the best approach for complex challenges.

Core areas (must have):

• Windows and Linux operating systems

• Virtualisation platforms (VMware, Hyper-V)

• Privileged Access Management concepts and implementation (CyberArk or similar)

• Secure credential storage, rotation, and access control models

• Integration of PAM into enterprise platforms and services

• Networking concepts (TCP/IP, DNS, DHCP, firewalls)

• Automation and scripting (PowerShell, Bash, Python, Ansible, Terraform)

• Knowledge of cyber security controls and accreditation requirements

• Experience across the systems engineering lifecycle

• Design and implementation of privileged access models across complex systems

• Delivery within highly controlled / secure environments (e.g. air-gapped, defence)

Desirable:

• Expertise with cloud platforms (AWS, Azure) and Infrastructure as Code

• Experience integrating enterprise services (Active Directory, PKI, monitoring, SIEM)

• Hands-on use of DevSecOps tools and CI/CD pipelines

• Automation of account onboarding/offboarding (API-driven)

• Integration with SIEM / SOC tooling for audit and monitoring

• Containerisation platforms (Kubernetes, Docker)

• Experience working with enterprise identity and access management solutions

Security Clearance

This role is subject to pre-employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) will apply. This role requires Developed Vetting (DV) clearance prior to starting. For more information and guidance please visit: https://careers.uk.leonardo.com/gb/en/security-and-vetting

Location

This role can be based at one of our UK sites Yeovil.

Why join us

At Leonardo, our people are at the heart of everything we do. We offer a comprehensive, company-funded benefits package that supports your wellbeing, career development, and work–life balance.

• Time to Recharge: Generous leave with the opportunity to accrue up to 12 additional flexi-days each year.

• Secure your Future: Award-winning pension scheme with up to 15% employer contribution.

• Your Wellbeing Matters: Free access to mental health support, financial advice, and employee-led networks.

• Never Stop Learning: Free access to 4,000+ online courses via Coursera and LinkedIn Learning.

• Tailored Perks: Spend up to £500 annually on flexible benefits such as private healthcare, lifestyle discounts, and gym memberships.

• Flexible Working: Flexible hours with hybrid working options.

For a full list of our company benefits please visit our website.
Leonardo is a global leader in Aerospace, Defence, and Security. Headquartered in Italy, we employ over 53,000 people worldwide including 8,500 across 9 sites in the UK. Our employees are not just part of a team—they are key contributors to shaping innovation, advancing technology, and enhancing global safety.

At Leonardo we are committed to building an inclusive, accessible, and welcoming workplace. We believe that a diverse workforce sparks creativity, drives innovation, and leads to better outcomes for our people and our customers. If you have any accessibility requirements to support you during the recruitment process, just let us know.

Be part of something bigger - apply now!

#LI-CYBER

Primary Location:

GB - Yeovil - Lysander Rd

Contract Type:

Permanent

Hybrid Working:

Onsite