CrawlJobs Logo

Senior Security Assurance Engineer

United Kingdom, Bristol Employment contract 55000.00 - 75000.00 GBP / Year · Job Posted July 14, 2026
Apply Position
Job Link Share

Job Description

We help UK public sector organisations build and run digital services that are secure, trustworthy, and resilient. As a Senior Security Assurance Engineer in our Cyber practice, you'll take end-to-end ownership of security assurance work across complex government environments - designing audit approaches, leading risk assessments, and helping clients understand and improve their security posture in ways that are proportionate, practical, and grounded in how their services actually work.

Job Responsibility

  • Design and lead security audits across complex government systems - combining automated scanning with manual testing, producing findings that are clearly framed around risk and remediation rather than just compliance status
  • Drive continuous compliance monitoring against applicable standards and regulations - Cyber Essentials, the NCSC Cyber Assessment Framework, GovAssure, UK GDPR, and NIS Regulations - feeding posture data into governance and risk reporting rather than treating it as a point-in-time exercise
  • Lead risk assessments and threat-modelling sessions, selecting methodologies (ISO 27005, NIST RMF, STRIDE, MITRE ATT&CK) that are proportionate to system criticality, and ensuring findings feed into programme governance decisions rather than sitting in security documentation alone
  • Communicate security findings and risk clearly to a range of audiences - technical detail for engineering teams, risk-framed summaries for senior stakeholders - structuring reports around the decisions people need to make, not just the controls you've tested
  • Embed security as a continuous engineering concern, supporting threat modelling and security reviews throughout delivery, challenging designs that create unnecessary risk, and mentoring colleagues on secure-by-default practices
  • Support and assess supply-chain and third-party security, creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply-chain risk
  • Mentor and coach colleagues and client team members, pairing on complex assurance work, sharing knowledge openly across the practice, and actively contributing to the capability of everyone around you - not just delivering your own work well
  • Contribute to the commercial and strategic health of engagements, staying alert to unmet client needs, managing scope within contracted boundaries, and surfacing opportunities or risks to account leadership as they arise

Requirements

  • Hold one of the following — Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP) — or an equivalent audit and assurance practitioner credential
  • Contextual judgement over formulaic approaches
  • A team-first mindset
  • Confidence communicating across boundaries
  • Genuine ownership

Nice to have

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Security Professional (CISSP)
  • Experience advising clients on UK government security frameworks — including GovAssure, the NCSC Cyber Assessment Framework, Cyber Essentials Plus, and the HMG Security Policy Framework — and how they interact in practice
  • Experience leading risk assessments using structured methodologies (ISO 27005, NIST RMF, or FAIR) and embedding risk outputs into programme governance rather than treating them as standalone deliverables
  • Demonstrated ability to design security controls and governance approaches for cloud environments, with an understanding of how compliance requirements apply in AWS, Azure, or GCP contexts
  • Working knowledge of incident response planning — establishing policies, assessing team readiness, and mentoring others on preparedness — ideally in a government or regulated environment
  • Experience conducting or leading supply-chain security assessments, including third-party risk and software provenance, with reference to recognised standards
  • Familiarity with tools used for continuous compliance monitoring, automated controls testing, or cloud security posture management (for example, CSPM tooling, SIEM platforms, or vulnerability management tools)
  • Evidence of actively shaping your own development — a T-shaped specialism, seeking and acting on feedback, and sharing learning openly with colleagues and the wider practice
  • Experience contributing reusable assets — playbooks, templates, tooling, or patterns — back into a practice or community rather than leaving knowledge within a single engagement or team
  • Experience running or contributing to structured mentoring relationships, pairing sessions, or retrospectives in a way that measurably improved team capability or ways of working
  • Experience co-designing solutions with clients and stakeholders — bringing them into the process rather than presenting conclusions for approval — and delivering value anchored to outcomes rather than outputs
  • Experience conducting skills-based assessment of candidates, contributing to interview scripts, or calibrating assessment criteria to ensure fair and consistent evaluation
  • Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you don't yet hold the certifications listed above but are working toward them — or can demonstrate equivalent capability through experience — we'd still encourage you to apply

What we offer

  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling
  • Smart Tech scheme
  • Cycle to work scheme
  • individual benefits allowance
  • Health care cash plan
  • Pension plan

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Security Assurance Engineer

8 matching positions

Senior Security Assurance Engineer

Microsoft is seeking a Industrial Senior Security Assurance Engineer to support ...
Location
Location
United States , Reston
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR equivalent experience
  • Active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • U.S. citizenship
  • Ability to pass Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Execute industrial security operations for assigned classified programs, SCIFs, and secure environments in accordance with NISPOM (32 CFR Part 117) and customer requirements
  • Maintain SCIF and SAPF accreditation, including Fixed Facility Checklists (FFCs), self inspections, co utilization agreements, and coordination of material changes
  • Oversee safeguarding practices including access controls, classified storage, visitor management, and security awareness activities
  • Manage personnel access requests for classified and special access programs
  • Coordinate clearance and access activities with FSOs, CPSOs, and government security offices
  • Provide guidance to employees and managers on security responsibilities, reporting obligations, and compliance expectations
  • Investigate and report security incidents, violations, and infractions in accordance with regulatory and customer requirements
  • Maintain auditable security documentation and compliance artifacts to support government inspections, reviews, and internal audits
  • Support inspections and remediation of findings within assigned authority
  • Partner with Physical Security, HR, Legal, IT, Facilities, and Program teams to resolve operational security issues impacting classified environments
  • Fulltime
Read More
Arrow Right
New

Lead Security Assurance Engineer

Made Tech helps UK government and public sector organisations build better digit...
Location
Location
United Kingdom , Any UK Office Hub (Bristol / London / Manchester / Swansea)
Salary
Salary:
75000.00 - 90000.00 GBP / Year
madetech.com Logo
Made Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hold one of the following — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) — or an equivalent senior audit and assurance credential
  • Experience establishing and operating vulnerability management programmes at organisational scale — including risk-based prioritisation using EPSS, KEV, and asset criticality, and managing remediation across multiple delivery teams
  • Evidence of leading compliance programmes against UK government frameworks — GovAssure, CAF, Cyber Essentials, HMG Security Policy Framework — in a complex multi-supplier or multi-team environment
  • Experience conducting or coordinating security audits in UK public sector contexts, including producing formal findings and briefings for senior government stakeholders
  • Working knowledge of exposure management beyond CVE-only approaches — incorporating misconfiguration, identity exposure, and attack-path analysis using cloud-native tooling (AWS Inspector, GuardDuty, Security Hub, or equivalents)
  • Experience assessing and assuring supply chain security — including third-party and vendor risk — and integrating supplier risk into wider assurance and governance programmes
  • Experience building or shaping security assurance capability within a consultancy, programme delivery, or multi-client environment — including growing technical security skills in colleagues and client teams
  • Evidence of acting as a trusted adviser to senior client stakeholders — anchoring security recommendations on client outcomes, challenging briefs constructively, and making security value visible rather than reporting activity
  • Experience setting team ways of working in iterative delivery environments — establishing retrospective cadences, collaborative problem-solving norms, and pairing practices that spread security knowledge across the team
  • Familiarity with structured threat modelling approaches — STRIDE, MITRE ATT&CK, attack trees — and experience embedding these into agile delivery ceremonies
Job Responsibility
Job Responsibility
  • Own end-to-end assurance across engagements
  • Lead vulnerability management as a programme, not a process
  • Drive security into the team's normal rhythm
  • Navigate UK government security standards with confidence
  • Communicate security risk in terms that drive decisions
  • Set the standard for incident response and detection readiness
  • Grow the people around you
  • Contribute to Made Tech's Cyber practice beyond delivery
What we offer
What we offer
  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling
  • Fulltime
Read More
Arrow Right

Vodafone Business Senior Security Engineer

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
Egypt , Giza
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–9 years in cybersecurity engineering or implementation roles
  • Bachelor’s degree in Computer Science, Engineering, IT, or related field
  • Strong communication, presentation, and stakeholder management skills
  • Proven leadership, teamwork, and collaboration abilities
  • Fluency in Arabic and English
  • Security architecture, operations, and enterprise-scale environments
  • Threat management, vulnerability management, and incident response
  • Hands-on experience with SIEM, endpoint protection, IAM, and firewalls
  • Experience with vendors like Microsoft, Cisco, Palo Alto, Fortinet, Trend Micro
  • CISSP, CISM, CEH, CompTIA Security+
Job Responsibility
Job Responsibility
  • Lead the delivery and implementation of end-to-end cybersecurity projects in enterprise-scale environments
  • Design, develop, and maintain secure architecture frameworks covering network, endpoint, identity, and cloud security
  • Manage and enhance Security Operations (SecOps) including monitoring, detection, and response capabilities
  • Oversee threat management, vulnerability management, and incident response processes to minimize risk exposure
  • Analyze and troubleshoot complex security and infrastructure issues across integrated environments
  • Collaborate with internal teams, vendors, and stakeholders to ensure seamless security integration and project execution
  • Provide technical leadership, mentoring, and guidance to security teams
  • Drive adherence to industry standards, policies, and compliance frameworks (ISO 27001, NIST, PCI-DSS)
  • Support continuous improvement initiatives by evaluating emerging threats, tools, and technologies
  • Bridge communication between technical and non-technical stakeholders to support decision-making
  • Fulltime
Read More
Arrow Right

Information Systems Security Engineer Senior Level

ITC is a Woman Owned Small Business delivering exceptional consultation to the U...
Location
Location
United States , Ft. Meade
Salary
Salary:
Not provided
seekintegrity.com Logo
Integrity Technology Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • TS/SCI with FSP Polygraph. CI Poly allowed to start.
  • Twenty (20) years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity is required. Bachelor' s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required.
  • DoD 8570 compliance with IASAE Level 3 is required Both Information Systems Security Engineering Professional (ISSEP) and CISSP Certifications are required.
  • A Master's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline may be substituted for two (2) years of experience, reducing the requirement to eighteen (18) years of experience.
  • Four (4) years of additional ISSE experience may be substituted for a bachelor ' s degree.
Job Responsibility
Job Responsibility
  • Assist with the development and maintenance of all necessary C&A documents
  • Provide coordination, tracking, and management through all aspects of the initial and recurring C&A processes.
  • Conduct independent assessments of all required security controls including interviews, examinations, and testing and prepare the assessment findings report.
  • Work with system owners to resolve findings and answer questions.
  • Perform cybersecurity review and validation services for cybersecurity authorization deliverables and record results.
  • Support the Risk Management Framework (RMF) process using applicable tools.
  • Continuous monitoring and plans of action and milestones (POA&M) management.
  • Assessing systems deployed in Test Infrastructures
  • Provide analytical, communication and troubleshooting skills that enable proactive and effective collaboration, including the ability to clearly articulate status and present to both customers and program leadership.
  • Supporting planning and testing for Certification and Accreditation processes and (Secure the Enterprise/Secure the Network (STE/STN), High Value Asset (HVA) requirements for all System security plans
What we offer
What we offer
  • 401K plan with company contributions (safe harbor and profit sharing)
  • 11 Federal holidays, 21 Days PTO
  • Medical, Dental, & Vision with substantial company contributions
  • Company provided Life, LTD and STD Insurance
  • Health Savings Accounts/ Flexible Spending Accounts
  • Referral Bonuses
  • Performance Bonuses
  • Tuition Assistance for Education, Training, and Professional certifications
  • Career Development
  • Fulltime
Read More
Arrow Right

Information Security Senior Engineer

To lead the organisation’s security assurance and standards capability. The role...
Location
Location
United Kingdom , Coventry
Salary
Salary:
70000.00 - 78000.00 GBP / Year
the-mtc.org Logo
Manufacturing Technology Centre
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience in information security assurance, governance or audit‑facing security roles
  • Strong understanding of network security principles and the ability to challenge and validate technical designs
  • Led enterprise classification approach, technically and assured
  • Demonstrable experience supporting customer audits and completing security questionnaires & bid assurance responses
  • Ability to produce clear, evidence‑led documentation that stands up to scrutiny
  • Strong influencing and communication skills
  • Self‑starting approach with high ownership
Job Responsibility
Job Responsibility
  • Own the interpretation and day‑to‑day operation of relevant standards and assurance frameworks (Defence, CE/CE+)
  • Maintain an evidence library and control narratives suitable for customer audits and formal assessments
  • Lead responses to customer security audit requests and new business Security Assurance Questionnaires (SAQs), working closely with technical colleagues
  • Strengthen the organisation’s network security assurance capability: challenge designs, validate controls, and support secure integration into enterprise facilities
  • Coordinate internal assurance activities supporting annual Cyber Essentials Plus including readiness reviews, remediation tracking and evidence pack quality
  • Support incident response governance: ensure playbooks, communications templates and post‑incident learning are maintained
  • Contribute to the cyber security communications channel: support awareness campaigns, targeted briefings and lessons‑learned messaging
  • Support the maintenance of ITSM, and address security governance and design related tickets
  • Play an active role in maintaining & contributing to Security related Dev Ops
What we offer
What we offer
  • Excellent Pension Scheme
  • Flexible Working
  • Fulltime
Read More
Arrow Right

Satellite Communications System Security Engineer, Senior

As a Satellite Communications Systems Security Engineer, you will identify the n...
Location
Location
United States , Fort Meade
Salary
Salary:
77600.00 - 176000.00 USD / Year
boozallen.com Logo
Booz Allen Hamilton
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience implementing, testing, and validating STIGs, performing system self‑assessments, and creating STIG checklists
  • 7+ years of experience executing IAVM actions, such as IAVA alerts, bulletins, or tasking orders, and developing compliant engineering responses
  • 7+ years of experience deploying and validating ESS, ACAS, and CMRS, analyzing ACAS scans, developing remediation strategies, and implementing patches and upgrades
  • 7+ years of experience reviewing cybersecurity and engineering change requests to ensure operational availability and compliance
  • Knowledge of RMF and its application to networks and IT systems, such as Cisco routers, switches, Active Directory, or access control
  • Ability to manage users in Windows or Linux and administer VMs in VMware or Hyper‑V
  • Ability to accredit and secure DoD systems using RMF, perform IAVA analysis, document POA&Ms, and prepare security assessment artifacts
  • Top Secret clearance
  • Bachelor’s degree in Science, Technology, or Engineering
  • Security+ Certification
Job Responsibility
Job Responsibility
  • Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management
  • Implement infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises
  • Perform risk and vulnerability assessments in network, system, and application areas and leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise
  • Participate in the development of test strategies and conduct of testing, validating, and implementing applicable STIG requirements for current or new systems
  • Conduct periodic self-assessments of systems to ensure STIG compliance and create STIG checklists to support periodic self-assessments
  • Perform Information Assurance Vulnerability Management (IAVM) activities such as IA vulnerability alerts, bulletins, and tasking orders and develop a systematic approach for responses to IAVM related issues to maintain system compliance
What we offer
What we offer
  • health, life, disability, financial, and retirement benefits
  • paid leave
  • professional development
  • tuition assistance
  • work-life programs
  • dependent care
  • recognition awards program
Read More
Arrow Right

Senior Security Engineer

The Security Remote Technical Support Engineer (L2) is a developing engineering ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or equivalent in Information Technology or Computing or related field
  • Professional level Certification in Different Networking Technologies Like Cisco, Juniper, Checkpoint, PaloAlto, Fortinet, Aruba, BlueCoat, ZeeScaler 5 such as CCNP, JNCIP, ACCP, PCNSP, CCSP etc
  • Moderate level experience in Security technologies such as Firewall, IPS, IDS, Proxy etc
  • Moderate level experience in technical support to clients
  • Moderate level experience in diagnosis and troubleshooting
  • Moderate level experience providing remote support in Security technologies
  • Moderate level experience in relevant technology
  • Working knowledge of technical documentation
  • Knowledge on management agent concepts, redundancy concepts and remote console architecture within supported technical domain
  • Knowledge of vendor technologies, such as Cisco, Microsoft, ARC, Audio Codes, PeterCOnnect, Sonus
Job Responsibility
Job Responsibility
  • Maintains the support process and ensures that requests for support are handled according to the procedures
  • Use service assurance software and tools to investigate and diagnose problems, collect performance statistics and create reports, working with users, other staff and suppliers as appropriate
  • Identifies and resolves problems following agreed procedures
  • Carries out agreed maintenance tasks
  • Ensures usage of knowledge articles in incident diagnosis and resolution and assist with updating as and when required
  • Performs defined tasks to monitor service delivery against service level agreements and maintains records of relevant information
  • Analyzes service records against agreed service levels regularly to identify actions required to maintain or improve levels of service, and initiates or reports these actions
  • Prioritizes and diagnoses incidents according to agreed procedures
  • Investigates causes of incidents and seeks resolution
  • Escalates unresolved incidents and follow up until incident is resolved
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, GRC Automation

1Password is looking for a Senior Security Engineer – GRC to design and implemen...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles
  • Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring
  • Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments
  • Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools
  • Ability to work cross-functionally with security, compliance, legal, and infrastructure teams to translate policies into scalable technical systems
  • Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations
Job Responsibility
Job Responsibility
  • Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows
  • Build out automated workflows for control testing, evidence collection, and audit readiness
  • Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management)
  • Design dashboards and reporting to track control health, trust signals, and audit performance
  • Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes like employee onboarding, change management, and incident response
  • Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business
What we offer
What we offer
  • Health and wellbeing: Maternity and parental leave top-up programs
  • Competitive health benefits
  • Generous PTO policy
  • Growth and future: RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Community: Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment
  • Fulltime
Read More
Arrow Right