CrawlJobs Logo

Lead Security Assurance Engineer

United Kingdom, Any UK Office Hub (Bristol / London / Manchester / Swansea) 75000.00 - 90000.00 GBP / Year · Job Posted July 14, 2026
Apply Position
Job Link Share

Job Description

Made Tech helps UK government and public sector organisations build better digital services — and security is central to that mission. As a Lead Security Assurance Engineer in our Cyber practice, you'll be the most senior security assurance voice on client engagements, setting the technical direction for how organisations identify, assess, and respond to security risk. You'll work across complex government programmes where the stakes are real: services that affect citizens, systems that hold sensitive data, and teams that need to move quickly without cutting corners. This isn't a role where you sit at the edge of delivery reviewing outputs. You'll be embedded in multidisciplinary teams, shaping how security assurance is woven into everyday engineering work — from threat modelling at design time to control testing in production. You'll build trusted relationships with client security teams, senior stakeholders, and government security communities, translating between technical findings and the risk decisions that senior leaders need to make. You'll bring the judgement to know when a full ISO 27001 governance programme is appropriate and when a lighter-weight approach serves the engagement better. At Lead level, your impact extends beyond the immediate team. You'll establish assurance frameworks and standards across engagements, grow the security capability of the people around you — colleagues and client staff alike — and contribute to how Made Tech's Cyber practice develops as a community. If you're someone who builds capability rather than gatekeeping decisions, who treats security as an engineering concern rather than a compliance exercise, and who cares about leaving client teams genuinely stronger than you found them, this role is for you.

Job Responsibility

  • Own end-to-end assurance across engagements
  • Lead vulnerability management as a programme, not a process
  • Drive security into the team's normal rhythm
  • Navigate UK government security standards with confidence
  • Communicate security risk in terms that drive decisions
  • Set the standard for incident response and detection readiness
  • Grow the people around you
  • Contribute to Made Tech's Cyber practice beyond delivery

Requirements

  • Hold one of the following — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) — or an equivalent senior audit and assurance credential
  • Experience establishing and operating vulnerability management programmes at organisational scale — including risk-based prioritisation using EPSS, KEV, and asset criticality, and managing remediation across multiple delivery teams
  • Evidence of leading compliance programmes against UK government frameworks — GovAssure, CAF, Cyber Essentials, HMG Security Policy Framework — in a complex multi-supplier or multi-team environment
  • Experience conducting or coordinating security audits in UK public sector contexts, including producing formal findings and briefings for senior government stakeholders
  • Working knowledge of exposure management beyond CVE-only approaches — incorporating misconfiguration, identity exposure, and attack-path analysis using cloud-native tooling (AWS Inspector, GuardDuty, Security Hub, or equivalents)
  • Experience assessing and assuring supply chain security — including third-party and vendor risk — and integrating supplier risk into wider assurance and governance programmes
  • Experience building or shaping security assurance capability within a consultancy, programme delivery, or multi-client environment — including growing technical security skills in colleagues and client teams
  • Evidence of acting as a trusted adviser to senior client stakeholders — anchoring security recommendations on client outcomes, challenging briefs constructively, and making security value visible rather than reporting activity
  • Experience setting team ways of working in iterative delivery environments — establishing retrospective cadences, collaborative problem-solving norms, and pairing practices that spread security knowledge across the team
  • Familiarity with structured threat modelling approaches — STRIDE, MITRE ATT&CK, attack trees — and experience embedding these into agile delivery ceremonies
  • Experience integrating SAST, SCA, dependency scanning, and container security tooling into CI/CD pipelines as part of a shift-left security approach

Nice to have

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • NCSC Certified Cyber Professional (CCP)

What we offer

  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Lead Security Assurance Engineer

8 matching positions

New

Senior Security Assurance Engineer

We help UK public sector organisations build and run digital services that are s...
Location
Location
United Kingdom , Bristol; London; Manchester; Swansea
Salary
Salary:
55000.00 - 75000.00 GBP / Year
madetech.com Logo
Made Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hold one of the following — Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP) — or an equivalent audit and assurance practitioner credential
  • Contextual judgement over formulaic approaches
  • A team-first mindset
  • Confidence communicating across boundaries
  • Genuine ownership
Job Responsibility
Job Responsibility
  • Design and lead security audits across complex government systems - combining automated scanning with manual testing, producing findings that are clearly framed around risk and remediation rather than just compliance status
  • Drive continuous compliance monitoring against applicable standards and regulations - Cyber Essentials, the NCSC Cyber Assessment Framework, GovAssure, UK GDPR, and NIS Regulations - feeding posture data into governance and risk reporting rather than treating it as a point-in-time exercise
  • Lead risk assessments and threat-modelling sessions, selecting methodologies (ISO 27005, NIST RMF, STRIDE, MITRE ATT&CK) that are proportionate to system criticality, and ensuring findings feed into programme governance decisions rather than sitting in security documentation alone
  • Communicate security findings and risk clearly to a range of audiences - technical detail for engineering teams, risk-framed summaries for senior stakeholders - structuring reports around the decisions people need to make, not just the controls you've tested
  • Embed security as a continuous engineering concern, supporting threat modelling and security reviews throughout delivery, challenging designs that create unnecessary risk, and mentoring colleagues on secure-by-default practices
  • Support and assess supply-chain and third-party security, creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply-chain risk
  • Mentor and coach colleagues and client team members, pairing on complex assurance work, sharing knowledge openly across the practice, and actively contributing to the capability of everyone around you - not just delivering your own work well
  • Contribute to the commercial and strategic health of engagements, staying alert to unmet client needs, managing scope within contracted boundaries, and surfacing opportunities or risks to account leadership as they arise
What we offer
What we offer
  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling
  • Smart Tech scheme
  • Cycle to work scheme
  • individual benefits allowance
  • Health care cash plan
  • Pension plan
  • Fulltime
Read More
Arrow Right

Risk Engineer (Security Assurance)

Hybrid Global Automotive Tech International Environment
Location
Location
Japan , 東京23区
Salary
Salary:
8000000.00 - 10000000.00 JPY / Year
https://www.randstad.com Logo
Randstad
Expiration Date
September 24, 2026
Flip Icon
Requirements
Requirements
  • 6+ years’ experience in Information Security
  • Experience in technical security, securing products incorporating emerging technologies like IoT, AI, Automotive operating systems
  • Experience with risk management, risk assessments and risk assessment methodologies/standards (NIST SP800-30, CIS RAM, etc)
  • Experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF, CMMC)
  • Technical expertise in the security field and experience with security architecture and ability to challenge risk assessments on the technical side
  • Experience with multiple risk assessment methods including threat modeling (STRIDE, etc)
  • High level of independence and autonomy in leading and performing engagements, including conducting interviews, with a complex set of corporate stakeholders
  • Experience in technical assessments of networks, operating systems, cloud environments, etc
What we offer
What we offer
  • 健康保険
  • 厚生年金保険
  • 雇用保険
  • 土曜日
  • 日曜日
  • 祝日
  • Fulltime
Read More
Arrow Right

Risk Engineer (Security Assurance)

Hybrid Global Automotive Tech International Environment
Location
Location
Japan , 東京23区
Salary
Salary:
8000000.00 - 12000000.00 JPY / Year
https://www.randstad.com Logo
Randstad
Expiration Date
September 29, 2026
Flip Icon
Requirements
Requirements
  • 6+ years’ experience in Information Security
  • Experience in technical security, securing products incorporating emerging technologies like IoT, AI, Automotive operating systems
  • Experience with risk management, risk assessments and risk assessment methodologies/standards (NIST SP800-30, CIS RAM, etc)
  • Experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF, CMMC)
  • Technical expertise in the security field and experience with security architecture and ability to challenge risk assessments on the technical side
  • Experience with multiple risk assessment methods including threat modeling (STRIDE, etc)
  • High level of independence and autonomy in leading and performing engagements, including conducting interviews, with a complex set of corporate stakeholders
  • Experience in technical assessments of networks, operating systems, cloud environments, etc Excellent written and verbal communication skill
What we offer
What we offer
  • 健康保険
  • 厚生年金保険
  • 雇用保険
  • 土曜日
  • 日曜日
  • 祝日
  • Fulltime
Read More
Arrow Right

Security Assurance Engineer

Security Governance & Compliance in the office of the dCISO (Deputy Chief Inform...
Location
Location
United States , Redmond
Salary
Salary:
100600.00 - 199000.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Engineering, Product/Technical Program Management, Data Analysis, Product Development or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Engineering, Product/Technical Program Management, Data Analysis, Product Development, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter
  • Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport
Job Responsibility
Job Responsibility
  • Lead cross-functional and cross-team projects, ensuring timely and within-budget completion
  • Collaborate with engineering teams to drive technical projects and deliver innovative solutions
  • Provide security training and develop incident response processes to handle multi-dimensional incidents
  • Ensure data integrity and compliance with contractual requirements
  • Communicate effectively with stakeholders, including government agencies, to ensure alignment and compliance with regulations
  • Identify and mitigate security vulnerabilities and risks through analytical problem-solving and strategic decision-making
  • Embody our company's Culture and Values
  • Fulltime
Read More
Arrow Right

Lead Quality Assurance Engineer

This role is a leadership opportunity within Delta's Product Team. As QA Lead, y...
Location
Location
United Kingdom , Bishop's Stortford
Salary
Salary:
Not provided
thedeltagroup.com Logo
The Delta Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4–7 years of experience in QA, software testing or software quality engineering
  • Demonstrable experience leading or mentoring a QA team, or strong readiness to step into a lead role
  • Deep experience with both manual and automated testing approaches across complex product environments
  • Strong proficiency with at least one automation framework (e.g. Selenium, Playwright, Cypress) and associated scripting languages
  • Experience owning or significantly contributing to a QA strategy, not just executing within one
  • Experience integrating automated tests into CI/CD pipelines — ideally Azure DevOps
  • Skilled in prioritising test effort based on business risk — able to make pragmatic trade-offs between coverage and delivery pace
  • Confident working at senior level: communicating quality risks, influencing decisions and presenting to leadership
  • Strong understanding of agile/scrum methodologies and how quality fits within iterative delivery
  • Excellent written and verbal communication skills — able to translate technical quality issues for non-technical audiences
Job Responsibility
Job Responsibility
  • Own and drive the overall QA strategy for the Delta Product Team, aligned to business and product goals
  • Define, implement and continuously improve QA standards, processes and frameworks
  • Act as the primary quality authority in release decisions, sprint reviews and product planning discussions
  • Lead the transition to a structured, specialist-led QA function — working across the business to build understanding, buy-in and enthusiasm for improved quality practices
  • Report on quality health, test coverage, defect trends and process improvements to the CPO and senior stakeholders
  • Champion a quality-first culture across the development team, influencing behaviours at all levels
  • Evaluate and introduce new tools, methodologies and approaches that improve the team's quality capability
  • Line-manage the QA Engineer, providing clear direction, regular 1:1s and meaningful performance feedback
  • Support the professional development of QA team members, identifying training needs and growth opportunities
  • Act as a technical mentor — reviewing test approaches, providing constructive guidance and raising the bar on quality practice
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Engineer

BlueWater Federal is looking for a Lead Cyber Security Engineer to support the S...
Location
Location
United States , Colorado Springs
Salary
Salary:
Not provided
bwfed.com Logo
BlueWater Federal Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s or Bachelor’s degree in an IT- or cyber-related field
  • Minimum of 10 years of cyber-related experience
  • Must have an active Secret clearance
  • Security+ certification at a minimum, CISSP preferred
  • Experience with ACAS, ESS, and other compliance tools/techniques
  • Experience with Elastic, Splunk, or other log collection tools
  • Experience with eMASS
  • Robust understanding of Risk Management Framework (RMF) security controls
  • Experience investigating security incidents.
Job Responsibility
Job Responsibility
  • Plan, perform, analyze, and report on compliance with designated security controls using a test environment as well as Assured Compliance Assessment Solution (ACAS) scans
  • Implement vulnerability compliance actions to ensure the safety of SEWS data
  • Ensure all Information Security Continuous Monitoring (ISCM) tasks are completed on time
  • Monitor, assess, and report system security vulnerabilities, document corrective actions, and implement preventative actions to minimize the security vulnerabilities
  • Identify and analyze emergent cybersecurity technologies and systems engineering methods to improve the system’s cybersecurity posture
  • Perform testing to ensure security controls are implemented correctly and ensure the security of SEWS data
  • Perform testing of all upgrades to ensure cybersecurity compliance prior to installation of new equipment
  • Assess, remediate, mitigate, and document/track risks associated with cybersecurity vulnerabilities
  • Perform Security Impact Assessments on all system changes and events to identify and document and impacts to cybersecurity
  • Validate systems are configured securely as part of testing initiatives
What we offer
What we offer
  • medical, dental, and vision coverage
  • generous 401k matching
  • employee stock purchase program
  • life insurance options
  • time off with pay
  • Fulltime
Read More
Arrow Right

Industrial Security Lead – Installation Security and Program Protection

Location
Location
United States , Huntsville
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience supporting DoD, USSF, USAF, or related federal organizations in industrial security, program protection, acquisition security, or mission assurance roles
  • BA or BS degree
  • Equivalent experience may be substituted for education requirements
  • Active DoD TS/SCI clearance with current investigation
  • Experience supporting classified programs and secure facility operations in accordance with DoD and IC security requirements
  • Knowledge of Program Protection Planning (PPP), Critical Program Information (CPI), base level security, and acquisition security processes
  • Experience supporting base-level or installation security operations, including personnel security, physical security, and classified material control
  • Familiarity with DoDI 5200.39, DoDI 5200.44, DoDM 5200.01 Volumes 1–4, NISPOM, and related security directives
  • Experience coordinating with government program offices, contractors, security managers, and engineering teams
  • Strong organizational, analytical, and communication skills with attention to detail
Job Responsibility
Job Responsibility
  • Support industrial security, program protection, and mission assurance activities for critical defense and space acquisition programs
  • Develop, review, and maintain Security Classification Guides (SCGs) in accordance with DoD policies and directives
  • Evaluate acquisition documentation with program security and Critical Program Information (CPI) protection requirements
  • Coordinate with government and contractor stakeholders to identify and mitigate risks to mission systems, technologies, and sensitive information
  • Support base-level security operations including personnel security, classified visit coordination, secure facility compliance, and physical security requirements
  • Conduct security assessments, contractor site visits, and compliance reviews to evaluate implementation of security controls and protection measures
  • Support System Security Working Groups (SSWG), program reviews, and acquisition security meetings through coordination, documentation, and action tracking
  • Analyze evolving threats, policy updates, and security directives to determine impacts to acquisition and mission systems
  • Develop written assessments, executive briefings, and security recommendations for program leadership and government customers
  • Maintain security documentation repositories, tracking matrices, and reporting tools supporting enterprise mission assurance and program protection efforts
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right
New

Networking & Distributed Systems Researcher – Product Security Engineer

At Boeing, we innovate and collaborate to make the world a better place. We’re c...
Location
Location
United States , Huntington Beach
Salary
Salary:
123350.00 - 186300.00 USD / Year
boeing.com Logo
Boeing
Expiration Date
July 22, 2026
Flip Icon
Requirements
Requirements
  • Bachelor of Science degree from an accredited course of study in engineering, engineering technology (includes manufacturing engineering technology), computer science, engineering data science, mathematics, physics, or chemistry or non-US equivalent qualifications.
  • This position requires eligibility for a US Top Secret Security Clearance, for which the US Government requires US Citizenship
  • 3+ years of network development experience (TCP/IP, UDP, sockets, HTTPS, REST interface)
  • 3+ years of experience designing and developing software using Python, C/C++, C# and/or Java
  • 3+ years of experience with end-to-end knowledge of network transport technologies, systems, environments, services, protocols, performance monitoring and diagnostic analysis
  • 1+ years of experience with Linux Kernel architecture and key areas of implementation
Job Responsibility
Job Responsibility
  • Serve as a lead product security engineer for new concepts across tactical mobile ad-hoc network protocols, sensor protocols, airborne network overlays, or network management technologies
  • Responsible for maturing the concepts and software to prove the feasibility of new network and cyber security technologies
  • Responsible for building of secure prototypes to demonstrate the capability, and the test and evaluation of prototypes in relevant environments
  • Drive software execution to deliver products on-cost and on-schedule to programs
  • Responsible for software product security, safety, assurance, quality, and engineering excellence, including alignment with PSO policies, controls, and best practices
  • Drive first time quality in all phases of software development lifecycle
  • Collaborate across multidisciplinary teams to integrate security-by-design into distributed networking systems and prototypes
What we offer
What we offer
  • Generous company match to your 401(k)
  • Industry-leading tuition assistance program pays your institution directly
  • Fertility, adoption, and surrogacy benefits
  • Up to $10,000 gift match when you support your favorite nonprofit organizations
  • Fulltime
Read More
Arrow Right