Principal Security Engineer

Remote-first, UK-based with office space in Bristol, Manchester, London & Swansea.

Our Principal Security Engineers enable public sector organisations to mitigate cyber and information security risks across an increasingly complex and threatened mix of technology-enabled services. They provide senior security leadership and support to our clients and teams, build and manage key relationships with clients, manage security and risk across one or more accounts, and support sales.

What does the job entail?

At Made Tech we want to positively impact the future of the country by using technology to improve society, for everyone. We want to empower the public sector to deliver and continuously improve digital services that are user-centric, data-driven and freed from legacy technology. Underpinning this is a need for us to do this securely, handling public data safely, and defending against increasing cyber and information security risks.

As a Principal Security Engineer you will work closely with our customers senior leadership to help inform their security strategy and to ensure our teams are delivering secure digital services and cloud-based platforms, aligned to our customers risk tolerance. Working alongside delivery, client and other capability principals, you will help shape account plans and be responsible for delivering against them.

Working with Made Tech's leadership you will ensure our work with customers is aligned to our growth goals and you will play a pivotal role in identifying new opportunities and winning work. Running bid teams, supporting sales teams and developing new business is critical to this role.

You will coach and support Lead Security Engineers to steer their team's towards success. You will also be responsible for hiring and line managing Lead Security Engineers.

While this is not a hands-on coding technical role, the importance of credibility in internet-era approaches to digital, data and technology in the public sector cannot be understated. You will be expected to maintain a broad technical knowledge of modern cyber security practices, be able to shape security strategy and roadmaps, and hold others to account for technical quality.

As a security leader within Made Tech you will be expected to maintain and grow your professional network. You will be expected to contribute to thought leadership, content and events and should have a proven track record of doing so.

What experience are we looking for?

While we will look for you to have experience in these things, if you don’t have one of these don’t let that stop you from applying.

• Working directly with customers
• Working within a technology consultancy
• Developing a cyber and information security capability or function
• Shaping cyber and information security strategy and managing continuous risk reduction across an organisation, portfolio and/or multiple programmes
• End-to-end security involvement, including governance, risk and compliance, operational security, supply chain security and secure user management
• Identifying security issues in existing system designs, digital services (products) and platforms, including recommending mitigations that balance cost, risk and usability
• Strong understanding of integrating security as part of a multidisciplinary approach to delivering digital services (products) and platforms utilising a DevSecOps approach and enabling Continuous Security as part of wider CI/CD tools and practices
• Up-to-date understanding of, and ensuring compliance to, security standards and regulations including GDS Technology Code of Practice, NCSC Cyber Principles, ISO27001, SoC, NIST, PCI, and GDPR
• Up-to-date understanding of testing the security of software and infrastructure using appropriate security tools including automated cloud-based tooling
• Up-to-date understanding of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS)
• Up-to-date understanding of identity management and authentication/authorisation products and patterns
• Evidence of self-development – we value keen learners
• Drive to deliver outcomes for users
• Desire to mentor others
• Empathy and people skills
  

Optional experience

Don’t forget to mention any of the experiences listed below. While it’s optional, it’s all highly desired!

• Leadership of a cyber and information security capability or function
• A relevant cyber and information security qualification (one of: CISSP, SSCP, CISM, CRISC, CAP, CPP, GCHQ-certified Master’s degree in cyber security, or a PhD that is relevant to cyber security)
• Penetration testing qualifications (one of: OSCP, CREST, TIGER or equivalent)
• Working within bid teams to win contracts exceeding value of £1m
• Working with multidisciplinary digital and technology teams
• Working within the public sector
• Experience in hiring, forming and running teams

Balancing life and work:

• ✈️Flexible Holiday– We trust you to take as much holiday as you need
• Flexible Parental Leave– We provide flexible parental leave options
• ‍Remote Working– We offer part-time remote working for all our staff
• Paid counselling– We offer paid counselling as well as financial and legal advice
• ️Paid anniversary break– We celebrate your 3 and 5 year anniversary with us by buying your family a holiday

Making work as fabulous as possible:

• Work Ready– We'll buy you a Macbook, ergonomic equipment, books, conferences, training, and more
• Learn Tech– We provide flexible learning time to develop yourself
• ️Friday Lunches– We randomly match up 8 colleagues every Friday and pay for lunch
• Friday Social– We pay for social drinks on a Friday

Compensating you fairly:

• Transparent Salary Bands– We publish salary bands so you know you're being fairly compensated
• Annual Salary Reviews– We review your salary on an annual basis
• Season Ticket Loan– We provide loans to help you pay for your travel
• Cycle To Work Scheme– We offer the cycle to work scheme to help pay for your bicycle
• Expenses Paid– Taxi to a meeting? Want to take a customer to lunch? Expenses are no hassle!

2 part interview processCyber Security, Business Intelligence, Security Testing, Cloud Security, Stakeholder ManagementCyber Security