Senior Security Assurance Engineer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Security Assurance Engineer (Cybersecurity): Leading end-to-end security assurance and risk assessments for complex UK public sector digital services with an accent on regulatory compliance and proportionate security design. Focus on embedding security into continuous delivery, mentoring team members, and bridging the gap between technical engineering and senior stakeholder risk management.
Location: Must be based in the UK (Hybrid: Bristol, London, Manchester, or Swansea).
Salary: £55,000–£75,000 per year.
Company
A consultancy dedicated to building secure, trustworthy, and resilient digital services for the UK public sector.
What you will do
- Design and lead security audits for complex government systems, balancing automated scanning with manual testing.
- Drive continuous compliance monitoring against standards like Cyber Essentials, GovAssure, UK GDPR, and NIS Regulations.
- Lead risk assessments and threat-modelling sessions using methodologies such as ISO 27005 and NIST RMF.
- Communicate security findings and risk clearly to both technical engineering teams and senior stakeholders.
- Embed security as a continuous engineering concern throughout the delivery lifecycle.
- Mentor colleagues and client team members to build long-term security capability.
Requirements
- Must hold SC (Security Check) clearance eligibility (requires 5 years of UK residency and 5 years of employment history).
- Hold a professional certification such as CISA or SSCP, or demonstrate equivalent capability.
- Experience in security assurance, risk management, or audit within regulated environments.
- Ability to articulate security trade-offs and design proportionate controls for complex systems.
- Strong communication skills for engaging with both technical and non-technical audiences.
Nice to have
- Certifications such as CRISC or CISSP.
- Experience with UK government security frameworks like NCSC Cyber Assessment Framework or HMG Security Policy Framework.
- Knowledge of cloud security compliance in AWS, Azure, or GCP.
- Experience with supply-chain security assessments and incident response planning.
Culture & Benefits
- 30 days of paid annual leave.
- Flexible working hours and hybrid remote working policy.
- Flexible parental leave options.
- Individual benefits allowance for health cash plans or pension contributions.
- Access to paid counselling, financial, and legal advice.
- Support for attaining professional cyber certifications.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →