We are partnering with a major UK energy organisation to find an experienced Cyber Threat Intelligence & Vulnerability Management Lead. This high-impact leadership role will oversee all aspects of cyber threat intelligence and vulnerability management across the Group, helping protect critical infrastructure and enabling strategic security initiatives. About the Role: This position offers a unique opportunity to influence the development of security capabilities within one of the UK's largest energy firms. You'll lead the technical evolution of threat intelligence and vulnerability strategies, directly supporting senior leadership and contributing to the Group's security maturity programme. As a subject matter expert, you will mentor and manage a specialist team, lead engagements with law enforcement and government bodies, and define group-wide technical controls. The role plays a key part in aligning the organisation with emerging threats, regulatory requirements, and global best practices. Your Responsibilities: Lead Cyber Threat Intelligence and Vulnerability Management strategies Guide the rollout of technical controls, policies, and threat intelligence platforms Manage and develop a specialist team (including Analysts and Specialists) Represent cyber intelligence at leadership and sector-wide working groups Define and maintain technical controls, SOC processes, and architectural frameworks Liaise with external agencies including law enforcement and NGOs Own cyber threat documentation, technical reporting, and toolkit implementation Your Required Skills: Proven leadership in threat intelligence and vulnerability management Strong knowledge of threat actor TTPs, IoCs, and threat hunting methodologies Familiarity with TIPs, security frameworks (NIST, ISO), and OT/ICS environments Excellent stakeholder engagement skills across corporate and operational domains Ability to communicate technical controls to senior leadership Experience influencing security culture and behaviour within large organisations Desirable: Experience in energy, critical infrastructure, or highly regulated sectors Relevant certifications (eg, CISSP, GCTI, GIAC, OSCP, or similar) Strong understanding of legal and regulatory requirements in the UK If this role sounds like you, please apply now with your up to date CV and the best number to contact you on at (see below)
24/10/2025
Full time
We are partnering with a major UK energy organisation to find an experienced Cyber Threat Intelligence & Vulnerability Management Lead. This high-impact leadership role will oversee all aspects of cyber threat intelligence and vulnerability management across the Group, helping protect critical infrastructure and enabling strategic security initiatives. About the Role: This position offers a unique opportunity to influence the development of security capabilities within one of the UK's largest energy firms. You'll lead the technical evolution of threat intelligence and vulnerability strategies, directly supporting senior leadership and contributing to the Group's security maturity programme. As a subject matter expert, you will mentor and manage a specialist team, lead engagements with law enforcement and government bodies, and define group-wide technical controls. The role plays a key part in aligning the organisation with emerging threats, regulatory requirements, and global best practices. Your Responsibilities: Lead Cyber Threat Intelligence and Vulnerability Management strategies Guide the rollout of technical controls, policies, and threat intelligence platforms Manage and develop a specialist team (including Analysts and Specialists) Represent cyber intelligence at leadership and sector-wide working groups Define and maintain technical controls, SOC processes, and architectural frameworks Liaise with external agencies including law enforcement and NGOs Own cyber threat documentation, technical reporting, and toolkit implementation Your Required Skills: Proven leadership in threat intelligence and vulnerability management Strong knowledge of threat actor TTPs, IoCs, and threat hunting methodologies Familiarity with TIPs, security frameworks (NIST, ISO), and OT/ICS environments Excellent stakeholder engagement skills across corporate and operational domains Ability to communicate technical controls to senior leadership Experience influencing security culture and behaviour within large organisations Desirable: Experience in energy, critical infrastructure, or highly regulated sectors Relevant certifications (eg, CISSP, GCTI, GIAC, OSCP, or similar) Strong understanding of legal and regulatory requirements in the UK If this role sounds like you, please apply now with your up to date CV and the best number to contact you on at (see below)
Senior IT Security Specialist to lead and strengthen the cyber resilience of a complex public-sector programme. The postholder will play a pivotal role in developing, implementing, and governing security strategy, ensuring compliance with national standards, and embedding robust cyber practices across digital and IT estates. This is a senior strategic and technical leadership role, ideal for a seasoned security professional with a background in enterprise-scale or local government IT environments. £700pd gross umbrella. Key Responsibilities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy aligned to organisational objectives and statutory duties. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital transformation strategy. Advise senior management and boards on cyber risk posture, incidents, and mitigations. Identify and manage strategic risks - technical, legal, reputational, and financial. Evaluate emerging technologies (AI, RPA, cloud, hybrid infrastructure) from a security perspective. Policy, Procedure, and Guidance Oversight Review, update, and enforce security policies, standards, and guidance (e.g. Acceptable Use, Incident Response, Remote Access). Ensure compliance with NCSC, ISO 27001, NIST, Cyber Essentials, and GDPR frameworks. Clarify security roles and responsibilities across departments. Support Information Governance and Data Protection teams on policy alignment and compliance. Technical Review and Oversight Lead or oversee reviews of system architectures, applications, cloud services (IaaS, PaaS, SaaS), and network security. Assess IAM/PAM implementations and M365/Azure/Active Directory configurations. Conduct or oversee penetration testing, vulnerability assessments, and threat modelling. Review and approve technical designs and solution architectures from a security standpoint. Assurance, Compliance, and Audit Develop and maintain an IT Security Assurance Framework. Lead internal and external audits, accreditation, and certification activities (e.g. PSN, Cyber Essentials Plus, ISO 27001). Monitor compliance with standards and respond to audit findings. Analyse SIEM outputs, threat intelligence feeds, and monitoring tools. Performance Monitoring and Reporting Define and track key security KPIs and metrics. Produce security performance and risk reports for executive and board audiences. Maintain security risk registers and oversee remediation activity. Stakeholder Engagement and Leadership Act as senior security advisor to leadership, IT programmes, and project boards. Influence project governance to embed security by design. Represent the organisation in regional and national cyber forums (e.g. WARP, NCSC, iNetwork). Training, Awareness, and Culture Lead and support cyber awareness campaigns and training. Promote a culture of security and resilience across the organisation. Collaborate with HR and L&D to embed cyber hygiene into inductions and ongoing learning. Incident Management and Business Continuity Oversee the development and testing of Incident Response, Disaster Recovery, and Business Continuity Plans. Provide senior escalation and leadership during security incidents. Conduct post-incident reviews and ensure lessons learned drive continuous improvement. Continuous Improvement and Innovation Stay informed on emerging threats and industry trends. Champion automation and innovation in security operations (e.g. SOAR, XDR). Drive security maturity assessments and roadmap development. Essential Experience Proven leadership in IT or cyber security at enterprise or local authority level. Strong understanding of security governance, risk management, and compliance. Hands-on experience with cloud, network, and identity security. Familiarity with UK public sector standards (e.g. PSN, NCSC, GDPR). Relevant certifications desirable (CISSP, CISM, ISO 27001 Lead Auditor, etc.).
17/10/2025
Seasonal
Senior IT Security Specialist to lead and strengthen the cyber resilience of a complex public-sector programme. The postholder will play a pivotal role in developing, implementing, and governing security strategy, ensuring compliance with national standards, and embedding robust cyber practices across digital and IT estates. This is a senior strategic and technical leadership role, ideal for a seasoned security professional with a background in enterprise-scale or local government IT environments. £700pd gross umbrella. Key Responsibilities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy aligned to organisational objectives and statutory duties. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital transformation strategy. Advise senior management and boards on cyber risk posture, incidents, and mitigations. Identify and manage strategic risks - technical, legal, reputational, and financial. Evaluate emerging technologies (AI, RPA, cloud, hybrid infrastructure) from a security perspective. Policy, Procedure, and Guidance Oversight Review, update, and enforce security policies, standards, and guidance (e.g. Acceptable Use, Incident Response, Remote Access). Ensure compliance with NCSC, ISO 27001, NIST, Cyber Essentials, and GDPR frameworks. Clarify security roles and responsibilities across departments. Support Information Governance and Data Protection teams on policy alignment and compliance. Technical Review and Oversight Lead or oversee reviews of system architectures, applications, cloud services (IaaS, PaaS, SaaS), and network security. Assess IAM/PAM implementations and M365/Azure/Active Directory configurations. Conduct or oversee penetration testing, vulnerability assessments, and threat modelling. Review and approve technical designs and solution architectures from a security standpoint. Assurance, Compliance, and Audit Develop and maintain an IT Security Assurance Framework. Lead internal and external audits, accreditation, and certification activities (e.g. PSN, Cyber Essentials Plus, ISO 27001). Monitor compliance with standards and respond to audit findings. Analyse SIEM outputs, threat intelligence feeds, and monitoring tools. Performance Monitoring and Reporting Define and track key security KPIs and metrics. Produce security performance and risk reports for executive and board audiences. Maintain security risk registers and oversee remediation activity. Stakeholder Engagement and Leadership Act as senior security advisor to leadership, IT programmes, and project boards. Influence project governance to embed security by design. Represent the organisation in regional and national cyber forums (e.g. WARP, NCSC, iNetwork). Training, Awareness, and Culture Lead and support cyber awareness campaigns and training. Promote a culture of security and resilience across the organisation. Collaborate with HR and L&D to embed cyber hygiene into inductions and ongoing learning. Incident Management and Business Continuity Oversee the development and testing of Incident Response, Disaster Recovery, and Business Continuity Plans. Provide senior escalation and leadership during security incidents. Conduct post-incident reviews and ensure lessons learned drive continuous improvement. Continuous Improvement and Innovation Stay informed on emerging threats and industry trends. Champion automation and innovation in security operations (e.g. SOAR, XDR). Drive security maturity assessments and roadmap development. Essential Experience Proven leadership in IT or cyber security at enterprise or local authority level. Strong understanding of security governance, risk management, and compliance. Hands-on experience with cloud, network, and identity security. Familiarity with UK public sector standards (e.g. PSN, NCSC, GDPR). Relevant certifications desirable (CISSP, CISM, ISO 27001 Lead Auditor, etc.).
Senior Isp It Security needed in Bradford, £503.72 per day PAYE - Reference: Senior ISP IT Security Role - Key Responsibilities and Activities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy in line with organisational goals and regulatory obligations. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital strategy. Participate in board-level or senior management discussions around cyber risk. Identify and manage strategic security risks (technical, legal, reputational, financial). Evaluate and advise on emerging technologies (e.g. AI, RPA, cloud, hybrid infrastructure) from a security perspective. Policy, Procedure, and Guidance Oversight Review and update security policies, procedures, standards, and guidance regularly (e.g., acceptable use, remote access, incident response, etc.). Ensure alignment with frameworks such as NCSC guidance, ISO 27001, NIST, Cyber Essentials, and GDPR. Develop and communicate clear roles and responsibilities for information security across departments. Support Information Governance and Data Protection with policy harmonisation and compliance efforts. Technical Review and Oversight Undertake technical reviews of: New and existing systems, applications, and infrastructure. Cloud service configurations (IaaS, SaaS, PaaS). Network architecture, including firewalls, VPNs, and segmentation. Identity and Access Management (IAM) implementations, including PIM/PAM. Security configurations in Microsoft 365, Azure, Active Directory, etc. Conduct or oversee vulnerability assessments, penetration tests, and threat modelling. Review and approve technical designs and solution architectures from a security standpoint. Assurance, Compliance, and Audit Develop and maintain the IT Security Assurance Framework. Lead or coordinate internal/external audits and security assessments. Track and report on compliance with standards and regulatory requirements. Work with internal and external partners to deliver accreditation or certification activities (e.g., PSN, Cyber Essentials Plus, ISO 27001). Monitor and respond to findings from SIEM, threat intelligence feeds, or monitoring tools. Performance Monitoring and Reporting Define and monitor key security performance indicators (KPIs). Produce regular security reports for senior management and boards. Track risk registers, exceptions, and remediation actions related to security. Stakeholder Engagement and Leadership Act as the senior security point of contact for internal and external stakeholders. Provide advice and consultancy to IT projects, business units, and leadership teams. Influence and guide project governance to embed security early in the lifecycle. Represent the organisation at regional and national forums (e.g., WARP, NCSC, iNetwork). Training, Awareness, and Culture Lead and support cybersecurity awareness and training campaigns. Build a security-conscious culture across the organisation. Work with HR and Learning & Development to embed cyber hygiene into inductions and role-based training. Incident Management and Business Continuity Develop and review the Disaster Recovery and Business Continuity Plans for IT Services and support the Disaster Recovery and Business Continuity for the services areas. Oversee and periodically test the incident response and disaster recovery plans. Provide strategic direction and escalation oversight during major incidents. Conduct post-incident reviews and feed findings into policy, technical, and training improvements. Continuous Improvement and Innovation Keep abreast of emerging threats, vulnerabilities, and industry best practices. Champion innovation in security practices, tools, and automation (e.g., SOAR, XDR). Evaluate and recommend security products and services. Lead or contribute to security maturity assessments and roadmaps. This is a Full time role on a temporary contract basis. If you are interested in the role please apply on our website with your CV, alternatively you can email your CV to quoting the reference number. Essential Employment is acting as an Employment Business in relation to this vacancy. Essential Employment is an Equal Opportunities Employer. All our roles may be subject to pre-employment checks including references so please be prepared. Due to high volumes of CVs received we are not able to respond to all unsuccessful applications. You will always however hear from us by phone if we are able to take your CV forward to the next stage. You can also follow us at Twitter/Facebook/LinkedIn or via our website .
17/10/2025
Seasonal
Senior Isp It Security needed in Bradford, £503.72 per day PAYE - Reference: Senior ISP IT Security Role - Key Responsibilities and Activities Strategic Planning and Governance Develop, review, and maintain the IT Security Strategy in line with organisational goals and regulatory obligations. Lead the creation and enforcement of cybersecurity governance frameworks. Align security objectives with enterprise architecture and digital strategy. Participate in board-level or senior management discussions around cyber risk. Identify and manage strategic security risks (technical, legal, reputational, financial). Evaluate and advise on emerging technologies (e.g. AI, RPA, cloud, hybrid infrastructure) from a security perspective. Policy, Procedure, and Guidance Oversight Review and update security policies, procedures, standards, and guidance regularly (e.g., acceptable use, remote access, incident response, etc.). Ensure alignment with frameworks such as NCSC guidance, ISO 27001, NIST, Cyber Essentials, and GDPR. Develop and communicate clear roles and responsibilities for information security across departments. Support Information Governance and Data Protection with policy harmonisation and compliance efforts. Technical Review and Oversight Undertake technical reviews of: New and existing systems, applications, and infrastructure. Cloud service configurations (IaaS, SaaS, PaaS). Network architecture, including firewalls, VPNs, and segmentation. Identity and Access Management (IAM) implementations, including PIM/PAM. Security configurations in Microsoft 365, Azure, Active Directory, etc. Conduct or oversee vulnerability assessments, penetration tests, and threat modelling. Review and approve technical designs and solution architectures from a security standpoint. Assurance, Compliance, and Audit Develop and maintain the IT Security Assurance Framework. Lead or coordinate internal/external audits and security assessments. Track and report on compliance with standards and regulatory requirements. Work with internal and external partners to deliver accreditation or certification activities (e.g., PSN, Cyber Essentials Plus, ISO 27001). Monitor and respond to findings from SIEM, threat intelligence feeds, or monitoring tools. Performance Monitoring and Reporting Define and monitor key security performance indicators (KPIs). Produce regular security reports for senior management and boards. Track risk registers, exceptions, and remediation actions related to security. Stakeholder Engagement and Leadership Act as the senior security point of contact for internal and external stakeholders. Provide advice and consultancy to IT projects, business units, and leadership teams. Influence and guide project governance to embed security early in the lifecycle. Represent the organisation at regional and national forums (e.g., WARP, NCSC, iNetwork). Training, Awareness, and Culture Lead and support cybersecurity awareness and training campaigns. Build a security-conscious culture across the organisation. Work with HR and Learning & Development to embed cyber hygiene into inductions and role-based training. Incident Management and Business Continuity Develop and review the Disaster Recovery and Business Continuity Plans for IT Services and support the Disaster Recovery and Business Continuity for the services areas. Oversee and periodically test the incident response and disaster recovery plans. Provide strategic direction and escalation oversight during major incidents. Conduct post-incident reviews and feed findings into policy, technical, and training improvements. Continuous Improvement and Innovation Keep abreast of emerging threats, vulnerabilities, and industry best practices. Champion innovation in security practices, tools, and automation (e.g., SOAR, XDR). Evaluate and recommend security products and services. Lead or contribute to security maturity assessments and roadmaps. This is a Full time role on a temporary contract basis. If you are interested in the role please apply on our website with your CV, alternatively you can email your CV to quoting the reference number. Essential Employment is acting as an Employment Business in relation to this vacancy. Essential Employment is an Equal Opportunities Employer. All our roles may be subject to pre-employment checks including references so please be prepared. Due to high volumes of CVs received we are not able to respond to all unsuccessful applications. You will always however hear from us by phone if we are able to take your CV forward to the next stage. You can also follow us at Twitter/Facebook/LinkedIn or via our website .
Head of IT Security - West London - (Enterprise-wide Cyber & Information Security) Location: West London - 5 days on-site Salary: £90-100,000 per annum My client is looking to recruit a Head of IT Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
17/10/2025
Full time
Head of IT Security - West London - (Enterprise-wide Cyber & Information Security) Location: West London - 5 days on-site Salary: £90-100,000 per annum My client is looking to recruit a Head of IT Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
Head of Cyber Security - Enterprise-wide Cyber & Information Security Location: London - 5 days on-site Salary: £95-100,000 per annum Type: Permanent My client is looking to recruit a Head of Cyber Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
17/10/2025
Full time
Head of Cyber Security - Enterprise-wide Cyber & Information Security Location: London - 5 days on-site Salary: £95-100,000 per annum Type: Permanent My client is looking to recruit a Head of Cyber Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
About Our Client Join Our Client , a fast-growing fintech innovator securing next-gen payment platforms for leading banks and startups. With a focus on AI-driven threat detection and zero-trust architecture, Our Client has been named one of Europe's Top 50 Cybersecurity Scale-ups. Role Snapshot As an Associate Cybersecurity Analyst , you'll be the eye in the sky-monitoring, investigating, and helping defend Our Client's financial ecosystems against sophisticated attacks. This is a launchpad role: you'll work alongside world-class security engineers, hone your skills on cutting-edge tools, and shape the future of digital payments security. Your Day-to-Day Alert Triage: Analyze SIEM and threat-intelligence feeds to spot anomalies. Threat Hunting: Use forensic tools to track indicators of compromise across networks. Vulnerability Management: Run scans, prioritize remediation tasks, and validate fixes. Incident Response Support: Coordinate with SRE and DevOps teams to contain breaches. Report & Recommend: Draft concise, actionable incident summaries for executive stakeholders. Continuous Learning: Attend weekly knowledge-shares, capture insights, and contribute to our internal threat library. What You Bring Must-Haves Bachelor's degree in Cybersecurity, Computer Science, or related field. Practical experience with at least one SIEM platform (e.g., Splunk, QRadar). Understanding of networking fundamentals, TCP/IP, and common protocols. Strong investigative mindset and attention to detail. Clear, concise communication skills for both technical and business audiences. Nice-to-Haves Exposure to cloud security (AWS, Azure, or GCP). Hands-on lab or internship experience with incident response. Entry-level certs like CompTIA Security+ or GIAC GSEC in progress. Why Our Client? Competitive package: £36,000-£43,000 + performance bonus. Flexibility: Choose your workspace-office, home, or the best of both. Career trajectory: Clear path to Cybersecurity Engineer or SOC Lead within 12-18 months. Learning budget: £2,000/year for certifications and conferences. Culture: Monthly hackathons, "Lunch & Learn" tech talks, and a Slack channel just for memes. Impact: Play a key role in securing over £10 billion in global transactions each year.
17/10/2025
Full time
About Our Client Join Our Client , a fast-growing fintech innovator securing next-gen payment platforms for leading banks and startups. With a focus on AI-driven threat detection and zero-trust architecture, Our Client has been named one of Europe's Top 50 Cybersecurity Scale-ups. Role Snapshot As an Associate Cybersecurity Analyst , you'll be the eye in the sky-monitoring, investigating, and helping defend Our Client's financial ecosystems against sophisticated attacks. This is a launchpad role: you'll work alongside world-class security engineers, hone your skills on cutting-edge tools, and shape the future of digital payments security. Your Day-to-Day Alert Triage: Analyze SIEM and threat-intelligence feeds to spot anomalies. Threat Hunting: Use forensic tools to track indicators of compromise across networks. Vulnerability Management: Run scans, prioritize remediation tasks, and validate fixes. Incident Response Support: Coordinate with SRE and DevOps teams to contain breaches. Report & Recommend: Draft concise, actionable incident summaries for executive stakeholders. Continuous Learning: Attend weekly knowledge-shares, capture insights, and contribute to our internal threat library. What You Bring Must-Haves Bachelor's degree in Cybersecurity, Computer Science, or related field. Practical experience with at least one SIEM platform (e.g., Splunk, QRadar). Understanding of networking fundamentals, TCP/IP, and common protocols. Strong investigative mindset and attention to detail. Clear, concise communication skills for both technical and business audiences. Nice-to-Haves Exposure to cloud security (AWS, Azure, or GCP). Hands-on lab or internship experience with incident response. Entry-level certs like CompTIA Security+ or GIAC GSEC in progress. Why Our Client? Competitive package: £36,000-£43,000 + performance bonus. Flexibility: Choose your workspace-office, home, or the best of both. Career trajectory: Clear path to Cybersecurity Engineer or SOC Lead within 12-18 months. Learning budget: £2,000/year for certifications and conferences. Culture: Monthly hackathons, "Lunch & Learn" tech talks, and a Slack channel just for memes. Impact: Play a key role in securing over £10 billion in global transactions each year.
Main purpose of post: The Cybersecurity Department with our client provide support for all electronic communications systems at the site, as well as taking a leading role in delivering technology change / improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will involve the following: Endpoint monitoring and analysis. Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. Monitor and administer Security Information and Event Management (SIEM). Malware analysis and forensics research. Understanding/ differentiation of intrusion attempts and false positives. Investigation tracking and threat resolution. Vulnerability identification & mitigation / remediation. Compose security alert notifications. Advise incident responders & other teams on threat. Triage security events and incidents apply containment and mitigation/remediation strategies. Generate reports and document security incidents / events. Proactively monitoring the performance of systems, and make regular routine inspections of installed equipment and take corrective avoidance actions to prevent wider problems. Act as the point of escalation for the Service desk for security related tickets. Analysis of weekly vulnerability scans and update relevant records. Essential A well organised and structured approach to work planning, time allocation to tasks, and a flexible approach to daily routines to deliver the desired results. An ambition to constantly learn new skills and develop knowledge, with an understanding that study time outside of working hours may be required for career development. Credible knowledge/experience in Microsoft Windows Operating Systems. Credible knowledge/experience of Active Directory, Group policies, TCP/IP, DNS, DHCP and Exchange Server. Capable of effectively multi-tasking, prioritizing work, and handling competing interests Capable of analysing information technology logs and events sources preferred Working knowledge of data storage systems, data backup and restoration methods. Understanding of security tooling, its purpose and functionality (Anti-Malware, IPS, Web and Email Gateways, security analysis tools, web security tools, next generation firewall/UTMs) Ability to work independently while managing support to a high standard Contribute credibly to IT department's delivery of SLAs and other support targets Self-motivated to advance own knowledge & gain formal qualifications Ability to analyse vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence Advanced knowledge of computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing Knowledge of Cloud computing, computer network defence, identity management, incident management and network security. Significant experience within a SOC environment. Incident response experience Qualification / Certification in Cyber Security Desirable IT Qualifications / Certifications such as CompTIA A+, Network+, Security+ IT Helpdesk experience or knowledge Cyber Security Operation Centre experience Qualification / Certification in Cyber Security Person Specification: Communication. Structures and conveys information and ideas effectively. Communicates to ensure they are understood by others, that they understand others and share information with colleagues at all levels. Achieving results. Knows what needs to be achieved by when. Anticipates obstacles. Motivates self and others to overcome barriers and achieve results. Planning & Organising. Identifies a goal and puts in place a sequence of steps to ensure priorities are delivered on time, making effective use of resources Team Focus. Develops effective working relationships inside and outside traditional boundaries to achieve organisational goals. Breaks down barriers between groups and involves others in discussions and decisions You will be required to pass a range of referencing and vetting checks, including a Criminal Record Check and a Counter Terrorism Check (CTC). You must also have lived in the UK for at least 3 years with a 5-year work history, unless in education. Connect2Employment is a trading style of Luton & Kent Commercial Services LLP - A joint venture between Luton Borough Council & Commercial Services Kent Ltd. Connect2Employment is an equal opportunities Employment Agency & Business. It positively encourages applications from all suitably qualified and eligible candidates.
17/10/2025
Full time
Main purpose of post: The Cybersecurity Department with our client provide support for all electronic communications systems at the site, as well as taking a leading role in delivering technology change / improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will involve the following: Endpoint monitoring and analysis. Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. Monitor and administer Security Information and Event Management (SIEM). Malware analysis and forensics research. Understanding/ differentiation of intrusion attempts and false positives. Investigation tracking and threat resolution. Vulnerability identification & mitigation / remediation. Compose security alert notifications. Advise incident responders & other teams on threat. Triage security events and incidents apply containment and mitigation/remediation strategies. Generate reports and document security incidents / events. Proactively monitoring the performance of systems, and make regular routine inspections of installed equipment and take corrective avoidance actions to prevent wider problems. Act as the point of escalation for the Service desk for security related tickets. Analysis of weekly vulnerability scans and update relevant records. Essential A well organised and structured approach to work planning, time allocation to tasks, and a flexible approach to daily routines to deliver the desired results. An ambition to constantly learn new skills and develop knowledge, with an understanding that study time outside of working hours may be required for career development. Credible knowledge/experience in Microsoft Windows Operating Systems. Credible knowledge/experience of Active Directory, Group policies, TCP/IP, DNS, DHCP and Exchange Server. Capable of effectively multi-tasking, prioritizing work, and handling competing interests Capable of analysing information technology logs and events sources preferred Working knowledge of data storage systems, data backup and restoration methods. Understanding of security tooling, its purpose and functionality (Anti-Malware, IPS, Web and Email Gateways, security analysis tools, web security tools, next generation firewall/UTMs) Ability to work independently while managing support to a high standard Contribute credibly to IT department's delivery of SLAs and other support targets Self-motivated to advance own knowledge & gain formal qualifications Ability to analyse vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence Advanced knowledge of computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing Knowledge of Cloud computing, computer network defence, identity management, incident management and network security. Significant experience within a SOC environment. Incident response experience Qualification / Certification in Cyber Security Desirable IT Qualifications / Certifications such as CompTIA A+, Network+, Security+ IT Helpdesk experience or knowledge Cyber Security Operation Centre experience Qualification / Certification in Cyber Security Person Specification: Communication. Structures and conveys information and ideas effectively. Communicates to ensure they are understood by others, that they understand others and share information with colleagues at all levels. Achieving results. Knows what needs to be achieved by when. Anticipates obstacles. Motivates self and others to overcome barriers and achieve results. Planning & Organising. Identifies a goal and puts in place a sequence of steps to ensure priorities are delivered on time, making effective use of resources Team Focus. Develops effective working relationships inside and outside traditional boundaries to achieve organisational goals. Breaks down barriers between groups and involves others in discussions and decisions You will be required to pass a range of referencing and vetting checks, including a Criminal Record Check and a Counter Terrorism Check (CTC). You must also have lived in the UK for at least 3 years with a 5-year work history, unless in education. Connect2Employment is a trading style of Luton & Kent Commercial Services LLP - A joint venture between Luton Borough Council & Commercial Services Kent Ltd. Connect2Employment is an equal opportunities Employment Agency & Business. It positively encourages applications from all suitably qualified and eligible candidates.
Head of IT Security - West London - (Enterprise-wide Cyber & Information Security) Location: West London - 5 days on-site Salary: (phone number removed) per annum My client is looking to recruit a Head of IT Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
16/10/2025
Full time
Head of IT Security - West London - (Enterprise-wide Cyber & Information Security) Location: West London - 5 days on-site Salary: (phone number removed) per annum My client is looking to recruit a Head of IT Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
Head of Cyber Security - Enterprise-wide Cyber & Information Security Location: London - 5 days on-site Salary: (phone number removed) per annum Type: Permanent My client is looking to recruit a Head of Cyber Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
15/10/2025
Full time
Head of Cyber Security - Enterprise-wide Cyber & Information Security Location: London - 5 days on-site Salary: (phone number removed) per annum Type: Permanent My client is looking to recruit a Head of Cyber Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations. The Role: As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions. Key Responsibilities: Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes. Embed security by design across projects, platforms, data flows, and product development. Lead enterprise-wide information, cyber, and data security governance. Define and implement security frameworks, policies, and operating models. Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices. Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs. Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender. Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities. Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure. Support SD-WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures. Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership. Drive security culture through training, phishing simulations, and awareness programs. Partner with IT, Legal, HR, and business units to embed security in operations and service delivery. Provide security input for vendor assessments, third-party risk, and M&A due diligence. Candidate Profile: Proven senior leadership experience in information, cyber, or data security. CISSP, CISM, or CISA certified (or equivalent). Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus. Hands-on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures. Strong experience in Zero Trust security models. Experienced in security tooling selection and implementation. Deep understanding of data protection legislation, risk management frameworks, and compliance requirements. Exceptional leadership, stakeholder engagement, and influencing skills.
SSR General & Management
Chelmsley Wood, Warwickshire
Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the relationship with the external SOC, ensuring proactive threat detection and response. Stay updated on industry trends and represent the company at cybersecurity events. Ensure compliance with security standards and regulations. Key Skills Strong leadership in IT security, particularly in incident and threat management. Advanced knowledge of cybersecurity frameworks, incident response, and threat intelligence. Analytical and critical thinking skills for complex security challenges. Excellent communication and collaboration abilities (across technical and non-technical teams). Ability to operate in a fast-moving environment and adapt strategies to emerging threats. Qualifications Extensive hands-on experience in large organizations managing incident response and threat management. Proven track record of leading cybersecurity teams. Bachelor s or Master s degree in Cybersecurity, IT, or related field. If you are a dynamic leader who thrives in fast-moving environments and wants to make a measurable impact on global cybersecurity resilience, this role offers the platform and support to do exactly that, apply for this exceptional vacancy today.
06/10/2025
Full time
Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats ensuring they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the relationship with the external SOC, ensuring proactive threat detection and response. Stay updated on industry trends and represent the company at cybersecurity events. Ensure compliance with security standards and regulations. Key Skills Strong leadership in IT security, particularly in incident and threat management. Advanced knowledge of cybersecurity frameworks, incident response, and threat intelligence. Analytical and critical thinking skills for complex security challenges. Excellent communication and collaboration abilities (across technical and non-technical teams). Ability to operate in a fast-moving environment and adapt strategies to emerging threats. Qualifications Extensive hands-on experience in large organizations managing incident response and threat management. Proven track record of leading cybersecurity teams. Bachelor s or Master s degree in Cybersecurity, IT, or related field. If you are a dynamic leader who thrives in fast-moving environments and wants to make a measurable impact on global cybersecurity resilience, this role offers the platform and support to do exactly that, apply for this exceptional vacancy today.
Main purpose of post: The Cybersecurity Department with our client provide support for all electronic communications systems at the site, as well as taking a leading role in delivering technology change / improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will involve the following: Endpoint monitoring and analysis. Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. Monitor and administer Security Information and Event Management (SIEM). Malware analysis and forensics research. Understanding/ differentiation of intrusion attempts and false positives. Investigation tracking and threat resolution. Vulnerability identification & mitigation / remediation. Compose security alert notifications. Advise incident responders & other teams on threat. Triage security events and incidents apply containment and mitigation/remediation strategies. Generate reports and document security incidents / events. Proactively monitoring the performance of systems, and make regular routine inspections of installed equipment and take corrective avoidance actions to prevent wider problems. Act as the point of escalation for the Service desk for security related tickets. Analysis of weekly vulnerability scans and update relevant records. Essential A well organised and structured approach to work planning, time allocation to tasks, and a flexible approach to daily routines to deliver the desired results. An ambition to constantly learn new skills and develop knowledge, with an understanding that study time outside of working hours may be required for career development. Credible knowledge/experience in Microsoft Windows Operating Systems. Credible knowledge/experience of Active Directory, Group policies, TCP/IP, DNS, DHCP and Exchange Server. Capable of effectively multi-tasking, prioritizing work, and handling competing interests Capable of analysing information technology logs and events sources preferred Working knowledge of data storage systems, data backup and restoration methods. Understanding of security tooling, its purpose and functionality (Anti-Malware, IPS, Web and Email Gateways, security analysis tools, web security tools, next generation firewall/UTMs) Ability to work independently while managing support to a high standard Contribute credibly to IT department's delivery of SLAs and other support targets Self-motivated to advance own knowledge & gain formal qualifications Ability to analyse vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence Advanced knowledge of computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing Knowledge of Cloud computing, computer network defence, identity management, incident management and network security. Significant experience within a SOC environment. Incident response experience Qualification / Certification in Cyber Security Desirable IT Qualifications / Certifications such as CompTIA A+, Network+, Security+ IT Helpdesk experience or knowledge Cyber Security Operation Centre experience Qualification / Certification in Cyber Security Person Specification: Communication. Structures and conveys information and ideas effectively. Communicates to ensure they are understood by others, that they understand others and share information with colleagues at all levels. Achieving results. Knows what needs to be achieved by when. Anticipates obstacles. Motivates self and others to overcome barriers and achieve results. Planning & Organising. Identifies a goal and puts in place a sequence of steps to ensure priorities are delivered on time, making effective use of resources Team Focus. Develops effective working relationships inside and outside traditional boundaries to achieve organisational goals. Breaks down barriers between groups and involves others in discussions and decisions You will be required to pass a range of referencing and vetting checks, including a Criminal Record Check and a Counter Terrorism Check (CTC). You must also have lived in the UK for at least 3 years with a 5-year work history, unless in education. Connect2Employment is a trading style of Luton & Kent Commercial Services LLP - A joint venture between Luton Borough Council & Commercial Services Kent Ltd. Connect2Employment is an equal opportunities Employment Agency & Business. It positively encourages applications from all suitably qualified and eligible candidates.
06/10/2025
Full time
Main purpose of post: The Cybersecurity Department with our client provide support for all electronic communications systems at the site, as well as taking a leading role in delivering technology change / improvement projects and managing external support agreements. The Cyber Security Analyst is required to focus on the detection, investigation and response to cyber security events and incidents. Other tasks involve BAU security tasks, supporting cyber security projects and assisting with regulatory compliance. Daily tasks will involve the following: Endpoint monitoring and analysis. Incident readiness and handling as part of the Computer Security Incident Response (CSIRT) team. Monitor and administer Security Information and Event Management (SIEM). Malware analysis and forensics research. Understanding/ differentiation of intrusion attempts and false positives. Investigation tracking and threat resolution. Vulnerability identification & mitigation / remediation. Compose security alert notifications. Advise incident responders & other teams on threat. Triage security events and incidents apply containment and mitigation/remediation strategies. Generate reports and document security incidents / events. Proactively monitoring the performance of systems, and make regular routine inspections of installed equipment and take corrective avoidance actions to prevent wider problems. Act as the point of escalation for the Service desk for security related tickets. Analysis of weekly vulnerability scans and update relevant records. Essential A well organised and structured approach to work planning, time allocation to tasks, and a flexible approach to daily routines to deliver the desired results. An ambition to constantly learn new skills and develop knowledge, with an understanding that study time outside of working hours may be required for career development. Credible knowledge/experience in Microsoft Windows Operating Systems. Credible knowledge/experience of Active Directory, Group policies, TCP/IP, DNS, DHCP and Exchange Server. Capable of effectively multi-tasking, prioritizing work, and handling competing interests Capable of analysing information technology logs and events sources preferred Working knowledge of data storage systems, data backup and restoration methods. Understanding of security tooling, its purpose and functionality (Anti-Malware, IPS, Web and Email Gateways, security analysis tools, web security tools, next generation firewall/UTMs) Ability to work independently while managing support to a high standard Contribute credibly to IT department's delivery of SLAs and other support targets Self-motivated to advance own knowledge & gain formal qualifications Ability to analyse vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence Advanced knowledge of computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing Knowledge of Cloud computing, computer network defence, identity management, incident management and network security. Significant experience within a SOC environment. Incident response experience Qualification / Certification in Cyber Security Desirable IT Qualifications / Certifications such as CompTIA A+, Network+, Security+ IT Helpdesk experience or knowledge Cyber Security Operation Centre experience Qualification / Certification in Cyber Security Person Specification: Communication. Structures and conveys information and ideas effectively. Communicates to ensure they are understood by others, that they understand others and share information with colleagues at all levels. Achieving results. Knows what needs to be achieved by when. Anticipates obstacles. Motivates self and others to overcome barriers and achieve results. Planning & Organising. Identifies a goal and puts in place a sequence of steps to ensure priorities are delivered on time, making effective use of resources Team Focus. Develops effective working relationships inside and outside traditional boundaries to achieve organisational goals. Breaks down barriers between groups and involves others in discussions and decisions You will be required to pass a range of referencing and vetting checks, including a Criminal Record Check and a Counter Terrorism Check (CTC). You must also have lived in the UK for at least 3 years with a 5-year work history, unless in education. Connect2Employment is a trading style of Luton & Kent Commercial Services LLP - A joint venture between Luton Borough Council & Commercial Services Kent Ltd. Connect2Employment is an equal opportunities Employment Agency & Business. It positively encourages applications from all suitably qualified and eligible candidates.
Cyber Security Operational Technology (OT) Specialist Location: Immingham Contract Type: Permanent Salary: 57K - 60K Benefits: Pension, Private Medical, Incentive plan, 25 Holidays The Role Are you passionate about OT Cyber Security and ready to make a tangible impact across multiple UK energy generation and storage sites? We're looking for a Cyber Security OT Specialist with strong first-line technical skills and a solid grounding in risk management frameworks, ideally with experience in the energy sector. This is a key role within the cyber risk function, supporting critical infrastructure and helping shape secure and resilient OT environments aligned with IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and asset management, including backup and removable media deployments. Apply and track security metrics to ensure the ongoing effectiveness of controls. Deliver awareness training and cyber security guidance across OT engineering teams. Champion collaboration across cyber, IT, and engineering teams-bridging gaps between tech, process, and people. What We're Looking For The ability to work independently and manage multiple priorities. A strong desire to continuously learn, share knowledge, and adapt in a dynamic environment. A high regard for environmental, safety, and regulatory standards. A keen understanding of the Purdue Model, OT/DMZ/IT network segregation, and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber security frameworks applicable to OT environments. Understanding of the NCSC Cyber Assessment Framework (CAF) is highly desirable. Why Join? Known for the ability to think and act fast using energy intelligence, the mission is to enable the energy transition by providing the power needed today and tomorrow. Whether you're an experienced professional or looking to grow, structured development pathways are provided. Offers competitive salary, pension scheme, PMI (private medical insurance), long-term incentive plan and holiday starting at 25 days plus bank holidays. Ready to Apply? If you are looking for a new challenge within a dynamic and forward-thinking organisation, we want to hear from you! Apply today and help shape the future of power generation. Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.
04/10/2025
Full time
Cyber Security Operational Technology (OT) Specialist Location: Immingham Contract Type: Permanent Salary: 57K - 60K Benefits: Pension, Private Medical, Incentive plan, 25 Holidays The Role Are you passionate about OT Cyber Security and ready to make a tangible impact across multiple UK energy generation and storage sites? We're looking for a Cyber Security OT Specialist with strong first-line technical skills and a solid grounding in risk management frameworks, ideally with experience in the energy sector. This is a key role within the cyber risk function, supporting critical infrastructure and helping shape secure and resilient OT environments aligned with IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and asset management, including backup and removable media deployments. Apply and track security metrics to ensure the ongoing effectiveness of controls. Deliver awareness training and cyber security guidance across OT engineering teams. Champion collaboration across cyber, IT, and engineering teams-bridging gaps between tech, process, and people. What We're Looking For The ability to work independently and manage multiple priorities. A strong desire to continuously learn, share knowledge, and adapt in a dynamic environment. A high regard for environmental, safety, and regulatory standards. A keen understanding of the Purdue Model, OT/DMZ/IT network segregation, and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber security frameworks applicable to OT environments. Understanding of the NCSC Cyber Assessment Framework (CAF) is highly desirable. Why Join? Known for the ability to think and act fast using energy intelligence, the mission is to enable the energy transition by providing the power needed today and tomorrow. Whether you're an experienced professional or looking to grow, structured development pathways are provided. Offers competitive salary, pension scheme, PMI (private medical insurance), long-term incentive plan and holiday starting at 25 days plus bank holidays. Ready to Apply? If you are looking for a new challenge within a dynamic and forward-thinking organisation, we want to hear from you! Apply today and help shape the future of power generation. Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.
Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.
04/10/2025
Contractor
Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
03/10/2025
Contractor
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
Job Summary An operational cyber researcher is able to plan and perform research into a wide range of systems and technologies with a focus on discovering and exploiting weaknesses in their design or implementation. The role provides technical guidance for customers as well as supporting bids and proposals. An operational cyber researcher has broad skills which generally involve, but are not limited to, the following activities: Exploratory Research. Vulnerability & Technical Research. Experimental Development. Key Responsibilities Researchers undertaking exploratory research are expected to: Rapidly summarise and assess new domains. Provide domain knowledge for technical analysis, experimental development and subsequent engineering. Researchers undertaking vulnerability & technical research are expected to: Know which pen-testing and reverse engineering tools and methodologies are appropriate to a given problem. Have experience of advanced vulnerability assessment techniques such as fuzzing and code injection. Researchers undertaking experimental development are expected to: Develop, assess and prioritize prototype and simulated capabilities. Mandatory Skills and Experience Required A wide range of skills are required for Operational Research. The number one skill is being able to think systematically and take logical steps towards deconstructing a complex system. For lower-level work, an intermediate/advanced understanding of how computers work is important (eg knowing the difference between the heap and the stack, and between compiled and interpreted languages). More required skills for this role include: Skills General: Technical writing Presentation skills Innovative problem solving Team working Technical Analysis: Scripting (e.g. with Python) Rapid development of prototypes or simulations (e.g. with C#) Other Desirable Skills and Experience As well as the above, an Operational Cyber Researcher will need skills and experience in at least one of the areas below. An ideal candidate will cover several areas. Skills Technical Analysis: Network traffic analysis Reverse engineering Vulnerability analysis Exploit development Exploratory Research: OSINT and interacting with SMEs Developing new research skills as appropriate General: Technical Leadership Team management Knowledge Exploratory Research: Network architecture and security Risk assessment Systems engineering Architectural frameworks Technical Analysis: Processor architecture Operating systems and firmware Standard and domain-specific protocols and data formats Experimental Development: Software development life cycle Assured development practices (at a high-level) Technology A wide range of tools exist, and the researcher should be able to determine which are most appropriate for a given task. Types of tools used include: Scripting languages (e.g. Python); Traffic capture and analysis tools (e.g. Wireshark); Disassemblers (e.g. IDA Pro); Debuggers (e.g. gdb); Decompilers (e.g. Hex-Rays Decompiler); Virtualization environments; Integrated development environments; Domain-specific simulation and development tools. Security Clearance is required for this vacancy. If you are not currently Security Cleared, you will need to be eligible for this and willing to go through the process. For more guidance on National Security Vetting please click here. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. About BAE Systems Digital Intelligence We use our intelligence-led insights to help defend Governments, Nations and Societies from cyber-attacks and financial crime. Our customers depend on our evolving capabilities to help them safely grow their organisations. Our unprecedented access to threat intelligence, world-leading analysts and market-leading technology means we can help them to adapt, evolve and stay ahead of the criminals. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Our Government business unit houses four of our critical client groups: UK National Security, Global National Security, defence and central government. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.
22/09/2022
Full time
Job Summary An operational cyber researcher is able to plan and perform research into a wide range of systems and technologies with a focus on discovering and exploiting weaknesses in their design or implementation. The role provides technical guidance for customers as well as supporting bids and proposals. An operational cyber researcher has broad skills which generally involve, but are not limited to, the following activities: Exploratory Research. Vulnerability & Technical Research. Experimental Development. Key Responsibilities Researchers undertaking exploratory research are expected to: Rapidly summarise and assess new domains. Provide domain knowledge for technical analysis, experimental development and subsequent engineering. Researchers undertaking vulnerability & technical research are expected to: Know which pen-testing and reverse engineering tools and methodologies are appropriate to a given problem. Have experience of advanced vulnerability assessment techniques such as fuzzing and code injection. Researchers undertaking experimental development are expected to: Develop, assess and prioritize prototype and simulated capabilities. Mandatory Skills and Experience Required A wide range of skills are required for Operational Research. The number one skill is being able to think systematically and take logical steps towards deconstructing a complex system. For lower-level work, an intermediate/advanced understanding of how computers work is important (eg knowing the difference between the heap and the stack, and between compiled and interpreted languages). More required skills for this role include: Skills General: Technical writing Presentation skills Innovative problem solving Team working Technical Analysis: Scripting (e.g. with Python) Rapid development of prototypes or simulations (e.g. with C#) Other Desirable Skills and Experience As well as the above, an Operational Cyber Researcher will need skills and experience in at least one of the areas below. An ideal candidate will cover several areas. Skills Technical Analysis: Network traffic analysis Reverse engineering Vulnerability analysis Exploit development Exploratory Research: OSINT and interacting with SMEs Developing new research skills as appropriate General: Technical Leadership Team management Knowledge Exploratory Research: Network architecture and security Risk assessment Systems engineering Architectural frameworks Technical Analysis: Processor architecture Operating systems and firmware Standard and domain-specific protocols and data formats Experimental Development: Software development life cycle Assured development practices (at a high-level) Technology A wide range of tools exist, and the researcher should be able to determine which are most appropriate for a given task. Types of tools used include: Scripting languages (e.g. Python); Traffic capture and analysis tools (e.g. Wireshark); Disassemblers (e.g. IDA Pro); Debuggers (e.g. gdb); Decompilers (e.g. Hex-Rays Decompiler); Virtualization environments; Integrated development environments; Domain-specific simulation and development tools. Security Clearance is required for this vacancy. If you are not currently Security Cleared, you will need to be eligible for this and willing to go through the process. For more guidance on National Security Vetting please click here. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance wellbeing. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. About BAE Systems Digital Intelligence We use our intelligence-led insights to help defend Governments, Nations and Societies from cyber-attacks and financial crime. Our customers depend on our evolving capabilities to help them safely grow their organisations. Our unprecedented access to threat intelligence, world-leading analysts and market-leading technology means we can help them to adapt, evolve and stay ahead of the criminals. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Our Government business unit houses four of our critical client groups: UK National Security, Global National Security, defence and central government. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours.
Governance Risk and Control Analyst/Tester Inside IR35 Leading banking client requires an experienced Governance Risk and Control Analyst/Tester to join on an initial 6 month contract to conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC). Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc Ability to handle ambiguity and make decisions and recommendations with limited data Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems Good presentation, documentation and reporting skills Essential skills: Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Possessing high level of analytical ability where problems are typically unusual and difficult Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback Governance Risk and Control Analyst/Tester Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
10/09/2021
Contractor
Governance Risk and Control Analyst/Tester Inside IR35 Leading banking client requires an experienced Governance Risk and Control Analyst/Tester to join on an initial 6 month contract to conduct controls testing of cybersecurity controls against industry security frameworks (e.g., SOX ISO27001. NIST Cybersecurity Improvement framework, FFIEC). Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS Proven understanding of current best practice approach to security assurance and the application of security frameworks Experience in project management Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios. Experience of security risk management Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc Ability to handle ambiguity and make decisions and recommendations with limited data Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems Good presentation, documentation and reporting skills Essential skills: Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty Experience in providing assurance for cybersecurity technologies, policies, standards and procedures Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management Possessing high level of analytical ability where problems are typically unusual and difficult Ability to maintain a working knowledge of cybersecurity principles and elements Understand global IT risk management structure Demonstrable experience of senior stakeholder management and relevant management reporting. Ability to coach team members through knowledge transfer and constructive feedback Governance Risk and Control Analyst/Tester Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Jobs - Frequently Asked Questions
Use the location filter to find IT jobs in cities like London, Manchester, Birmingham, and across the UK.
Entry-level roles include IT support technician, junior developer, QA tester, and helpdesk analyst.
New jobs are posted daily. Set up alerts to be notified as soon as new roles match your preferences.
Key skills include problem-solving, coding, cloud computing, networking, and familiarity with tools like AWS or SQL.
Yes, many employers offer training or junior roles. Focus on building a strong CV with relevant coursework or personal projects.
