Our Lead Security Engineers enable public sector organisations to mitigate cyber and information security risks across an increasingly complex and threatened mix of technology-enabled services. They lead teams to make sure digital and data services are securely designed and built from the outset, and work with technology teams to make sure entire platforms are securely monitored with timely incident response.
At Made Tech we want to positively impact the future of the country by using technology to improve society, for everyone. We want to empower the public sector to deliver and continuously improve digital services that are user-centric, data-driven and freed from legacy technology. Underpinning this is a need for us to do this securely, handling public data safely, and defending against increasing cyber and information security risks.
As a Lead Security Engineer you will work closely with clients to help inform their security strategy and to ensure our teams are delivering secure digital services and cloud-based platforms, aligned to our customers risk tolerance. You’ll need to have a drive to deliver outcomes for users. You’ll be expected to upskill clients and Made Tech delivery teams, including pair programming with other engineers.
You will need to be comfortable sharing your knowledge and skills with others. We’d love to hear some examples of mentoring, coaching and growing team members. Maybe you will have written some blog posts about your discipline, or perhaps even delivered a talk or two that you’d like to share.
We look for the following skills and experience. But when we’re hiring for this role, if you don’t have some of the skills and experience listed below, don’t let that stop you from applying!
- Working directly with clients
- Leading cyber engineering workstreams and embedding into digital, data and technology teams to upskill them while managing risk and compliance
- Shaping cyber and information security strategy and managing continuous risk reduction across multiple digital or data services and cloud-based platforms
- End-to-end security involvement, including governance, risk and compliance, operational security, supply chain security and secure user management
- Identifying security issues in existing system designs, digital services (products) and platforms, including recommending mitigations that balance cost, risk and usability
- Strong understanding of integrating security as part of a multidisciplinary approach to delivering digital services (products) and platforms utilising a DevSecOps approach and enabling Continuous Security as part of wider CI/CD tools and practices
- Up-to-date understanding of, and ensuring compliance to, security standards and regulations including GDS Technology Code of Practice, NCSC Cyber Principles, ISO27001, SoC, NIST, PCI, and GDPR
- Up-to-date understanding of testing the security of software and infrastructure using appropriate security tools including automated cloud-based tooling
- Up-to-date understanding of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS)
- Up-to-date understanding of identity management and authentication/authorisation products and patterns
- Evidence of self-development – we value keen learners
- Empathy and people skills
Experience in the following things isn’t essential, but it’s highly desirable!
- Working at a technology consultancy
- Pair programming
- A relevant cyber and information security qualification (one of: CISSP, SSCP, CISM, CRISC, CAP, CPP, GCHQ-certified * Master’s degree in cyber security, or a PhD that is relevant to cyber security)
- Penetration testing qualifications (one of: OSCP, CREST, TIGER or equivalent)
- Working within bid teams to win contracts exceeding value of £1m
- Working with multidisciplinary digital and technology teams
- Working within the public sector
- Hiring, forming and running teams
Take a look at the Benefits & Perks section of the Made Tech Handbook to see what we can offer you.
We mainly work remotely but you may need to visit clients or go to the office occasionally. We have offices in London, Bristol, Manchester, and Swansea.
The salary for this role is location dependant:
- UK: £70,000 - £100,000
- London & South East: £73,500 - £105,000
When we’re hiring for this role, you can see the details and apply at www.madetech.com/careers. If you have any questions about the role please email us at [email protected]. We’re happy to help!