Cyber Security Engineer

CYBER SECURITY ENGINEER - 6 MONTHS - INSIDE IR35

One of Loriens leading Public Sector clients are looking for a highly skilled Senior Cyber Security Engineer to join their team for an initial 6 months with great chance of long term extension.

This position will require in office working 40% of the time, this will be either in Glasgow or Edinburgh. Candidates must be Scotland based to accomdate this.

Main duties of this role:

• Identify, design, and develop cyber security solutions across a wide variety of applications and infrastructure.
• Lead the implementation of cyber security policy and standards.
• Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects.
• Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes.
• Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards, and solutions.
• Develop security operating procedures for use across multiple information systems or support compliance with them.
• Apply routine security procedures appropriate to the role, such as patching, managing access rights, malware protection, or vulnerability testing with autonomy.
• Develop and test rules for detecting violations of security operating procedures with autonomy.
• Lead small teams managing Cyber Security operations within an organisation.
• Champion secure design principles, frameworks, and standards for a digital service or programme.
• Sponsor and direct the design of detailed low-level workflows, diagrams that describe input, output, and logical operation of a digital service. Design and develop the processes of a digital service through its full life cycle.
• Lead and translate security requirements into application design elements including documenting specific security criteria.
• Develop services by writing programming and scripting language.
• Act as a subject matter expert (SME) for CI/CD pipeline security tools, lead software debugging and guide engineers to resolve issues.
• Create and deliver automated assurance against Technical Security guidance and configurations.
• Implement business logic and technical solutions to design out fraud and error.
• Build and implement security audit points in digital services.
• Drive secure coding practices and champion them, mentoring the engineering team to be able to undertake these tasks.
• Support and empower the engineering team to understand and articulate the impact of vulnerabilities on existing and future designs and systems and provide insight into how these can be exploited and remediated.
• Have developed knowledge of a range of systems and may specialise in a number of specific systems.

Brief summary of role
The Cyber Security Engineer builds, develops, and configures tooling and processes to be secure. They build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production. They have experience of operating systems, Networking, PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code

Role Criteria
Essential Criteria

• Demonstrable experience in design, delivery and operation of cloud native vulnerability management, security monitoring and cyber incident management tools and processes within large Scottish/UK Public Sector and/or corporate industry (financial services).
• Demonstrable experience in designing, implementing and managing security solutions tailored for cloud environments and aligned to industry-standard cybersecurity frameworks such as NCSC CAF/NIST/CIS. This includes proficiency in securing cloud platforms such as AWS, Azure, understanding cloud-native security services, and expertise in configuring security groups, IAM policies, and network access controls.
• In depth experience and understanding of DevSecOps principles, emphasising the integration of security practices into the DevOps pipeline. This includes knowledge of shift left security, implementing security as code and tools, such as Terraform, Bicep, CloudFormation.
• Demonstrable experience of working closely with engineers, architects and other stakeholders to embed security practices into CI/CD workflows with ability to articulate complex security concepts clearly. This includes providing security guidance and coaching to Application, DevOps and Platform Engineers, and fostering a culture of shared responsibility for security throughout the organisation.
• Experience in supporting assessment of compliance against Government and Industry security and privacy framework standards such as ISO 27001 and GovAssure, identifying appropriate and proportionate remediation steps to address any compliance gaps.

Desirable Criteria

• Awareness of OWASP projects, particularly Top 10s, ASVS, SAMM and DSOMM.
• Awareness of UK Government good practice guides 44 and 45 to support authentication and verification processes.
• Experience of securing the delivery and operation of public facing identity based authentication and verification services within large Scottish/UK Public Sector and/or corporate industry (financial services).

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.