Senior Security Assurance Engineer

Made Tech


Job Location:

London - UK

Yearly Salary: £ 55000 - 75000
Posted on: 2 days ago
Vacancies: 1 Vacancy

Job Summary

We help UK public sector organisations build and run digital services that are secure trustworthy and resilient. As a Senior Security Assurance Engineer in our Cyber practice youll take end-to-end ownership of security assurance work across complex government environments - designing audit approaches leading risk assessments and helping clients understand and improve their security posture in ways that are proportionate practical and grounded in how their services actually work.

This is a role with real scope. Youll operate across client engagements where the stakes are high - services that handle sensitive citizen data systems that need to meet GovAssure and Cyber Assessment Framework requirements and programmes navigating a demanding regulatory landscape that includes UK GDPR the NIS Regulations and the HMG Security Policy Framework. You wont be applying cookie-cutter frameworks; youll be making informed judgements about whats proportionate for each context and helping clients make better decisions about risk.

At Senior level youre also expected to raise the standard of security practice around you - not just through your own work but by mentoring colleagues contributing to how the team operates and helping clients build their own capability over time. Were a consultancy that believes good security outcomes come from embedding security into delivery as a continuous concern not bolting it on at the end. Youll be central to making that real.

Key Responsibilities


  • Design and lead security audits across complex government systems - combining automated scanning with manual testing producing findings that are clearly framed around risk and remediation rather than just compliance status.

  • Drive continuous compliance monitoring against applicable standards and regulations - Cyber Essentials the NCSC Cyber Assessment Framework GovAssure UK GDPR and NIS Regulations - feeding posture data into governance and risk reporting rather than treating it as a point-in-time exercise.

  • Lead risk assessments and threat-modelling sessions selecting methodologies (ISO 27005 NIST RMF STRIDE MITRE ATT&CK) that are proportionate to system criticality and ensuring findings feed into programme governance decisions rather than sitting in security documentation alone.

  • Communicate security findings and risk clearly to a range of audiences - technical detail for engineering teams risk-framed summaries for senior stakeholders - structuring reports around the decisions people need to make not just the controls youve tested.

  • Embed security as a continuous engineering concern supporting threat modelling and security reviews throughout delivery challenging designs that create unnecessary risk and mentoring colleagues on secure-by-default practices.

  • Support and assess supply-chain and third-party security creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply-chain risk.

  • Mentor and coach colleagues and client team members pairing on complex assurance work sharing knowledge openly across the practice and actively contributing to the capability of everyone around you - not just delivering your own work well.

  • Contribute to the commercial and strategic health of engagements staying alert to unmet client needs managing scope within contracted boundaries and surfacing opportunities or risks to account leadership as they arise.

Skills Knowledge & Expertise


Essential
  • Hold one of the following Certified Information Systems Auditor (CISA) Systems Security Certified Practitioner (SSCP) or an equivalent audit and assurance practitioner credential.

Desirable
  • Certified in Risk and Information Systems Control (CRISC).
  • Certified Information Systems Security Professional (CISSP).
  • Experience advising clients on UK government security frameworks including GovAssure the NCSC Cyber Assessment Framework Cyber Essentials Plus and the HMG Security Policy Framework and how they interact in practice.
  • Experience leading risk assessments using structured methodologies (ISO 27005 NIST RMF or FAIR) and embedding risk outputs into programme governance rather than treating them as standalone deliverables.
  • Demonstrated ability to design security controls and governance approaches for cloud environments with an understanding of how compliance requirements apply in AWS Azure or GCP contexts.
  • Working knowledge of incident response planning establishing policies assessing team readiness and mentoring others on preparedness ideally in a government or regulated environment.
  • Experience conducting or leading supply-chain security assessments including third-party risk and software provenance with reference to recognised standards.
  • Familiarity with tools used for continuous compliance monitoring automated controls testing or cloud security posture management (for example CSPM tooling SIEM platforms or vulnerability management tools).
  • Evidence of actively shaping your own development a T-shaped specialism seeking and acting on feedback and sharing learning openly with colleagues and the wider practice.
  • Experience contributing reusable assets playbooks templates tooling or patterns back into a practice or community rather than leaving knowledge within a single engagement or team.
  • Experience running or contributing to structured mentoring relationships pairing sessions or retrospectives in a way that measurably improved team capability or ways of working.
  • Experience co-designing solutions with clients and stakeholders bringing them into the process rather than presenting conclusions for approval and delivering value anchored to outcomes rather than outputs.
  • Experience conducting skills-based assessment of candidates contributing to interview scripts or calibrating assessment criteria to ensure fair and consistent evaluation.
Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you dont yet hold the certifications listed above but are working toward them or can demonstrate equivalent capability through experience wed still encourage you to apply.

What youll bring:
  • Contextual judgement over formulaic approaches. You think carefully about whats proportionate for each engagement rather than reaching for the same framework every time. You can articulate trade-offs clearly and help clients understand the reasoning behind your recommendations.

  • A team-first mindset. You take your own work seriously and you take the growth of the people around you equally seriously. You pair you share you coach and you make it safe for others to ask questions and admit gaps.

  • Confidence communicating across boundaries. Youre as comfortable presenting risk findings to a senior civil servant as you are working through a threat model with an engineering team. You adjust how you communicate without losing substance or clarity.

  • Genuine ownership. You take responsibility for the outcomes of your work maintaining momentum through ambiguity escalating risks early rather than absorbing them and seeing significant pieces of work through from start to finish.

Job Benefits


We are always listening to our growing teams and evolving the benefits available to our people. As we scale as do our benefits and we are scaling quickly. Weve recently introduced a flexible benefit platform which includes a Smart Tech scheme Cycle to work scheme and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. Were also big on connection and have an optional social and wellbeing calendar of events for all employees to join should they choose to.

Here are some of our most popular benefits listed below:

An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. As a result were looking for all successful candidates for this role to have eligibility.

Eligibility for SC requires 5 years UK residency and 5 year employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC we wont be able to progress your application and we will contact you to let you know why.

Support in applying
If you need this job description in another format or other support in applying please email .

We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. Were collectively continuing to grow a culture that is happy healthy safe and inspiring for people of all backgrounds and experiences so we encourage people from underrepresented groups to apply for roles with us.

When you apply well put you in touch with a member of our talent team who can help with any needs or adjustments we may need to make to help with your application. Weve put together this blog as a resource to share more about reasonable adjustments and some examples of what this could include. We also welcome any feedback on how we can improve the experience for future candidates.

Required Experience:

Senior IC

We help UK public sector organisations build and run digital services that are secure trustworthy and resilient. As a Senior Security Assurance Engineer in our Cyber practice youll take end-to-end ownership of security assurance work across complex government environments - designing audit approache...

About Company

Company Logo

We provide Digital, Data and Technology services to help organisations make a positive impact – fast.

View Profile View Profile