Lead Cyber Security Engineer

Our Lead Security Engineers enable public sector organisations to mitigate cyber and information security risks across an increasingly complex and threatened mix of technology-enabled services. They lead teams to make sure digital and data services are securely designed and built from the outset, and work with technology teams to make sure entire platforms are securely monitored with timely incident response.

UK-based in Birmingham, Bristol, Glasgow, Manchester, Newcastle, London & Swansea.

What does the job entail?

At Made Tech we want to positively impact the future of the country by using technology to improve society, for everyone. We want to empower the public sector to deliver and continuously improve digital services that are user-centric, data-driven and freed from legacy technology. Underpinning this is a need for us to do this securely, handling public data safely, and defending against increasing cyber and information security risks.

As a Lead Security Engineer you will work closely with clients to help inform their security strategy and to ensure our teams are delivering secure digital services and cloud-based platforms, aligned to our customers risk tolerance. You will be expected to upskill clients and Made Tech delivery teams, including pair programming with other engineers.

You will need to be comfortable sharing your knowledge and skills with others. We’d love to hear some examples of mentoring, coaching and growing team members. Maybe you will have written some blog posts about your discipline, or perhaps even delivered a talk or two.

Requirements

While we will look for you to have experience in these things, if you don’t have one of these don’t let that stop you from applying.

• Working directly with customers
• Leading cyber engineering workstreams and embedding into digital, data and technology teams to upskill them while managing risk and compliance
• Shaping cyber and information security strategy and managing continuous risk reduction across multiple digital or data services and cloud-based platforms
• End-to-end security involvement, including governance, risk and compliance, operational security, supply chain security and secure user management
• Identifying security issues in existing system designs, digital services (products) and platforms, including recommending mitigations that balance cost, risk and usability
• Strong understanding of integrating security as part of a multidisciplinary approach to delivering digital services (products) and platforms utilising a DevSecOps approach and enabling Continuous Security as part of wider CI/CD tools and practices
• Up-to-date understanding of, and ensuring compliance to, security standards and regulations including GDS Technology Code of Practice, NCSC Cyber Principles, ISO27001, SoC, NIST, PCI, and GDPR
• Up-to-date understanding of testing the security of software and infrastructure using appropriate security tools including automated cloud-based tooling
• Up-to-date understanding of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS)
• Up-to-date understanding of identity management and authentication/authorisation products and patterns
• Evidence of self-development – we value keen learners
• Drive to deliver outcomes for users
• Desire to mentor others
• Empathy and people skills
  

Optional experience

Don’t forget to mention any of the experiences listed below. While it’s optional, it’s all highly desired!

• Experience in technology consultancy
• Pair programming
• A relevant cyber and information security qualification (one of: CISSP, SSCP, CISM, CRISC, CAP, CPP, GCHQ-certified Master’s degree in cyber security, or a PhD that is relevant to cyber security)
• Penetration testing qualifications (one of: OSCP, CREST, TIGER or equivalent)
• Working within bid teams to win contracts exceeding value of £1m
• Working with multidisciplinary digital and technology teams
• Working within the public sector
• Experience in hiring, forming and running teams

Balancing life and work:

• ✈️Flexible Holiday– We trust you to take as much holiday as you need
• Flexible Parental Leave– We provide flexible parental leave options
• ‍Remote Working– We offer part-time remote working for all our staff
• Paid counselling– We offer paid counselling as well as financial and legal advice
• ️Paid anniversary break– We celebrate your 3 and 5 year anniversary with us by buying your family a holiday

Making work as fabulous as possible:

• Work Ready– We'll buy you a Macbook, ergonomic equipment, books, conferences, training, and more
• Learn Tech– We provide flexible learning time to develop yourself
• ️Friday Lunches– We randomly match up 8 colleagues every Friday and pay for lunch
• Friday Social– We pay for social drinks on a Friday

Compensating you fairly:

• Transparent Salary Bands– We publish salary bands so you know you're being fairly compensated
• Annual Salary Reviews– We review your salary on an annual basis
• Season Ticket Loan– We provide loans to help you pay for your travel
• Cycle To Work Scheme– We offer the cycle to work scheme to help pay for your bicycle
• Expenses Paid– Taxi to a meeting? Want to take a customer to lunch? Expenses are no hassle!

• Interviewer screen
• First stage: 45 mins call with an Engineer
• Final stage: 1 hour and a half with 2 Engineers

Cyber Security, Cloud Security, Penetration Testing, AWS, AzureCyber Security, Cloud Security, Penetration Testing, AWS, Azure