Lead Security Assurance Engineer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Lead Security Assurance Engineer (Cybersecurity): Leading security assurance strategy and vulnerability management for complex UK government digital services with an accent on risk-based frameworks and compliance. Focus on embedding security into agile delivery cycles, mentoring teams, and translating technical security findings into actionable risk decisions for senior stakeholders.
Location: Must be based in the UK with the ability to work from Bristol, London, Manchester, or Swansea hubs.
Salary: £75,000–£90,000 per year.
Company
helps UK government and public sector organisations build better digital services through modern engineering and security practices.
What you will do
- Establish risk-based assurance frameworks and coordinate audit programmes across client engagements.
- Lead vulnerability management programmes, including prioritisation, remediation SLAs, and reporting to senior stakeholders.
- Embed threat modelling, secure code review, and automated security scanning into design and delivery cycles.
- Navigate and apply UK government security standards like NCSC Cyber Assessment Framework and GovAssure.
- Communicate security posture and risk decisions to senior client leadership.
- Mentor colleagues and client staff to grow security capability and engineering habits.
Requirements
- Must hold CISA, CISSP, or equivalent senior audit and assurance credential.
- Must be eligible for UK Security Check (SC) clearance (requires 5 years UK residency).
- Experience leading compliance programmes against UK government frameworks in complex environments.
- Proven ability to act as a trusted adviser to senior stakeholders on security risk.
- Strong understanding of vulnerability management and exposure management at scale.
- Experience working in iterative, agile delivery environments.
Nice to have
- Certifications: CRISC, CISM, or NCSC Certified Cyber Professional (CCP).
- Experience with cloud-native security tooling (AWS Inspector, GuardDuty, Security Hub).
- Background in assessing supply chain and third-party vendor risk.
Culture & Benefits
- 30 days of paid annual leave.
- Flexible working hours and hybrid remote working policy.
- Flexible parental leave options.
- Individual benefits allowance for healthcare or pension plans.
- Access to paid counselling and financial/legal advice.
- Support for attaining recognised cyber certifications.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →