Director of Information Security (Contract) London (3 days onsite) Up to 675 per day (Outside IR35) 3-month rolling contract A leading media organisation is seeking a Director of Information Security to drive both the strategy and execution of cyber security across a global environment. This is a high-impact role reporting to the CTO, with responsibility for security operations, risk, incident response, and overall security maturity across the business. Key Responsibilities Lead global IT and product security Own risk management, SOC, and incident response Drive security strategy, governance, and awareness Deliver key programmes (cloud, identity, vulnerability management) Engage at C-suite level , translating risk into business decisions Build and lead a high-performing security team What We're Looking For Proven leadership in enterprise cyber security environments Strong background across multiple security domains Experience managing teams, vendors, and security operations Ability to communicate complex security issues to senior stakeholders Hands-on, strategic, and commercially aware approach
13/05/2026
Contractor
Director of Information Security (Contract) London (3 days onsite) Up to 675 per day (Outside IR35) 3-month rolling contract A leading media organisation is seeking a Director of Information Security to drive both the strategy and execution of cyber security across a global environment. This is a high-impact role reporting to the CTO, with responsibility for security operations, risk, incident response, and overall security maturity across the business. Key Responsibilities Lead global IT and product security Own risk management, SOC, and incident response Drive security strategy, governance, and awareness Deliver key programmes (cloud, identity, vulnerability management) Engage at C-suite level , translating risk into business decisions Build and lead a high-performing security team What We're Looking For Proven leadership in enterprise cyber security environments Strong background across multiple security domains Experience managing teams, vendors, and security operations Ability to communicate complex security issues to senior stakeholders Hands-on, strategic, and commercially aware approach
SOC Manager Exeter (Hybrid - 2 days onsite) Day Rate: £850 (Umbrella)/£616.61 (PAYE) SC Cleared An enterprise government backed organisation is seeking a SOC manager to provide day to day leadership of incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against Real Time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying up to £850 PD Inside IR 35 to start ASAP to be based in Exeter 2 days per week. This is a high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with regular engagement across senior leadership and external partners. To be successful, you will hold active SC clearance and bring proven experience working within Central Government, the Public Sector, or highly regulated scientific environments. Key Responsibilities Define and lead the Cyber Security Operations Centre (CSOC), ensuring effective detection, response, and remediation of cyber incidents Own and continuously improve the cyber incident response plan, ensuring readiness across the organisation Provide strategic cyber security advice to senior leadership on monitoring, logging, and threat response Establish a use-case driven monitoring and alerting capability to improve threat detection and response times Oversee threat intelligence, vulnerability management, and proactive risk mitigation across the estate Lead the analysis of network traffic and behaviours, identifying threats and communicating insights to the wider business Define and manage cyber security operations strategy, aligned to organisational risk appetite and government guidance Manage stakeholders and external agencies, including regulatory bodies where required Identify and plan cyber investment requirements across tooling, governance, and team capability Core Experience Required Proven experience leading a Security Operations Centre (SOC/CSOC) or cyber security operations function Strong background in incident response, threat detection, and cyber resilience Hands-on experience with SIEM, IDS/IPS, endpoint security, and monitoring tools Solid understanding of threat intelligence, vulnerability management, and remediation practices Knowledge of cyber frameworks and regulations including GDPR, NIS, and National Cyber Security Centre guidance Familiarity with frameworks such as MITRE ATT&CK and ITIL processes Experience operating within complex, regulated environments (eg public sector, financial services) Strong stakeholder management skills, with the ability to influence at senior level
13/05/2026
Contractor
SOC Manager Exeter (Hybrid - 2 days onsite) Day Rate: £850 (Umbrella)/£616.61 (PAYE) SC Cleared An enterprise government backed organisation is seeking a SOC manager to provide day to day leadership of incidents and mangment of the SOC Analysts. This is a critical leadership role, responsible for protecting the organisation against Real Time cyber threats, driving incident response, and ensuring resilience across a complex technology estate. Our client is offering a 6 month rolling contract, paying up to £850 PD Inside IR 35 to start ASAP to be based in Exeter 2 days per week. This is a high-impact opportunity to shape cyber strategy at an enterprise level, working closely with senior stakeholders and external agencies to strengthen security posture and response capability. You will play a key role in building and evolving the CSOC capability, operating within a highly visible and business-critical function, with regular engagement across senior leadership and external partners. To be successful, you will hold active SC clearance and bring proven experience working within Central Government, the Public Sector, or highly regulated scientific environments. Key Responsibilities Define and lead the Cyber Security Operations Centre (CSOC), ensuring effective detection, response, and remediation of cyber incidents Own and continuously improve the cyber incident response plan, ensuring readiness across the organisation Provide strategic cyber security advice to senior leadership on monitoring, logging, and threat response Establish a use-case driven monitoring and alerting capability to improve threat detection and response times Oversee threat intelligence, vulnerability management, and proactive risk mitigation across the estate Lead the analysis of network traffic and behaviours, identifying threats and communicating insights to the wider business Define and manage cyber security operations strategy, aligned to organisational risk appetite and government guidance Manage stakeholders and external agencies, including regulatory bodies where required Identify and plan cyber investment requirements across tooling, governance, and team capability Core Experience Required Proven experience leading a Security Operations Centre (SOC/CSOC) or cyber security operations function Strong background in incident response, threat detection, and cyber resilience Hands-on experience with SIEM, IDS/IPS, endpoint security, and monitoring tools Solid understanding of threat intelligence, vulnerability management, and remediation practices Knowledge of cyber frameworks and regulations including GDPR, NIS, and National Cyber Security Centre guidance Familiarity with frameworks such as MITRE ATT&CK and ITIL processes Experience operating within complex, regulated environments (eg public sector, financial services) Strong stakeholder management skills, with the ability to influence at senior level
Role Title: Security Assurance Coordinator Location: Bristol or London | Hybrid - 1-2 days per week on client site in Bristol, Bath or London Duration: 31/03/2027 Total cost to Capgemini: £595 - £615 (Inside IR35) Role Description: We are seeking an MOD experienced, senior Client facing Security Consultant to drive the Security Assurance activities for a number of digital products/platforms, being developed as part of a broader MOD business and digital transformation programme for which Capgemini is the Client's prime Digital Delivery Partner. The products/platforms are being deployed on to the MOD's Digital estate (MODCloud) for use by military end users. You'll be operating in a cross-Programme role, working collaboratively with the Delivery Managers and Technical Leads/Solution Architects for each of the digital products/platforms being developed, and the key MOD Client stakeholders for them (Project Managers, Service Owners, Senior Responsible Owners (SRO), Information Asset Owners (IAO), JSP453 Case Officers/Service Transition Officers, Technical Assurance/Technical Design Authority). You'll be responsible for ensuring that each of the digital products/platforms being developed are appropriately Secure by Design (SbD), compliant with relevant MOD and industry standards, and are adhering to the MOD security assurance requirements at each stage of their product life cycle, from Design through to Live service/Through Life Support. Key Responsibilities: 1) Security Assurance a. Support Secure by Design (SbD) compliance, including threat and risk assessments, architecture and security control reviews, CAAT, DPIAs, ToA, Data Through Life Management, and assurance status tracking. b. Develop and review SMPs, SyOPs, vulnerability and patch management plans, privacy notices, and terms of use. c. Support DAR entries, IT health checks (ITHC) or SAST/DAST testing where applicable, remediation action plans, and MODCERT reporting using Vigilant. 2) Wider MOD Assurance a. Support JSP 453 compliance, including PEF and TRRA responses. b. Engage with JSP453 rule owners and Security Transition Officers/Case Officers to secure approvals and sign-off. 3) Security Planning and Risk Management a. Ensure Security Assurance activities are appropriately documented in Delivery Plans (working with Delivery Managers) b. Maintain RAID inputs and tracking and assist with identification and escalation of security risks. 4) Cyber Security Governance a. Support internal and external cyber security audits. 5) Design & Delivery Support a. Contribute to security requirements definition (principles, functional and non-functional requirements) within an Agile SDLC. b. Support access control design, configuration, and security test script development. 6) Specialist Assurance a. Support NCSC Bulk Data Assessments where bulk data is in scope. b. Support Secure Software Development Lifecycle (SSDLC) management when required. 7) Education & Awareness a. Promote Secure by Design through cyber security education and awareness across delivery teams. Key Skills and Experience: Essential: Proven experience as a Client facing Security Assurance Consultant/Coordinator/Security Manager, or similar role. UK MOD Delivery experience, including experience of delivering across the Government Digital Services (GDS) life cycle, and managing assurance activities to MOD's Secure by Design (SbD), JSP 453 (or earlier JSP 604), and JSP 440 standards. Experience working with distributed or hybrid teams. Demonstrated ability to work across cross-functional teams. Excellent facilitation, communication, and stakeholder management skills. Experience managing security risks, issues, and dependencies. Familiarity with Agile delivery tools - Jira, Confluence Highly Desirable: Experience managing the Security Assurance aspects of digital products deployed onto the MOD Digital estate (MODCloud) Background in secure digital product design and development, software engineering, data, or transformation projects. Security Certifications.
13/05/2026
Contractor
Role Title: Security Assurance Coordinator Location: Bristol or London | Hybrid - 1-2 days per week on client site in Bristol, Bath or London Duration: 31/03/2027 Total cost to Capgemini: £595 - £615 (Inside IR35) Role Description: We are seeking an MOD experienced, senior Client facing Security Consultant to drive the Security Assurance activities for a number of digital products/platforms, being developed as part of a broader MOD business and digital transformation programme for which Capgemini is the Client's prime Digital Delivery Partner. The products/platforms are being deployed on to the MOD's Digital estate (MODCloud) for use by military end users. You'll be operating in a cross-Programme role, working collaboratively with the Delivery Managers and Technical Leads/Solution Architects for each of the digital products/platforms being developed, and the key MOD Client stakeholders for them (Project Managers, Service Owners, Senior Responsible Owners (SRO), Information Asset Owners (IAO), JSP453 Case Officers/Service Transition Officers, Technical Assurance/Technical Design Authority). You'll be responsible for ensuring that each of the digital products/platforms being developed are appropriately Secure by Design (SbD), compliant with relevant MOD and industry standards, and are adhering to the MOD security assurance requirements at each stage of their product life cycle, from Design through to Live service/Through Life Support. Key Responsibilities: 1) Security Assurance a. Support Secure by Design (SbD) compliance, including threat and risk assessments, architecture and security control reviews, CAAT, DPIAs, ToA, Data Through Life Management, and assurance status tracking. b. Develop and review SMPs, SyOPs, vulnerability and patch management plans, privacy notices, and terms of use. c. Support DAR entries, IT health checks (ITHC) or SAST/DAST testing where applicable, remediation action plans, and MODCERT reporting using Vigilant. 2) Wider MOD Assurance a. Support JSP 453 compliance, including PEF and TRRA responses. b. Engage with JSP453 rule owners and Security Transition Officers/Case Officers to secure approvals and sign-off. 3) Security Planning and Risk Management a. Ensure Security Assurance activities are appropriately documented in Delivery Plans (working with Delivery Managers) b. Maintain RAID inputs and tracking and assist with identification and escalation of security risks. 4) Cyber Security Governance a. Support internal and external cyber security audits. 5) Design & Delivery Support a. Contribute to security requirements definition (principles, functional and non-functional requirements) within an Agile SDLC. b. Support access control design, configuration, and security test script development. 6) Specialist Assurance a. Support NCSC Bulk Data Assessments where bulk data is in scope. b. Support Secure Software Development Lifecycle (SSDLC) management when required. 7) Education & Awareness a. Promote Secure by Design through cyber security education and awareness across delivery teams. Key Skills and Experience: Essential: Proven experience as a Client facing Security Assurance Consultant/Coordinator/Security Manager, or similar role. UK MOD Delivery experience, including experience of delivering across the Government Digital Services (GDS) life cycle, and managing assurance activities to MOD's Secure by Design (SbD), JSP 453 (or earlier JSP 604), and JSP 440 standards. Experience working with distributed or hybrid teams. Demonstrated ability to work across cross-functional teams. Excellent facilitation, communication, and stakeholder management skills. Experience managing security risks, issues, and dependencies. Familiarity with Agile delivery tools - Jira, Confluence Highly Desirable: Experience managing the Security Assurance aspects of digital products deployed onto the MOD Digital estate (MODCloud) Background in secure digital product design and development, software engineering, data, or transformation projects. Security Certifications.
Overview Octopus Energy started with a bold idea: to build Britain's first truly digital energy supplier. By combining world-class tech with brilliant humans who care deeply about customers and driving the renewable energy transition, we became Britain's largest energy supplier. Now, we're scaling fast and building the next generation of products to accelerate the green energy transition. From making it effortless to switch to heat pumps, solar and EVs, to launching smart tariffs and creating renewable generation at scale, we're solving some of the most complex challenges in energy with speed, creativity and customer obsession. We're enabling our global businesses to reach the full capability of what we've achieved in the UK, taking the learnings, products and experiences that customers love here and rolling them out worldwide. At Octopus Tech, you'll have real ownership, variety, and the chance to shape products that make a tangible difference in people's lives - lowering bills, enabling greener living, and delivering experiences customers genuinely love. You'll work side by side with teams across marketing, operations, and data, and see the impact of your work in the real world, fast. We’re building a small and efficient TechOps Engineering team at Octopus. We are looking for an ambitious, knowledgeable and experienced Full Stack Software Engineer to join our team, to grow with the rest of the company, and build systems that our people love! You will be a key partner in defining what TechOps Engineering is at Octopus. We will be shaping this team to provide self-service technology that doesn't currently exist to help our people access, manage and use cutting edge tech on-demand. What is TechOps? A more modern, lean version of a traditional enterprise IT team. The team covers everything from what most people would call "1st line support" all the way up to high-level strategic planning, and everything in between. We're looking for a Full Stack Software Engineer to join our TechOps Engineering team, designing and building solutions to make our TechOps capability efficient, scalable and robust and available on-demand via self service. If this sounds exciting, we'd love to chat. What you'll do Creating solutions to problems such as Device Lifecycle management, Identity Verification and SCIM User Provisioning Tackle tough technical problems as we scale to tens of thousands of people Collaborate closely with our Security team to ensure we strike the right balance between security, productivity and user experience Develop applications and systems to improve the experience of our users Contribute ideas, share knowledge and raise the game of those around you Build APIs and integrate with our own and third party services to optimise and automate processes Care about the code you write and its future maintainability What you'll have 5+ years experience in software development, with strong recent proficiency in React (Next.js), TypeScript and Tailwind/Panda CSS 5+ years experience database design and working with RDBMSs (e.g. PostgreSQL) Strong experience with modern testing frameworks (e.g., Vitest, Jest, Playwright, Cypress, or similar) Strong skills in source control (we use GitHub) A track record of taking ownership of the development of features from inception through to delivery DevOps experience (Build/Test/Deployment pipelines using GitHub Actions/CircleCI) Experience working with design systems and component libraries Experience working with 3rd party providers to consume APIs Experience designing intuitive and simple User Interfaces An ability to understand and explain complex technical problems in clear, simple concepts and language to both technical and non-technical people Excellent understanding of fundamental coding principles and best practices and experience applying these to create robust, scalable, maintainable software Experience in any of the following would be a bonus Familiarity with Workflow DevKit and Vercel GraphQL and API technologies (REST, Webhooks) Scripting experience (such as Bash or PowerShell) AWS services including Secrets Manager and Elastic Container Service (ECS) Experience with Cloud Security Posture Management (CSPM) and vulnerability management tools such as Wiz or Snyk Designing distributed systems, improving service reliability (SRE), and contributing to long-term architectural strategy Native application development using Swift Identity and Access Management (IAM), including IdP management and platforms such as Okta Provisioning and certificate protocols such as SCIM and SCEP Endpoint and Mobile Device Management tools such as Kandji, Microsoft Intune, and Apple Business Manager Zero-trust device compliance and asset management practices Endpoint compliance and security tooling such as Kolide Physical security systems such as Verkada (CCTV/access control) Experience with enterprise SaaS tools such as Slack and HiBob Networking fundamentals, ideally with Cisco systems Hardware and device lifecycle management (e.g. IRU / device procurement) Why else you’ll love it here Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it’s something we always cover as we genuinely want to match your experience with the correct salary. The reason why we don’t advertise is because we honestly have a degree of flexibility and would never want salary to be a reason why someone doesn’t apply to Octopus - what’s more important to us is finding the right octofit! Octopus Energy Group is a unique culture. An organisation where people learn, decide, and build quicker. Where people work with autonomy, alongside a wide range of amazing co-owners, on projects that break new ground. We want your hard work to be rewarded with perks you actually care about! We won best company to work for in 2022, on Glassdoor we were voted 50 best places to work in 2022 and our Group CEO, Greg has recorded a podcast about our culture and how we empower our people. We've also been placed in the top 10 companies for senior leadership Visit our UK perks hub - Octopus Employee Benefits This role can be either fully office based in any of our major offices in Brighton, Manchester, Leicester, Coventry or London, or a hybrid of a few days a week working remotely and office based. If you're looking for a completely remote role, that is possible too. Got any burning questions before then? Drop us a message at talent at and we'd love to help! If this sounds like you then we'd love to hear from you. Are you ready for a career with us? We want to ensure you have all the tools and environment you need to unleash your potential. Need any specific accommodations? Whether you require specific accommodations or have a unique preference, let us know, and we'll do what we can to customise your interview process for comfort and maximum magic! Studies have shown that some groups of people, like women, are less likely to apply to a role unless they meet 100% of the job requirements. Whoever you are, if you like one of our jobs, we encourage you to apply as you might just be the candidate we hire. Across Octopus, we’re looking for genuinely decent people who are honest and empathetic. Our people are our strongest asset and the unique skills and perspectives people bring to the team are the driving force of our success. As an equal opportunity employer, we do not discriminate on the basis of any protected attribute. Our commitment is to provide equal opportunities, an inclusive work environment, and fairness for everyone.
13/05/2026
Full time
Overview Octopus Energy started with a bold idea: to build Britain's first truly digital energy supplier. By combining world-class tech with brilliant humans who care deeply about customers and driving the renewable energy transition, we became Britain's largest energy supplier. Now, we're scaling fast and building the next generation of products to accelerate the green energy transition. From making it effortless to switch to heat pumps, solar and EVs, to launching smart tariffs and creating renewable generation at scale, we're solving some of the most complex challenges in energy with speed, creativity and customer obsession. We're enabling our global businesses to reach the full capability of what we've achieved in the UK, taking the learnings, products and experiences that customers love here and rolling them out worldwide. At Octopus Tech, you'll have real ownership, variety, and the chance to shape products that make a tangible difference in people's lives - lowering bills, enabling greener living, and delivering experiences customers genuinely love. You'll work side by side with teams across marketing, operations, and data, and see the impact of your work in the real world, fast. We’re building a small and efficient TechOps Engineering team at Octopus. We are looking for an ambitious, knowledgeable and experienced Full Stack Software Engineer to join our team, to grow with the rest of the company, and build systems that our people love! You will be a key partner in defining what TechOps Engineering is at Octopus. We will be shaping this team to provide self-service technology that doesn't currently exist to help our people access, manage and use cutting edge tech on-demand. What is TechOps? A more modern, lean version of a traditional enterprise IT team. The team covers everything from what most people would call "1st line support" all the way up to high-level strategic planning, and everything in between. We're looking for a Full Stack Software Engineer to join our TechOps Engineering team, designing and building solutions to make our TechOps capability efficient, scalable and robust and available on-demand via self service. If this sounds exciting, we'd love to chat. What you'll do Creating solutions to problems such as Device Lifecycle management, Identity Verification and SCIM User Provisioning Tackle tough technical problems as we scale to tens of thousands of people Collaborate closely with our Security team to ensure we strike the right balance between security, productivity and user experience Develop applications and systems to improve the experience of our users Contribute ideas, share knowledge and raise the game of those around you Build APIs and integrate with our own and third party services to optimise and automate processes Care about the code you write and its future maintainability What you'll have 5+ years experience in software development, with strong recent proficiency in React (Next.js), TypeScript and Tailwind/Panda CSS 5+ years experience database design and working with RDBMSs (e.g. PostgreSQL) Strong experience with modern testing frameworks (e.g., Vitest, Jest, Playwright, Cypress, or similar) Strong skills in source control (we use GitHub) A track record of taking ownership of the development of features from inception through to delivery DevOps experience (Build/Test/Deployment pipelines using GitHub Actions/CircleCI) Experience working with design systems and component libraries Experience working with 3rd party providers to consume APIs Experience designing intuitive and simple User Interfaces An ability to understand and explain complex technical problems in clear, simple concepts and language to both technical and non-technical people Excellent understanding of fundamental coding principles and best practices and experience applying these to create robust, scalable, maintainable software Experience in any of the following would be a bonus Familiarity with Workflow DevKit and Vercel GraphQL and API technologies (REST, Webhooks) Scripting experience (such as Bash or PowerShell) AWS services including Secrets Manager and Elastic Container Service (ECS) Experience with Cloud Security Posture Management (CSPM) and vulnerability management tools such as Wiz or Snyk Designing distributed systems, improving service reliability (SRE), and contributing to long-term architectural strategy Native application development using Swift Identity and Access Management (IAM), including IdP management and platforms such as Okta Provisioning and certificate protocols such as SCIM and SCEP Endpoint and Mobile Device Management tools such as Kandji, Microsoft Intune, and Apple Business Manager Zero-trust device compliance and asset management practices Endpoint compliance and security tooling such as Kolide Physical security systems such as Verkada (CCTV/access control) Experience with enterprise SaaS tools such as Slack and HiBob Networking fundamentals, ideally with Cisco systems Hardware and device lifecycle management (e.g. IRU / device procurement) Why else you’ll love it here Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it’s something we always cover as we genuinely want to match your experience with the correct salary. The reason why we don’t advertise is because we honestly have a degree of flexibility and would never want salary to be a reason why someone doesn’t apply to Octopus - what’s more important to us is finding the right octofit! Octopus Energy Group is a unique culture. An organisation where people learn, decide, and build quicker. Where people work with autonomy, alongside a wide range of amazing co-owners, on projects that break new ground. We want your hard work to be rewarded with perks you actually care about! We won best company to work for in 2022, on Glassdoor we were voted 50 best places to work in 2022 and our Group CEO, Greg has recorded a podcast about our culture and how we empower our people. We've also been placed in the top 10 companies for senior leadership Visit our UK perks hub - Octopus Employee Benefits This role can be either fully office based in any of our major offices in Brighton, Manchester, Leicester, Coventry or London, or a hybrid of a few days a week working remotely and office based. If you're looking for a completely remote role, that is possible too. Got any burning questions before then? Drop us a message at talent at and we'd love to help! If this sounds like you then we'd love to hear from you. Are you ready for a career with us? We want to ensure you have all the tools and environment you need to unleash your potential. Need any specific accommodations? Whether you require specific accommodations or have a unique preference, let us know, and we'll do what we can to customise your interview process for comfort and maximum magic! Studies have shown that some groups of people, like women, are less likely to apply to a role unless they meet 100% of the job requirements. Whoever you are, if you like one of our jobs, we encourage you to apply as you might just be the candidate we hire. Across Octopus, we’re looking for genuinely decent people who are honest and empathetic. Our people are our strongest asset and the unique skills and perspectives people bring to the team are the driving force of our success. As an equal opportunity employer, we do not discriminate on the basis of any protected attribute. Our commitment is to provide equal opportunities, an inclusive work environment, and fairness for everyone.
Information Security Manager - Cloud - SW London, Hybrid - £60k Cyber Security - Governance One day per week in the office - rest from home. A well established, values driven charity based in SW London are looking for a seasoned Information Security Lead to be the authority across all Information Security and Cloud Infrastructure; ensuring Azure, Microsoft 365, and SaaS platforms are secure, resilient, and compliant. The role combines hands on technical security expertise with risk management, governance, and assurance, supporting business objectives while reducing cyber and data protection risk. As the Senior Information Security Analyst you will lead security architecture decisions, oversee incident response and vulnerability management, support secure digital transformation, and provide clear, risk based advice to stakeholders and senior leadership. The position operates with a high degree of autonomy and focuses on security leadership & technical excellence and enablement, rather than day to day service desk operations. The ideal candidate will have strong technical skills across the following: Microsoft Entra ID (Azure AD): Conditional Access, MFA, Passwordless authentication, Identity Protection, PIM, Phishing resistant MFA configurations Zero Trust architecture and least privilege access models Identity governance, access reviews, and privileged account management and access reviews SSO integration across SaaS platforms Active Directory & Hybrid Identity: AD security, tiered access model, legacy AD decommissioning, secure hybrid environments Microsoft 365 & Cloud Security Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps) Microsoft Sentinel (SIEM): log ingestion, alert tuning, detection rules, incident workflows Intune & Endpoint Management: device compliance, MDM/MAM, BYOD enforcement Endpoint, Infrastructure & Asset Security Network, DNS & Access Security DNSFilter: DNS layer protection, malicious domain blocking, reporting and threat visibility Azure Firewall, VPN security, and network segmentation of azure infrastructure PowerShell scripting for security, identity, and infrastructure tasks Security automation using Logic Apps and SIEM workflows if required The salary on offer for this role is up to £60,000.
13/05/2026
Full time
Information Security Manager - Cloud - SW London, Hybrid - £60k Cyber Security - Governance One day per week in the office - rest from home. A well established, values driven charity based in SW London are looking for a seasoned Information Security Lead to be the authority across all Information Security and Cloud Infrastructure; ensuring Azure, Microsoft 365, and SaaS platforms are secure, resilient, and compliant. The role combines hands on technical security expertise with risk management, governance, and assurance, supporting business objectives while reducing cyber and data protection risk. As the Senior Information Security Analyst you will lead security architecture decisions, oversee incident response and vulnerability management, support secure digital transformation, and provide clear, risk based advice to stakeholders and senior leadership. The position operates with a high degree of autonomy and focuses on security leadership & technical excellence and enablement, rather than day to day service desk operations. The ideal candidate will have strong technical skills across the following: Microsoft Entra ID (Azure AD): Conditional Access, MFA, Passwordless authentication, Identity Protection, PIM, Phishing resistant MFA configurations Zero Trust architecture and least privilege access models Identity governance, access reviews, and privileged account management and access reviews SSO integration across SaaS platforms Active Directory & Hybrid Identity: AD security, tiered access model, legacy AD decommissioning, secure hybrid environments Microsoft 365 & Cloud Security Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps) Microsoft Sentinel (SIEM): log ingestion, alert tuning, detection rules, incident workflows Intune & Endpoint Management: device compliance, MDM/MAM, BYOD enforcement Endpoint, Infrastructure & Asset Security Network, DNS & Access Security DNSFilter: DNS layer protection, malicious domain blocking, reporting and threat visibility Azure Firewall, VPN security, and network segmentation of azure infrastructure PowerShell scripting for security, identity, and infrastructure tasks Security automation using Logic Apps and SIEM workflows if required The salary on offer for this role is up to £60,000.
DevOps Engineer; Security Clearance, Ci/CD, Terraform, Kubernetes, vulnerability, Andover or Bristol (primary): 2 days per week mandatory at the client site Security clearance is a must have, rate £450 per day outside IR35 Essential: Proven experience administering CI/CD platforms such as GitLab, Jenkins, GitHub Actions, or Nexus. Strong understanding of DevOps and infrastructure automation principles (eg Ansible, Terraform, Scripting). Experience managing secure, containerised environments (Kubernetes, Red Hat OpenShift). Working knowledge of monitoring, logging, and vulnerability scanning tools (eg Prometheus, Grafana, SonarQube, ELK Stack). Experience establishing and maturing technical environments or development platforms from inception. Strong system administration background with knowledge of networking, access management, and system security. Demonstrated ability to manage multiple priorities and lead small-scale innovation or capability development activities. Desirable: Experience within the UK Defence or other secure government digital programmes. Understanding of Defence Digital governance frameworks, accreditation, and assurance processes. Familiarity with secure software development practices, code quality monitoring, and vulnerability management. Awareness of Defence capability integration and ISTAR-related systems.
13/05/2026
Contractor
DevOps Engineer; Security Clearance, Ci/CD, Terraform, Kubernetes, vulnerability, Andover or Bristol (primary): 2 days per week mandatory at the client site Security clearance is a must have, rate £450 per day outside IR35 Essential: Proven experience administering CI/CD platforms such as GitLab, Jenkins, GitHub Actions, or Nexus. Strong understanding of DevOps and infrastructure automation principles (eg Ansible, Terraform, Scripting). Experience managing secure, containerised environments (Kubernetes, Red Hat OpenShift). Working knowledge of monitoring, logging, and vulnerability scanning tools (eg Prometheus, Grafana, SonarQube, ELK Stack). Experience establishing and maturing technical environments or development platforms from inception. Strong system administration background with knowledge of networking, access management, and system security. Demonstrated ability to manage multiple priorities and lead small-scale innovation or capability development activities. Desirable: Experience within the UK Defence or other secure government digital programmes. Understanding of Defence Digital governance frameworks, accreditation, and assurance processes. Familiarity with secure software development practices, code quality monitoring, and vulnerability management. Awareness of Defence capability integration and ISTAR-related systems.
We at Qualient Solutions looking for DevSecops Engineer with SC Clearance. Job Description:- Key Responsibilities Lead the creation and maturation of the Software Factory and its supporting toolchain, including GitLab and associated CI/CD environments. Undertake associated management activities, including user training, administration, onboarding, and ongoing operational support. Manage and maintain Software Factory environments, ensuring security, performance, and availability across multiple projects. Oversee configuration, access control, and repository management across GitLab, Nexus, Jenkins, or similar systems. Monitor systems, manage infrastructure, automate routine tasks, and collaborate with software teams to ensure the smooth operation of software development and deployment pipelines. Maintain integration with monitoring and logging tools (eg Prometheus, Grafana, ELK stack) and ensure end-to-end visibility of software pipelines. Administer and monitor containerised environments using Kubernetes (eg Red Hat OpenShift). Innovation and Continuous Development: Lead and manage innovation work packages within the Software Factory, outside of the prototype bridging contract, supporting exploration of emerging technologies and approaches. Support the identification and evaluation of innovative tools, automation methods, and frameworks that enhance efficiency and capability delivery. Contribute to the creation of a Software Factory roadmap, ensuring alignment with wider Defence Digital transformation goals. Promote best practice and continuous improvement across software engineering and DevSecOps disciplines. Technical Support and Assurance: Act as the primary point of contact for Software Factory-related technical and access issues. Support development teams with environment setup, build and deployment troubleshooting, and configuration guidance. Maintain up-to-date documentation of configuration, system changes, and operational processes for governance and audit. Ensure alignment with Defence Digital and Army engineering, security, and accreditation standards. Governance and Compliance: Maintain governance documentation, access logs, and audit trails in line with programme standards. Ensure adherence to Defence Digital security, accreditation, and data management requirements. Implement configuration management, patching, and vulnerability remediation processes for all factory systems. Support compliance activities associated with DevSecOps and secure software delivery principles. Collaboration and Stakeholder Engagement: Work collaboratively with software developers, project managers, architects, cyber security specialists, and wider Defence stakeholders. Provide technical advice and administrative guidance to ensure efficient and compliant use of the Software Factory. Coordinate with Defence Digital technical authorities to align capability development, standards, and interoperability. Essential: Proven experience administering CI/CD platforms such as GitLab, Jenkins, GitHub Actions, or Nexus. Strong understanding of DevOps and infrastructure automation principles (eg Ansible, Terraform, Scripting). Experience managing secure, containerised environments (Kubernetes, Red Hat OpenShift). Working knowledge of monitoring, logging, and vulnerability scanning tools (eg Prometheus, Grafana, SonarQube, ELK Stack). Experience establishing and maturing technical environments or development platforms from inception. Strong system administration background with knowledge of networking, access management, and system security. Demonstrated ability to manage multiple priorities and lead small-scale innovation or capability development activities. Desirable: Experience within the UK Defence or other secure government digital programmes. Understanding of Defence Digital governance frameworks, accreditation, and assurance processes. Familiarity with secure software development practices, code quality monitoring, and vulnerability management. Awareness of Defence capability integration and ISTAR-related systems.
13/05/2026
Contractor
We at Qualient Solutions looking for DevSecops Engineer with SC Clearance. Job Description:- Key Responsibilities Lead the creation and maturation of the Software Factory and its supporting toolchain, including GitLab and associated CI/CD environments. Undertake associated management activities, including user training, administration, onboarding, and ongoing operational support. Manage and maintain Software Factory environments, ensuring security, performance, and availability across multiple projects. Oversee configuration, access control, and repository management across GitLab, Nexus, Jenkins, or similar systems. Monitor systems, manage infrastructure, automate routine tasks, and collaborate with software teams to ensure the smooth operation of software development and deployment pipelines. Maintain integration with monitoring and logging tools (eg Prometheus, Grafana, ELK stack) and ensure end-to-end visibility of software pipelines. Administer and monitor containerised environments using Kubernetes (eg Red Hat OpenShift). Innovation and Continuous Development: Lead and manage innovation work packages within the Software Factory, outside of the prototype bridging contract, supporting exploration of emerging technologies and approaches. Support the identification and evaluation of innovative tools, automation methods, and frameworks that enhance efficiency and capability delivery. Contribute to the creation of a Software Factory roadmap, ensuring alignment with wider Defence Digital transformation goals. Promote best practice and continuous improvement across software engineering and DevSecOps disciplines. Technical Support and Assurance: Act as the primary point of contact for Software Factory-related technical and access issues. Support development teams with environment setup, build and deployment troubleshooting, and configuration guidance. Maintain up-to-date documentation of configuration, system changes, and operational processes for governance and audit. Ensure alignment with Defence Digital and Army engineering, security, and accreditation standards. Governance and Compliance: Maintain governance documentation, access logs, and audit trails in line with programme standards. Ensure adherence to Defence Digital security, accreditation, and data management requirements. Implement configuration management, patching, and vulnerability remediation processes for all factory systems. Support compliance activities associated with DevSecOps and secure software delivery principles. Collaboration and Stakeholder Engagement: Work collaboratively with software developers, project managers, architects, cyber security specialists, and wider Defence stakeholders. Provide technical advice and administrative guidance to ensure efficient and compliant use of the Software Factory. Coordinate with Defence Digital technical authorities to align capability development, standards, and interoperability. Essential: Proven experience administering CI/CD platforms such as GitLab, Jenkins, GitHub Actions, or Nexus. Strong understanding of DevOps and infrastructure automation principles (eg Ansible, Terraform, Scripting). Experience managing secure, containerised environments (Kubernetes, Red Hat OpenShift). Working knowledge of monitoring, logging, and vulnerability scanning tools (eg Prometheus, Grafana, SonarQube, ELK Stack). Experience establishing and maturing technical environments or development platforms from inception. Strong system administration background with knowledge of networking, access management, and system security. Demonstrated ability to manage multiple priorities and lead small-scale innovation or capability development activities. Desirable: Experience within the UK Defence or other secure government digital programmes. Understanding of Defence Digital governance frameworks, accreditation, and assurance processes. Familiarity with secure software development practices, code quality monitoring, and vulnerability management. Awareness of Defence capability integration and ISTAR-related systems.
Job Title Level 3 Security Analyst - Incident Response & Vulnerability Management Department Service Delivery / Security Reporting To Security Lead / Service Delivery Manager Operates under the direction of the Incident Manager during security incidents Location UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site travel. Working Pattern Monday to Friday with participation in the on-call Security and Major Incident rota as required Role Purpose The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by "the MSP". The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur. Key Accountabilities - Security Incident Investigation & Response Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation. Key Accountabilities - Vulnerability Management Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit. Platforms & Technology Scope End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications. Documentation, Audit & Continuous Improvement Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems. Collaboration & Escalation Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required. Knowledge, Skills & Experience - Essential Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working within formal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills. Knowledge, Skills & Experience - Desirable Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience. Behavioural Competencies Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers. Decision Making & Authority Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership. Key Interfaces Incident Management Security Operations Infrastructure and Network Services Third-party suppliers Customer stakeholders via structured incident communications
13/05/2026
Full time
Job Title Level 3 Security Analyst - Incident Response & Vulnerability Management Department Service Delivery / Security Reporting To Security Lead / Service Delivery Manager Operates under the direction of the Incident Manager during security incidents Location UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site travel. Working Pattern Monday to Friday with participation in the on-call Security and Major Incident rota as required Role Purpose The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by "the MSP". The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur. Key Accountabilities - Security Incident Investigation & Response Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation. Key Accountabilities - Vulnerability Management Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit. Platforms & Technology Scope End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications. Documentation, Audit & Continuous Improvement Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems. Collaboration & Escalation Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required. Knowledge, Skills & Experience - Essential Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working within formal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills. Knowledge, Skills & Experience - Desirable Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience. Behavioural Competencies Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers. Decision Making & Authority Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership. Key Interfaces Incident Management Security Operations Infrastructure and Network Services Third-party suppliers Customer stakeholders via structured incident communications
IT Manager Vacancy with high-calibre Real Estate SME Paying up to £55,000 (potentially with some flex for the right candidate) Significant bonus (10%-25%) Occasional travel to US - once per year Primarily office based (at extremely high calibre offices in a particularly Central London location) London-based, highly profitable and extremely high-calibre SME working in the Real Estate sector are seeking an IT Manager to oversee their IT infrastructure, cyber security and data protection. This is a high-impact role where alongside orchestrating external IT Service Providers, you'll keep systems secure, resilient and running at peak performance while driving continuous improvement across the business. You'll be fully responsible for a small IT budget ( What you'll do: Lead and optimise IT infrastructure, cloud platforms (Microsoft 365 & SharePoint), networks, and core systems alongside our external IT provider. Own cyber security - from vulnerability management and patching to incident response (in and out of hours). Act as Data Protection Lead, ensuring full GDPR compliance and robust data security. Manage hardware lifecycle, asset registers, and supplier performance. Provide expert technical support, user guidance, and escalation handling. Support audits, maintain documentation, and contribute to IT budgets and strategy. You'll work closely with the Corporate Services team, Office Manager and Ops Director in a collaborative, flat-hierarchy environment. What you'll need: Strong technical background in IT infrastructure, cloud environments, networking and cyber security. Experience with Microsoft 365, endpoint security, and identity/access management. Proven track record in information security, vulnerability management, and third-party supplier coordination. Good understanding of GDPR and data protection (Data Protection Lead qualification desirable although full training will be provided). Excellent problem-solving skills with the ability to explain technical issues clearly to non-technical users. Experience working with implementation or management / maintenance of SharePoint would be beneficial. Cyber Essentials / ISO 27001 knowledge is a big plus.
13/05/2026
Full time
IT Manager Vacancy with high-calibre Real Estate SME Paying up to £55,000 (potentially with some flex for the right candidate) Significant bonus (10%-25%) Occasional travel to US - once per year Primarily office based (at extremely high calibre offices in a particularly Central London location) London-based, highly profitable and extremely high-calibre SME working in the Real Estate sector are seeking an IT Manager to oversee their IT infrastructure, cyber security and data protection. This is a high-impact role where alongside orchestrating external IT Service Providers, you'll keep systems secure, resilient and running at peak performance while driving continuous improvement across the business. You'll be fully responsible for a small IT budget ( What you'll do: Lead and optimise IT infrastructure, cloud platforms (Microsoft 365 & SharePoint), networks, and core systems alongside our external IT provider. Own cyber security - from vulnerability management and patching to incident response (in and out of hours). Act as Data Protection Lead, ensuring full GDPR compliance and robust data security. Manage hardware lifecycle, asset registers, and supplier performance. Provide expert technical support, user guidance, and escalation handling. Support audits, maintain documentation, and contribute to IT budgets and strategy. You'll work closely with the Corporate Services team, Office Manager and Ops Director in a collaborative, flat-hierarchy environment. What you'll need: Strong technical background in IT infrastructure, cloud environments, networking and cyber security. Experience with Microsoft 365, endpoint security, and identity/access management. Proven track record in information security, vulnerability management, and third-party supplier coordination. Good understanding of GDPR and data protection (Data Protection Lead qualification desirable although full training will be provided). Excellent problem-solving skills with the ability to explain technical issues clearly to non-technical users. Experience working with implementation or management / maintenance of SharePoint would be beneficial. Cyber Essentials / ISO 27001 knowledge is a big plus.
Closing Date: 25th May 2026 Role Purpose The Head of Cyber Security & Privacy is accountable for implementing and maintaining information security across Nando's UKI's operations, protecting customers and Nandocas whilst enabling the business to operate securely. This role ensures security policies, standards and practices agreed with and set by the Group CISO are effectively embedded across restaurants, digital platforms, supply chain and support functions within the Nando's UKI. The role is a mixture of working with peers and the CISO to set standards and policies and assuring those in market. This individual is also the Data Protection Officer for Nando's UKI. Reporting & Accountability Reports to: UKI Technology Director Works closely with: Group CISO (for guidance, standards, and frameworks). Accountable for: UKI cyber security posture, compliance and assurance. Works closely with the UKI Chief Risk Officer Works closely with the Head of Product & Delivery- Technology Platforms. Key Responsibilities Security Implementation & Operations Understand Group security Architecture and Implement Group information security policies and standards across Nando's UKI. Understand how Group policies add to UKIs threat vectors and plan accordingly Manage day-to-day security operations including monitoring, threat detection and incident response. Coordinate with the Security Operations Centre on Nando's UKI-specific threats and incidents. Maintain the Nando's UKI cyber security risk register and escalate significant risks. Conduct security assessments of Nando's UKI systems, suppliers and processes. Act as approver for the Data Protection Impact Assessment process. Incident Response Act as Nando's UKI incident commander for cyber security incidents Coordinate response with Group CISO for major incidents Document and report incidents following Group standards Implement lessons learned and track remediation actions Nando's UKI Stakeholder Engagement Build relationships with Nando's UKI leadership (Tech, People, Ops, Risk, Legal, Supply Chain) Ensure security is embedded in Nando's UKI initiatives, projects and training. Support the Nando's UKI CEO to understand and prioritise cyber security Translate technical security risks into business impact for Nando's UKI stakeholders Security Culture & Awareness Deliver security awareness training to Nando's UKI teams using Group materials Make security engaging and relevant to restaurant teams and support office staff Act as the face of security in the Nando's UKI - visible, approachable and credible Communicate security in line with Nando's values and tone of voice Maintain knowledge of the evolving threat landscape, relevant regulatory requirements, and industry standards applicable to Nando's (e.g. ISO 27001 and NIST) Keep abreast of emerging risks related to technology, data privacy, and cyber security Actively engage with reputable industry bodies, publications, and peer networks, and apply relevant insights to continuously assess whether the organisation's security posture, policies, and controls remain fit for purpose. Third-Party & Vendor Management Assess security risks of Nando's UKI-specific suppliers and vendors Work with Procurement to ensure security requirements in supplier contracts Monitor ongoing compliance of third parties with security standards Escalate significant third-party risks to Group CISO Compliance & Audit Ensure and demonstrate Nando's UKI compliance with Group security policies and relevant legislation (e.g. GDPR, local data protection laws) Coordinate Nando's UKI participation in security audits and assessments Maintain evidence and documentation for compliance reporting Support Group CISO with regulatory reviews affecting the Nando's UKI Architecture & Projects Review and approve security requirements for Nando's UKI technology initiatives Ensure secure configuration of Nando's UKI systems and infrastructure Work with Group CISO to implement identity and access management standards Support secure deployment of the Global Nando's Platform in the Nando's UKI Data Security Implement data classification and data lifecycle management practices Ensure sensitive data is appropriately protected across the Nando's UKI Monitor and report on data security metrics Investigate and remediate data security incidents Skills & Qualifications Essential 5+ years experience in information security, with at least 2 years in a leadership role Strong practical knowledge of security operations, incident response and risk management Experience implementing security frameworks (NIST CSF, ISO 27001 or similar) Ability to influence stakeholders without direct authority Excellent communication skills - can explain technical risks to non-technical audiences Understanding of GDPR and data protection principles Experience working in multi-site or retail/hospitality environments Desirable Relevant certifications (CISSP, CISM, Security+, CEH or similar) Experience with cloud security (AWS, Azure, GCP) Up to date knowledge of security tools (SIEM, EDR, vulnerability management) Understanding of secure development practices Experience in a franchised or multi-site organisation What Success Looks Like Year 1: Nando's UKI leadership understands and actively supports security priorities Clean audit outcomes against Group security standards Security embedded in all major Nando's UKI projects and initiatives Effective incident response demonstrated through exercises and/or real incidents High engagement rates with security awareness programmes Ongoing: Nando's UKI consistently meets Group security metrics and KPIs Strong working relationship with Group CISO and other Nando's UKI Heads of Security Proactive identification and mitigation of Nando's UKI-specific risks Security seen as an enabler rather than a blocker Positive feedback from Nando's UKI stakeholders on security support and guidance Heart and soul. Passion and personality. You may know us as the home of PERi-PERi goodness, but we're actually a people-first, chicken-second kind of place.
13/05/2026
Full time
Closing Date: 25th May 2026 Role Purpose The Head of Cyber Security & Privacy is accountable for implementing and maintaining information security across Nando's UKI's operations, protecting customers and Nandocas whilst enabling the business to operate securely. This role ensures security policies, standards and practices agreed with and set by the Group CISO are effectively embedded across restaurants, digital platforms, supply chain and support functions within the Nando's UKI. The role is a mixture of working with peers and the CISO to set standards and policies and assuring those in market. This individual is also the Data Protection Officer for Nando's UKI. Reporting & Accountability Reports to: UKI Technology Director Works closely with: Group CISO (for guidance, standards, and frameworks). Accountable for: UKI cyber security posture, compliance and assurance. Works closely with the UKI Chief Risk Officer Works closely with the Head of Product & Delivery- Technology Platforms. Key Responsibilities Security Implementation & Operations Understand Group security Architecture and Implement Group information security policies and standards across Nando's UKI. Understand how Group policies add to UKIs threat vectors and plan accordingly Manage day-to-day security operations including monitoring, threat detection and incident response. Coordinate with the Security Operations Centre on Nando's UKI-specific threats and incidents. Maintain the Nando's UKI cyber security risk register and escalate significant risks. Conduct security assessments of Nando's UKI systems, suppliers and processes. Act as approver for the Data Protection Impact Assessment process. Incident Response Act as Nando's UKI incident commander for cyber security incidents Coordinate response with Group CISO for major incidents Document and report incidents following Group standards Implement lessons learned and track remediation actions Nando's UKI Stakeholder Engagement Build relationships with Nando's UKI leadership (Tech, People, Ops, Risk, Legal, Supply Chain) Ensure security is embedded in Nando's UKI initiatives, projects and training. Support the Nando's UKI CEO to understand and prioritise cyber security Translate technical security risks into business impact for Nando's UKI stakeholders Security Culture & Awareness Deliver security awareness training to Nando's UKI teams using Group materials Make security engaging and relevant to restaurant teams and support office staff Act as the face of security in the Nando's UKI - visible, approachable and credible Communicate security in line with Nando's values and tone of voice Maintain knowledge of the evolving threat landscape, relevant regulatory requirements, and industry standards applicable to Nando's (e.g. ISO 27001 and NIST) Keep abreast of emerging risks related to technology, data privacy, and cyber security Actively engage with reputable industry bodies, publications, and peer networks, and apply relevant insights to continuously assess whether the organisation's security posture, policies, and controls remain fit for purpose. Third-Party & Vendor Management Assess security risks of Nando's UKI-specific suppliers and vendors Work with Procurement to ensure security requirements in supplier contracts Monitor ongoing compliance of third parties with security standards Escalate significant third-party risks to Group CISO Compliance & Audit Ensure and demonstrate Nando's UKI compliance with Group security policies and relevant legislation (e.g. GDPR, local data protection laws) Coordinate Nando's UKI participation in security audits and assessments Maintain evidence and documentation for compliance reporting Support Group CISO with regulatory reviews affecting the Nando's UKI Architecture & Projects Review and approve security requirements for Nando's UKI technology initiatives Ensure secure configuration of Nando's UKI systems and infrastructure Work with Group CISO to implement identity and access management standards Support secure deployment of the Global Nando's Platform in the Nando's UKI Data Security Implement data classification and data lifecycle management practices Ensure sensitive data is appropriately protected across the Nando's UKI Monitor and report on data security metrics Investigate and remediate data security incidents Skills & Qualifications Essential 5+ years experience in information security, with at least 2 years in a leadership role Strong practical knowledge of security operations, incident response and risk management Experience implementing security frameworks (NIST CSF, ISO 27001 or similar) Ability to influence stakeholders without direct authority Excellent communication skills - can explain technical risks to non-technical audiences Understanding of GDPR and data protection principles Experience working in multi-site or retail/hospitality environments Desirable Relevant certifications (CISSP, CISM, Security+, CEH or similar) Experience with cloud security (AWS, Azure, GCP) Up to date knowledge of security tools (SIEM, EDR, vulnerability management) Understanding of secure development practices Experience in a franchised or multi-site organisation What Success Looks Like Year 1: Nando's UKI leadership understands and actively supports security priorities Clean audit outcomes against Group security standards Security embedded in all major Nando's UKI projects and initiatives Effective incident response demonstrated through exercises and/or real incidents High engagement rates with security awareness programmes Ongoing: Nando's UKI consistently meets Group security metrics and KPIs Strong working relationship with Group CISO and other Nando's UKI Heads of Security Proactive identification and mitigation of Nando's UKI-specific risks Security seen as an enabler rather than a blocker Positive feedback from Nando's UKI stakeholders on security support and guidance Heart and soul. Passion and personality. You may know us as the home of PERi-PERi goodness, but we're actually a people-first, chicken-second kind of place.
Join us and shape the future of secure software delivery. As a Lead Security Engineer, you'll work at the intersection of security and platform engineering, designing impactful solutions that enable teams to move fast while managing risk. You'll collaborate with talented squads, contribute to a culture that values unique perspectives, and foster growth, impact, and innovation. This is your opportunity to make a difference and advance your career in a dynamic, engineering led environment. We're committed to helping you thrive and grow. As a Lead Security Engineer at JPMorgan Chase in the Platform team, you will embed security into engineering workflows and deliver scalable, engineering solutions. You'll work at the intersection of security and platform engineering, actively designing, building, and implementing security capabilities. Your role is hands on, collaborating with squads to reduce platform risk and enable secure software delivery. You'll help shape a modern, engineering led approach to security, empowering teams to move fast while managing risk. Our culture values unique perspectives and fosters growth, impact, and innovation. Job Responsibilities Design, build, and operate scalable security capabilities integrated into engineering workflows Embed security into the software development lifecycle by implementing automated controls Improve software supply chain security through SBOM generation and dependency visibility Analyze and enrich vulnerability data with contextual information for effective remediation Provide actionable insights and guidance to engineering teams to address security issues Collaborate with platform and product engineering teams to drive secure development practices Identify and assess security risks in runtime and cloud environments, supporting remediation Support the development and operation of runtime security tooling for production risk visibility Contribute to security incident response activities, including triage and investigation Develop and maintain incident response processes, runbooks, and detection capabilities Work with risk, governance, and control teams to support reporting and compliance Required Qualifications, Capabilities, and Skills Hands on experience in software, platform, or cloud engineering roles deploying systems in public cloud environments Strong ability to design and implement security controls within engineering workflows, especially CI/CD pipelines Proficiency in at least one programming or scripting language for automation and integration Solid understanding of the Software Development Life Cycle and integrating security practices Experience applying security testing and controls within CI/CD pipelines Familiarity with cloud native technologies, including containerization and orchestration platforms Strong analytical and problem solving skills to deliver practical security solutions Good understanding of modern engineering practices, including CI/CD, system resilience, and secure software delivery Preferred Qualifications, Capabilities, and Skills Experience in platform security, DevSecOps, or engineering led security teams Familiarity with security tools such as Snyk and Wiz Knowledge of software supply chain security concepts, including SBOM, SLSA, and dependency management Cloud certifications, preferably GCP (e.g., Professional Cloud Architect, Professional DevOps Engineer) Experience operating in large scale enterprise environments within regulated industries Ability to communicate technical risks clearly to engineering teams and senior stakeholders
13/05/2026
Full time
Join us and shape the future of secure software delivery. As a Lead Security Engineer, you'll work at the intersection of security and platform engineering, designing impactful solutions that enable teams to move fast while managing risk. You'll collaborate with talented squads, contribute to a culture that values unique perspectives, and foster growth, impact, and innovation. This is your opportunity to make a difference and advance your career in a dynamic, engineering led environment. We're committed to helping you thrive and grow. As a Lead Security Engineer at JPMorgan Chase in the Platform team, you will embed security into engineering workflows and deliver scalable, engineering solutions. You'll work at the intersection of security and platform engineering, actively designing, building, and implementing security capabilities. Your role is hands on, collaborating with squads to reduce platform risk and enable secure software delivery. You'll help shape a modern, engineering led approach to security, empowering teams to move fast while managing risk. Our culture values unique perspectives and fosters growth, impact, and innovation. Job Responsibilities Design, build, and operate scalable security capabilities integrated into engineering workflows Embed security into the software development lifecycle by implementing automated controls Improve software supply chain security through SBOM generation and dependency visibility Analyze and enrich vulnerability data with contextual information for effective remediation Provide actionable insights and guidance to engineering teams to address security issues Collaborate with platform and product engineering teams to drive secure development practices Identify and assess security risks in runtime and cloud environments, supporting remediation Support the development and operation of runtime security tooling for production risk visibility Contribute to security incident response activities, including triage and investigation Develop and maintain incident response processes, runbooks, and detection capabilities Work with risk, governance, and control teams to support reporting and compliance Required Qualifications, Capabilities, and Skills Hands on experience in software, platform, or cloud engineering roles deploying systems in public cloud environments Strong ability to design and implement security controls within engineering workflows, especially CI/CD pipelines Proficiency in at least one programming or scripting language for automation and integration Solid understanding of the Software Development Life Cycle and integrating security practices Experience applying security testing and controls within CI/CD pipelines Familiarity with cloud native technologies, including containerization and orchestration platforms Strong analytical and problem solving skills to deliver practical security solutions Good understanding of modern engineering practices, including CI/CD, system resilience, and secure software delivery Preferred Qualifications, Capabilities, and Skills Experience in platform security, DevSecOps, or engineering led security teams Familiarity with security tools such as Snyk and Wiz Knowledge of software supply chain security concepts, including SBOM, SLSA, and dependency management Cloud certifications, preferably GCP (e.g., Professional Cloud Architect, Professional DevOps Engineer) Experience operating in large scale enterprise environments within regulated industries Ability to communicate technical risks clearly to engineering teams and senior stakeholders
Olo is a leading SaaS platform accelerating digital transformation in the restaurant industry, by helping customers deliver more personalized and profitable guest experiences. As a result, our digital ordering, payment, and guest engagement solutions enable brands to do more with less and make every guest feel like a regular. As Senior Security Engineer, you will help Olo reduce identified risks, respond to adversarial attacks while maintaining the up time of our systems, and implement the right strategic risk mitigation measures to safeguard the data of our clients and their customers while supporting innovation. You will also provide white glove service and support to internal and external stakeholders by addressing security questions and support issues as needed, and by mentoring other engineers in how to best provide support. Additionally, you will help in the identification and prioritization of future project initiatives based on risk, and execute on cross functional projects with a high degree of ownership and excellence, all while actively mentoring other team members and elevating the collective team's capabilities and skill sets through peering and informal training. This position is fully remote and allows you to work from anywhere within Northern Ireland. How you'll make an impact Lead improvements in detection and response capabilities, continuously optimizing monitoring, alerting, and incident response processes. Mentor junior and mid level engineers, setting a high standard in security practices and offering guidance for professional development. Participate actively in a 24/7 on call rotation, responding to escalated security incidents and coordinating effective resolutions. Demonstrate excellence in white glove service delivery, ensuring security incidents are managed thoroughly and with professionalism. Define and collaborate on implementing leading security practices, ensuring strategies align with organizational security goals and industry standards. Take ownership of security project execution, prioritizing tasks and aligning initiatives with team and company objectives. Use and optimize advanced security tools, including SIEMs and vulnerability scanners, to enhance detection, logging, and analysis capabilities. Conduct regular and detailed vulnerability assessments, identifying gaps in security controls and implementing mitigation strategies. Support compliance efforts, ensuring documentation, audits, and regulatory standards are met to maintain certifications and adherence to best practices. Collaborate with cross functional teams, including development and IT, to integrate security best practices within architectural frameworks. Lead security awareness initiatives, educating technical teams on advanced security topics and secure coding practices. Stay informed on emerging security threats and technologies, continuously evaluating and integrating relevant tools or methodologies. Provide guidance for risk management processes, helping to establish and maintain effective risk identification and mitigation protocols. Develop and document security processes and procedures, ensuring consistency and readiness for both routine and high stress security incidents. Support leadership with reporting by providing insights and data on incidents, vulnerabilities, project progress, and metrics to inform security decisions. Lead automation and process optimization efforts by developing scripts and tools to automate repetitive security tasks as well as to enhance detection and response capabilities through the use of automation and integration of security tools. What will set you up for success Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent security experience). 3+ years of experience in security engineering and operations, including extensive experience in blue team operations, security architecture, DevOps, and general operations. Deep knowledge of information technology, evolving threats, attack patterns, incident response, and cybersecurity standards. Proven ability to develop and lead incident response, including remediation, mitigation, and regular status updates and reporting. Skilled in security event evaluation, discerning legitimate security incidents from false positives, incident investigation, countermeasures, and impact monitoring. Strong understanding of operating system, networking, and application hardening for Windows, macOS, and Linux, including virtualization security. Experience deploying, maintaining, and administering security technologies like IDS, DLP, FIM, firewalls, SIEM, MFA, vulnerability assessment tools, web proxies, and WAFs. Experience with cloud providers and Infrastructure as Code (IaC) tools, such as Terraform, Ansible, or CloudFormation. Proficiency in AWS security best practices. Skills in automation, development, or scripting for enhanced security operations. Advanced knowledge of Application Security, modern web protocols, and Web Application Firewalls. Proficiency in email security protocols like SPF, DKIM, and DMARC. About Olo Olo is a leading restaurant technology provider with ordering, payment, and guest engagement solutions that help brands increase orders, streamline operations, and improve the guest experience. Each day, Olo processes millions of orders on its open SaaS platform, gathering the right data from each touchpoint into a single source-so restaurants can better understand and better serve every guest on every channel, every time. Over 800 restaurant brands trust Olo and its network of more than 400 integration partners to innovate on behalf of the restaurant community, accelerating technology's positive impact and creating a world where every restaurant guest feels like a regular. Learn more at
13/05/2026
Full time
Olo is a leading SaaS platform accelerating digital transformation in the restaurant industry, by helping customers deliver more personalized and profitable guest experiences. As a result, our digital ordering, payment, and guest engagement solutions enable brands to do more with less and make every guest feel like a regular. As Senior Security Engineer, you will help Olo reduce identified risks, respond to adversarial attacks while maintaining the up time of our systems, and implement the right strategic risk mitigation measures to safeguard the data of our clients and their customers while supporting innovation. You will also provide white glove service and support to internal and external stakeholders by addressing security questions and support issues as needed, and by mentoring other engineers in how to best provide support. Additionally, you will help in the identification and prioritization of future project initiatives based on risk, and execute on cross functional projects with a high degree of ownership and excellence, all while actively mentoring other team members and elevating the collective team's capabilities and skill sets through peering and informal training. This position is fully remote and allows you to work from anywhere within Northern Ireland. How you'll make an impact Lead improvements in detection and response capabilities, continuously optimizing monitoring, alerting, and incident response processes. Mentor junior and mid level engineers, setting a high standard in security practices and offering guidance for professional development. Participate actively in a 24/7 on call rotation, responding to escalated security incidents and coordinating effective resolutions. Demonstrate excellence in white glove service delivery, ensuring security incidents are managed thoroughly and with professionalism. Define and collaborate on implementing leading security practices, ensuring strategies align with organizational security goals and industry standards. Take ownership of security project execution, prioritizing tasks and aligning initiatives with team and company objectives. Use and optimize advanced security tools, including SIEMs and vulnerability scanners, to enhance detection, logging, and analysis capabilities. Conduct regular and detailed vulnerability assessments, identifying gaps in security controls and implementing mitigation strategies. Support compliance efforts, ensuring documentation, audits, and regulatory standards are met to maintain certifications and adherence to best practices. Collaborate with cross functional teams, including development and IT, to integrate security best practices within architectural frameworks. Lead security awareness initiatives, educating technical teams on advanced security topics and secure coding practices. Stay informed on emerging security threats and technologies, continuously evaluating and integrating relevant tools or methodologies. Provide guidance for risk management processes, helping to establish and maintain effective risk identification and mitigation protocols. Develop and document security processes and procedures, ensuring consistency and readiness for both routine and high stress security incidents. Support leadership with reporting by providing insights and data on incidents, vulnerabilities, project progress, and metrics to inform security decisions. Lead automation and process optimization efforts by developing scripts and tools to automate repetitive security tasks as well as to enhance detection and response capabilities through the use of automation and integration of security tools. What will set you up for success Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent security experience). 3+ years of experience in security engineering and operations, including extensive experience in blue team operations, security architecture, DevOps, and general operations. Deep knowledge of information technology, evolving threats, attack patterns, incident response, and cybersecurity standards. Proven ability to develop and lead incident response, including remediation, mitigation, and regular status updates and reporting. Skilled in security event evaluation, discerning legitimate security incidents from false positives, incident investigation, countermeasures, and impact monitoring. Strong understanding of operating system, networking, and application hardening for Windows, macOS, and Linux, including virtualization security. Experience deploying, maintaining, and administering security technologies like IDS, DLP, FIM, firewalls, SIEM, MFA, vulnerability assessment tools, web proxies, and WAFs. Experience with cloud providers and Infrastructure as Code (IaC) tools, such as Terraform, Ansible, or CloudFormation. Proficiency in AWS security best practices. Skills in automation, development, or scripting for enhanced security operations. Advanced knowledge of Application Security, modern web protocols, and Web Application Firewalls. Proficiency in email security protocols like SPF, DKIM, and DMARC. About Olo Olo is a leading restaurant technology provider with ordering, payment, and guest engagement solutions that help brands increase orders, streamline operations, and improve the guest experience. Each day, Olo processes millions of orders on its open SaaS platform, gathering the right data from each touchpoint into a single source-so restaurants can better understand and better serve every guest on every channel, every time. Over 800 restaurant brands trust Olo and its network of more than 400 integration partners to innovate on behalf of the restaurant community, accelerating technology's positive impact and creating a world where every restaurant guest feels like a regular. Learn more at
A leading financial institution in Greater London is seeking an Assistant Vice President, Red Team Operator. The role involves executing technical risk assessments, analyzing customer security requirements, and developing guidelines for information resources. The ideal candidate holds a degree in Computer Science and has experience in cybersecurity assessments, penetration testing, and vulnerability management. Offering a full-time position, this role emphasizes collaboration and adherence to security standards.
13/05/2026
Full time
A leading financial institution in Greater London is seeking an Assistant Vice President, Red Team Operator. The role involves executing technical risk assessments, analyzing customer security requirements, and developing guidelines for information resources. The ideal candidate holds a degree in Computer Science and has experience in cybersecurity assessments, penetration testing, and vulnerability management. Offering a full-time position, this role emphasizes collaboration and adherence to security standards.
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. Education Degree or equivalent work experience equally preferable Degree in Computer Science or related fields Certifications Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Other security certifications desired Work Experience Experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management Experience working in a global, complex, matrix managed organization Prior information technology (IT) experience in mid or large scale companies Prior experience in regional, national or multinational financial institutions Experience with one or more of the following control areas: Identity and Access Management Incident Response and Logging Encryption Secure Coding Vulnerability Management Configuration Management Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards Experience in working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation Technical knowledge and hands on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly) Functional Skills Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc Familiarity with one or more of the following technology areas is highly desirable: Network infrastructure (technologies, architectures, operations) Various network and host based security products and services Active Directory, servers, services, desktops and mobile devices Unix, Linux, AIX IBM Mainframe, Top Secret SQL, Oracle, DB2 Databases Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies Ability to identify and propose process and technology controls in dynamic environments Ability to conduct Computer Network Defense (CND) analysis by performing Deep Packet Inspection (DPI) of network traffic to identify and analyze anomalies and potential security issues Working knowledge and experience applying Information Assurance techniques to the implementation of complex networked systems environments and enterprise wide systems In depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring networked Devices, and Managing Network Environments, extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point to Point connections, and Establishing Frame Demonstrate in depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these include risk management, access control, cryptography, physical security, security architecture and design, network security, application and operations security and compliance/incident management Proficient working knowledge within the following risk domains/technologies: Database and application security IDS/IPS technologies System/Access Administration Firewall technologies Network Architecture Security Event Logging and Monitoring Key Management/Tokenization Database/Application/Network Layer Secure Protocols Physical and Environmental Security Secure Software/Code Development Change Management Vulnerability Management Foundational Skills Communicates effectively Identifies multiple paths to success using analytical and critical thinking as well as decision making skills Exercises sound judgement, prioritises effectively, and strives for continuous improvement Effectively collaborates with colleagues Leverages available technology to drive efficiency and results Understands and applies industry trends and best practices Exhibits optimism, resilience, flexibility, and openness to others' ideas Values learning as a lifelong professional objective Engages inclusively and with intent Always acts with integrity Iterative problem solving Serving as a trusted advisor Responsibilities Develop guidelines for the usage, control, maintenance and audit readiness of information and computer resources that are used in the distributed processing environment Analyse and address customer security requirements for all business applications existing on a distributed platform Assist in the evaluation, selection and installation of security software products for distributed platforms Identify distributed systems security issues as they arise and coordinate with the security architect to ensure that issues are addressed and resolved in a timely basis Execute technical risk assessment activities for scoped environments Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals Perform reporting of findings, issue resolution and management of findings Support FLOD/SLOD assessments, audits and external exams Provide effective, accurate and timely reporting Ensure accurate and complete documentation Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements Perform Information Security remote/table top assessments Perform Information Security onsite assessments at vendor locations when required Perform penetration testing, dynamic and static code analysis and analysis on the bank's infrastructure and application information security on an ongoing and project basis Lead risk findings to resolution Assessing the efficiency, relevance, and integrity of collected data Identifying control deficiencies by analysing and identifying underlying root causes Designing, implementing, and collaborating on a range of information security metrics and performance reports Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies Evaluate effectively information security threats Analyse test results in an objective and quantifiable manner Identify high risk findings and lead the mitigation of control deficiencies Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyse the information to identify information security weaknesses or non compliance with company and industry standards Produce detailed documentation of assessments and perform threat analysis of gaps identified Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks Validate evidence from vendors before remediation plans are closed We are open to considering flexible working requests in line with organisational requirements. MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership. We make our recruitment decisions in a non discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
13/05/2026
Full time
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. Education Degree or equivalent work experience equally preferable Degree in Computer Science or related fields Certifications Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Other security certifications desired Work Experience Experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management Experience working in a global, complex, matrix managed organization Prior information technology (IT) experience in mid or large scale companies Prior experience in regional, national or multinational financial institutions Experience with one or more of the following control areas: Identity and Access Management Incident Response and Logging Encryption Secure Coding Vulnerability Management Configuration Management Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards Experience in working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation Technical knowledge and hands on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly) Functional Skills Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc Familiarity with one or more of the following technology areas is highly desirable: Network infrastructure (technologies, architectures, operations) Various network and host based security products and services Active Directory, servers, services, desktops and mobile devices Unix, Linux, AIX IBM Mainframe, Top Secret SQL, Oracle, DB2 Databases Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies Ability to identify and propose process and technology controls in dynamic environments Ability to conduct Computer Network Defense (CND) analysis by performing Deep Packet Inspection (DPI) of network traffic to identify and analyze anomalies and potential security issues Working knowledge and experience applying Information Assurance techniques to the implementation of complex networked systems environments and enterprise wide systems In depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring networked Devices, and Managing Network Environments, extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point to Point connections, and Establishing Frame Demonstrate in depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these include risk management, access control, cryptography, physical security, security architecture and design, network security, application and operations security and compliance/incident management Proficient working knowledge within the following risk domains/technologies: Database and application security IDS/IPS technologies System/Access Administration Firewall technologies Network Architecture Security Event Logging and Monitoring Key Management/Tokenization Database/Application/Network Layer Secure Protocols Physical and Environmental Security Secure Software/Code Development Change Management Vulnerability Management Foundational Skills Communicates effectively Identifies multiple paths to success using analytical and critical thinking as well as decision making skills Exercises sound judgement, prioritises effectively, and strives for continuous improvement Effectively collaborates with colleagues Leverages available technology to drive efficiency and results Understands and applies industry trends and best practices Exhibits optimism, resilience, flexibility, and openness to others' ideas Values learning as a lifelong professional objective Engages inclusively and with intent Always acts with integrity Iterative problem solving Serving as a trusted advisor Responsibilities Develop guidelines for the usage, control, maintenance and audit readiness of information and computer resources that are used in the distributed processing environment Analyse and address customer security requirements for all business applications existing on a distributed platform Assist in the evaluation, selection and installation of security software products for distributed platforms Identify distributed systems security issues as they arise and coordinate with the security architect to ensure that issues are addressed and resolved in a timely basis Execute technical risk assessment activities for scoped environments Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals Perform reporting of findings, issue resolution and management of findings Support FLOD/SLOD assessments, audits and external exams Provide effective, accurate and timely reporting Ensure accurate and complete documentation Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements Perform Information Security remote/table top assessments Perform Information Security onsite assessments at vendor locations when required Perform penetration testing, dynamic and static code analysis and analysis on the bank's infrastructure and application information security on an ongoing and project basis Lead risk findings to resolution Assessing the efficiency, relevance, and integrity of collected data Identifying control deficiencies by analysing and identifying underlying root causes Designing, implementing, and collaborating on a range of information security metrics and performance reports Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies Evaluate effectively information security threats Analyse test results in an objective and quantifiable manner Identify high risk findings and lead the mitigation of control deficiencies Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyse the information to identify information security weaknesses or non compliance with company and industry standards Produce detailed documentation of assessments and perform threat analysis of gaps identified Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks Validate evidence from vendors before remediation plans are closed We are open to considering flexible working requests in line with organisational requirements. MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership. We make our recruitment decisions in a non discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
What you'll bring to the team Information Security Engineer Location: London/Hybrid Hours: 40 hours per week Contract: Permanent - Salaried At Merlin Entertainments, our purpose is simple but powerful: to bring joy, create connections and make memories. Merlin is embarking on an exciting Digital and Data Transformation focused on enhancing the end-to-end guest journey in our attractions. As we continue our ambitious global transformation journey, technology plays a critical role in enabling sustainable growth and unforgettable guest experiences across our iconic destinations. As an Information Security Engineer at Merlin Entertainments, you will play a critical role in safeguarding our global IT infrastructure, networks, and sensitive data. Reporting to the Information Security Manager, you will design, implement, and maintain robust security controls to protect against cyber threats, ensuring the confidentiality, integrity, and availability of our systems. This is an exciting opportunity to contribute to the security of a dynamic, guest focused entertainment company with a diverse digital footprint, including ticketing platforms, guest data management, and operational technologies across theme parks and attractions. Security Solutions Design, implement, and manage security solutions, including firewalls, intrusion detection/prevention systems, endpoint protection, and vulnerability management tools. Conduct regular security assessments, penetration testing, and vulnerability scans to identify and remediate risks in networks, applications, and cloud environments. Monitor systems for security incidents, investigate breaches, and lead response efforts in collaboration with the IT team. Develop and maintain security policies, standards, and procedures in line with industry best practices and compliance requirements (e.g., GDPR, PCI DSS, ISO 27001). Collaborate with cross functional teams (IT, Operations, Development) to integrate security into new projects, system changes, and digital transformations. Perform threat modeling and risk assessments for emerging technologies and attraction related systems. Stay up to date with the latest cyber threats, vulnerabilities, and security trends, providing recommendations to enhance our defenses. Support security awareness training and educate staff on best practices. Participate in incident response planning, audits, and compliance reporting. Collaboration & Integration Work closely with apps, data and DevOps teams to ensure that services and solutions meet the requirements of data integration, processing, and analytics workloads. Liaise with third party vendors and managed service providers for escalations and issue resolution. Security and Compliance Follow and enforce access control and identity management policies across platforms. Reporting and Communication Communicate clearly with internal stakeholders about planned maintenance, service issues, and enhancements. Provide documentation and contribute to knowledge bases for operational support and onboarding. Qualifications & Experience Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field (or equivalent experience). 3+ years of experience in information security engineering or a similar role. Strong technical knowledge of security tools and technologies (e.g., SIEM, firewalls, IDS/IPS, endpoint security, encryption). Experience with cloud security (e.g., AWS, Azure), network security, and vulnerability management. Relevant certifications such as CISSP, CompTIA Security+, CEH, or equivalent are highly desirable. Excellent problem solving skills with the ability to analyse complex security issues and implement effective solutions. Strong communication skills to collaborate with technical and non technical stakeholders. Ability to work in a fast paced environment and manage multiple priorities. Passion for entertainment and a commitment to protecting guest experiences through secure systems. Problem Solving with the ability to assess complex technical issues and develop practical solutions. Organisational and project management skills, with a focus on delivering high quality outcomes Adaptability and a growth mindset, with a willingness to embrace new technologies and methodologies. Benefits 'Enjoy the Ride' Merlin Annual Passes - 6 in total per year, 1 for you, plus 5 to gift to loved ones! Merlin Magic Pass - 20 free tickets for you, your family and friends to enjoy all our Merlin Attractions across the world rising to 40 after a year's service 33 days holiday (including bank holidays) Company bonus Private pension scheme 40% discount online off LEGO 25% discount in our on site retail shops and restaurants Ongoing training and development opportunities Plus, many more If you have any questions or if you require any assistance, because of a disability or medical condition, please contact us by email at and one of the team will get back to you as soon as possible. Pay Range Competitive
13/05/2026
Full time
What you'll bring to the team Information Security Engineer Location: London/Hybrid Hours: 40 hours per week Contract: Permanent - Salaried At Merlin Entertainments, our purpose is simple but powerful: to bring joy, create connections and make memories. Merlin is embarking on an exciting Digital and Data Transformation focused on enhancing the end-to-end guest journey in our attractions. As we continue our ambitious global transformation journey, technology plays a critical role in enabling sustainable growth and unforgettable guest experiences across our iconic destinations. As an Information Security Engineer at Merlin Entertainments, you will play a critical role in safeguarding our global IT infrastructure, networks, and sensitive data. Reporting to the Information Security Manager, you will design, implement, and maintain robust security controls to protect against cyber threats, ensuring the confidentiality, integrity, and availability of our systems. This is an exciting opportunity to contribute to the security of a dynamic, guest focused entertainment company with a diverse digital footprint, including ticketing platforms, guest data management, and operational technologies across theme parks and attractions. Security Solutions Design, implement, and manage security solutions, including firewalls, intrusion detection/prevention systems, endpoint protection, and vulnerability management tools. Conduct regular security assessments, penetration testing, and vulnerability scans to identify and remediate risks in networks, applications, and cloud environments. Monitor systems for security incidents, investigate breaches, and lead response efforts in collaboration with the IT team. Develop and maintain security policies, standards, and procedures in line with industry best practices and compliance requirements (e.g., GDPR, PCI DSS, ISO 27001). Collaborate with cross functional teams (IT, Operations, Development) to integrate security into new projects, system changes, and digital transformations. Perform threat modeling and risk assessments for emerging technologies and attraction related systems. Stay up to date with the latest cyber threats, vulnerabilities, and security trends, providing recommendations to enhance our defenses. Support security awareness training and educate staff on best practices. Participate in incident response planning, audits, and compliance reporting. Collaboration & Integration Work closely with apps, data and DevOps teams to ensure that services and solutions meet the requirements of data integration, processing, and analytics workloads. Liaise with third party vendors and managed service providers for escalations and issue resolution. Security and Compliance Follow and enforce access control and identity management policies across platforms. Reporting and Communication Communicate clearly with internal stakeholders about planned maintenance, service issues, and enhancements. Provide documentation and contribute to knowledge bases for operational support and onboarding. Qualifications & Experience Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field (or equivalent experience). 3+ years of experience in information security engineering or a similar role. Strong technical knowledge of security tools and technologies (e.g., SIEM, firewalls, IDS/IPS, endpoint security, encryption). Experience with cloud security (e.g., AWS, Azure), network security, and vulnerability management. Relevant certifications such as CISSP, CompTIA Security+, CEH, or equivalent are highly desirable. Excellent problem solving skills with the ability to analyse complex security issues and implement effective solutions. Strong communication skills to collaborate with technical and non technical stakeholders. Ability to work in a fast paced environment and manage multiple priorities. Passion for entertainment and a commitment to protecting guest experiences through secure systems. Problem Solving with the ability to assess complex technical issues and develop practical solutions. Organisational and project management skills, with a focus on delivering high quality outcomes Adaptability and a growth mindset, with a willingness to embrace new technologies and methodologies. Benefits 'Enjoy the Ride' Merlin Annual Passes - 6 in total per year, 1 for you, plus 5 to gift to loved ones! Merlin Magic Pass - 20 free tickets for you, your family and friends to enjoy all our Merlin Attractions across the world rising to 40 after a year's service 33 days holiday (including bank holidays) Company bonus Private pension scheme 40% discount online off LEGO 25% discount in our on site retail shops and restaurants Ongoing training and development opportunities Plus, many more If you have any questions or if you require any assistance, because of a disability or medical condition, please contact us by email at and one of the team will get back to you as soon as possible. Pay Range Competitive
Assistant Vice President, Red Team Operator page is loaded Assistant Vice President, Red Team Operatorlocations: Londontime type: Full timeposted on: Posted Todayjob requisition id: -WDDiscover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.EDUCATION• Degree or equivalent work experience equally preferable• Degree in Computer Science or related fieldsCERTIFICATIONS• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or other security certifications desiredWORK EXPERIENCE• - Experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management• - Experience working in a global, complex, matrix-managed organization• - Prior information technology (IT) experience in mid or large-scale companies• - Prior experience in regional, national or multinational financial institutions• - Experience with one or more of the following control areas:• o Identity and Access Management• o Incident Response and Logging• o Encryption• o Secure Coding• o Vulnerability Management• o Configuration Management• - Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards• - Experience in working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation• - Technical knowledge and hands on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption• - Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly)FUNCTIONAL SKILLS• - Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc• - Familiarity with one or more of the following technology areas is highly desirable:• o Network infrastructure (technologies, architectures, operations)• o Various network and host-based security products and services• o Active Directory, servers, services, desktops and mobile devices• o Unix, Linux, AIX• o IBM Mainframe, Top Secret• o SQL, Oracle, DB2 Databases• - Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies• - Ability to identify and propose process and technology controls in dynamic environments• - Ability to conduct Computer Network Defense (CND) analysis by performing Deep Packet Inspection (DPI) of network traffic to identify and analyze anomalies and potential security issues• - Working knowledge and experience applying Information Assurance techniques to the implementation of complex networked systems environments and enterprise wide systems• - In-depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring networked Devices, and Managing Network Environments, extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point-to-Point connections, and Establishing Frame• - Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application and operations security and compliance/incident management.• - Proficient working knowledge within the following risk domains/technologies:• o Database and application security• o IDS/IPS technologies• o System/Access Administration• o Firewall technologies• o Network Architecture• o Security Event Logging and Monitoring• o Key Management/Tokenization• o Database/Application/Network Layer Secure Protocols• o Physical and Environmental Security• o Secure Software/Code Development• o Change Management• o Vulnerability ManagementFOUNDATIONAL SKILLS• Communicates effectively• Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills• Exercises sound judgement, prioritizes effectively, and strives for continuous improvement• Effectively collaborates with colleagues• Leverages available technology to drive efficiency and results• Understands and applies industry trends and best practices• Exhibits optimism, resilience, flexibility, and openness to others' ideas• Values learning as a lifelong professional objective• Engages inclusively and with intent• Always acts with integrity• Iterative problem-solving• Serving as a trusted advisorRESPONSIBILITIES• High Level Responsibilities:• Develop guidelines for the usage, control, maintenance and audit-readiness of information and computer resources that are used in the distributed processing environment.• Analyze and addressing customer security requirements for all business applications existing on a distributed platform.• Assist in the evaluation, selection, and installation of security software products for distributed platforms.• Identify distributed systems security issues as they arise and coordinating with the security architect to ensure that issues are addressed and resolved in a timely basis.• Details:• - Execute technical risk assessment activities for scoped environments• - Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals• - Perform reporting of findings, issue resolution and management of findings• - Support FLOD/SLOD assessments, audits and external exams• - Provide effective, accurate and timely reporting• - Ensure accurate and complete documentation• - Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements• - Perform Information Security remote/table-top assessments• - Perform Information Security onsite assessments at vendor locations when required• - Perform penetration testing, dynamic and static code analysis and analysis on the bank's the infrastructure and application information security on an ongoing and project basis• - Lead risk findings to resolution• - Assessing the efficiency, relevance, and integrity of collected data• - Identifying control deficiencies by analyzing and identifying underlying root causes• - Designing, implementing, and collaborating on a range of information security metrics and performance reports• - Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies• - Evaluate effectively information security threats• - Analyze test results in an objective
13/05/2026
Full time
Assistant Vice President, Red Team Operator page is loaded Assistant Vice President, Red Team Operatorlocations: Londontime type: Full timeposted on: Posted Todayjob requisition id: -WDDiscover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.EDUCATION• Degree or equivalent work experience equally preferable• Degree in Computer Science or related fieldsCERTIFICATIONS• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or other security certifications desiredWORK EXPERIENCE• - Experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management• - Experience working in a global, complex, matrix-managed organization• - Prior information technology (IT) experience in mid or large-scale companies• - Prior experience in regional, national or multinational financial institutions• - Experience with one or more of the following control areas:• o Identity and Access Management• o Incident Response and Logging• o Encryption• o Secure Coding• o Vulnerability Management• o Configuration Management• - Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards• - Experience in working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation• - Technical knowledge and hands on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption• - Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly)FUNCTIONAL SKILLS• - Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc• - Familiarity with one or more of the following technology areas is highly desirable:• o Network infrastructure (technologies, architectures, operations)• o Various network and host-based security products and services• o Active Directory, servers, services, desktops and mobile devices• o Unix, Linux, AIX• o IBM Mainframe, Top Secret• o SQL, Oracle, DB2 Databases• - Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies• - Ability to identify and propose process and technology controls in dynamic environments• - Ability to conduct Computer Network Defense (CND) analysis by performing Deep Packet Inspection (DPI) of network traffic to identify and analyze anomalies and potential security issues• - Working knowledge and experience applying Information Assurance techniques to the implementation of complex networked systems environments and enterprise wide systems• - In-depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring networked Devices, and Managing Network Environments, extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point-to-Point connections, and Establishing Frame• - Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application and operations security and compliance/incident management.• - Proficient working knowledge within the following risk domains/technologies:• o Database and application security• o IDS/IPS technologies• o System/Access Administration• o Firewall technologies• o Network Architecture• o Security Event Logging and Monitoring• o Key Management/Tokenization• o Database/Application/Network Layer Secure Protocols• o Physical and Environmental Security• o Secure Software/Code Development• o Change Management• o Vulnerability ManagementFOUNDATIONAL SKILLS• Communicates effectively• Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills• Exercises sound judgement, prioritizes effectively, and strives for continuous improvement• Effectively collaborates with colleagues• Leverages available technology to drive efficiency and results• Understands and applies industry trends and best practices• Exhibits optimism, resilience, flexibility, and openness to others' ideas• Values learning as a lifelong professional objective• Engages inclusively and with intent• Always acts with integrity• Iterative problem-solving• Serving as a trusted advisorRESPONSIBILITIES• High Level Responsibilities:• Develop guidelines for the usage, control, maintenance and audit-readiness of information and computer resources that are used in the distributed processing environment.• Analyze and addressing customer security requirements for all business applications existing on a distributed platform.• Assist in the evaluation, selection, and installation of security software products for distributed platforms.• Identify distributed systems security issues as they arise and coordinating with the security architect to ensure that issues are addressed and resolved in a timely basis.• Details:• - Execute technical risk assessment activities for scoped environments• - Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals• - Perform reporting of findings, issue resolution and management of findings• - Support FLOD/SLOD assessments, audits and external exams• - Provide effective, accurate and timely reporting• - Ensure accurate and complete documentation• - Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements• - Perform Information Security remote/table-top assessments• - Perform Information Security onsite assessments at vendor locations when required• - Perform penetration testing, dynamic and static code analysis and analysis on the bank's the infrastructure and application information security on an ongoing and project basis• - Lead risk findings to resolution• - Assessing the efficiency, relevance, and integrity of collected data• - Identifying control deficiencies by analyzing and identifying underlying root causes• - Designing, implementing, and collaborating on a range of information security metrics and performance reports• - Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies• - Evaluate effectively information security threats• - Analyze test results in an objective
Hampshire County Council
City Of Westminster, London
Head of Cyber Security WCC623727 Salary range: £79,005 - £109,833 per annum. Salary negotiable depending upon experience. Work location: Westminster City Hall, 64 Victoria Street, Westminster, SW1E 6QP Hours per week: 36 Contract type: Permanent Vetting requirements: Standard DBS Check Closing date: 04 May 2026 Interview dates: There will be an in person assessment at Westminster City Hall on 11 May 2026, followed by interviews on 20 May 2026 Role As Head of Cyber Security you can make your own powerful contribution to Westminster's success. This is a senior security role, where the focus is on helping the organisation do its best work - with security built in, not bolted on. Responsibilities You will lead the Cyber Security team and shape the Council's security strategy and policies, making sure they are practical and fit for a local government environment. Working closely with colleagues across Digital and Innovation, and alongside the Senior Information Risk Owner (SIRO) and the Data Protection Officer (DPO), you will help embed security into everyday decision making and into how services are delivered. A big part of the role is about continuous improvement. You will lead work to strengthen the Council's security posture, aligning with industry standard control frameworks and staying on top of the wider threat landscape, including the specific risks facing local government. You'll help the organisation balance delivery, risk and compliance - supporting informed choices rather than blocking progress. You will provide clear leadership and direction for the Cyber Security team, including managing the budget for people, tools and capital projects. You'll oversee business as usual security activity, from incident response and vulnerability management through to security engineering improvements and protecting the Council's supply chain. You'll also be a visible advocate for good security culture. You will drive change across the organisation by promoting secure by design principles, embedding security into the Software Development Lifecycle, and supporting teams to make safer choices when selecting products and services. Through security communication and engagement campaigns, you will help build understanding and shared ownership of security at all levels. The role has a strong external and operational dimension too. You will represent the Council in local, national and international forums and partnerships, sharing insight and learning from others. You will also play a key role in responding to major incidents - supporting Borough Emergency Control Centre activation, taking part in the emergency rota, and coordinating responses with the Executive Team, the Security Operations Centre and cyber incident response partners. Qualifications You bring a strong, practical understanding of cyber security and how it supports real business outcomes. You've worked with recognised standards such as ISO/IEC 27001 and Cyber Essentials, and you know how to apply information and security legislation - including GDPR, FOI and PCI DSS - in ways that enable delivery rather than restrict it. You also stay close to the evolving threat landscape and understand the organisational challenges that come with managing risk in a local government context. Your technical background gives you deep knowledge of modern security practices across services, infrastructure, hosting and platforms, including open source technologies and modern software development approaches. You're comfortable working across cloud and on premise environments, using tools such as identity and access management, SIEM, firewalls and secure remote access. You understand DevOps and SecOps ways of working, are used to operating at pace in a culture of continuous release, and can set clear service and development standards. You're confident balancing client, organisational and technical needs, and making the trade offs that shape strategy and direction. You've worked closely with senior stakeholders and across multiple teams, bringing people together around complex decisions. With experience building and securing complex services in code, you understand how security design choices play out in practice, not just in theory. You communicate clearly and in understandable terminology, bridging the gap between technical detail and user centred outcomes. You can assess services, identify risks and vulnerabilities, and work with others to design secure, proportionate solutions that reduce risk while keeping services accessible. Comfortable influencing strategy, policies and behaviours, you adapt your approach as needed and stay effective in a fast changing environment. Equal Opportunities and Diversity Westminster City Council is committed to supporting Care Leavers into the workplace. Care leavers seeking their first job and who wish to be considered under our scheme, will automatically be invited to interview should they meet the essential criteria for the role. The Council is committed to achieving diverse shortlists to support our desire to increase the number of staff from under represented groups in our workforce. We especially encourage applications from a Global Majority (GM), people who are Black, Asian, Brown, dual heritage, indigenous to the global south, and/or have been racialised as 'ethnic minorities' (formally known as B.A.M.E, Black, Asian and Multiple Ethnic) background and, while the role is open to all applicants, we will utilise the positive action provisions of the Equality Act 2010 to appoint a candidate from a global majority background where there is a choice between two candidates of equal merit. If you are from a Global Majority background you can self declare this to the hiring manager as part of our positive action commitments. Westminster City Council is a Disability Confident Employer. If you have declared a disability in your application, we guarantee an interview if you meet the essential criteria of the job. If you are invited for interview, you will be asked if you need any reasonable adjustments in order to attend, and we will make these wherever possible. We reserve the right to extend or close this vacancy early without warning subject to the volume of suitable applicants.
13/05/2026
Full time
Head of Cyber Security WCC623727 Salary range: £79,005 - £109,833 per annum. Salary negotiable depending upon experience. Work location: Westminster City Hall, 64 Victoria Street, Westminster, SW1E 6QP Hours per week: 36 Contract type: Permanent Vetting requirements: Standard DBS Check Closing date: 04 May 2026 Interview dates: There will be an in person assessment at Westminster City Hall on 11 May 2026, followed by interviews on 20 May 2026 Role As Head of Cyber Security you can make your own powerful contribution to Westminster's success. This is a senior security role, where the focus is on helping the organisation do its best work - with security built in, not bolted on. Responsibilities You will lead the Cyber Security team and shape the Council's security strategy and policies, making sure they are practical and fit for a local government environment. Working closely with colleagues across Digital and Innovation, and alongside the Senior Information Risk Owner (SIRO) and the Data Protection Officer (DPO), you will help embed security into everyday decision making and into how services are delivered. A big part of the role is about continuous improvement. You will lead work to strengthen the Council's security posture, aligning with industry standard control frameworks and staying on top of the wider threat landscape, including the specific risks facing local government. You'll help the organisation balance delivery, risk and compliance - supporting informed choices rather than blocking progress. You will provide clear leadership and direction for the Cyber Security team, including managing the budget for people, tools and capital projects. You'll oversee business as usual security activity, from incident response and vulnerability management through to security engineering improvements and protecting the Council's supply chain. You'll also be a visible advocate for good security culture. You will drive change across the organisation by promoting secure by design principles, embedding security into the Software Development Lifecycle, and supporting teams to make safer choices when selecting products and services. Through security communication and engagement campaigns, you will help build understanding and shared ownership of security at all levels. The role has a strong external and operational dimension too. You will represent the Council in local, national and international forums and partnerships, sharing insight and learning from others. You will also play a key role in responding to major incidents - supporting Borough Emergency Control Centre activation, taking part in the emergency rota, and coordinating responses with the Executive Team, the Security Operations Centre and cyber incident response partners. Qualifications You bring a strong, practical understanding of cyber security and how it supports real business outcomes. You've worked with recognised standards such as ISO/IEC 27001 and Cyber Essentials, and you know how to apply information and security legislation - including GDPR, FOI and PCI DSS - in ways that enable delivery rather than restrict it. You also stay close to the evolving threat landscape and understand the organisational challenges that come with managing risk in a local government context. Your technical background gives you deep knowledge of modern security practices across services, infrastructure, hosting and platforms, including open source technologies and modern software development approaches. You're comfortable working across cloud and on premise environments, using tools such as identity and access management, SIEM, firewalls and secure remote access. You understand DevOps and SecOps ways of working, are used to operating at pace in a culture of continuous release, and can set clear service and development standards. You're confident balancing client, organisational and technical needs, and making the trade offs that shape strategy and direction. You've worked closely with senior stakeholders and across multiple teams, bringing people together around complex decisions. With experience building and securing complex services in code, you understand how security design choices play out in practice, not just in theory. You communicate clearly and in understandable terminology, bridging the gap between technical detail and user centred outcomes. You can assess services, identify risks and vulnerabilities, and work with others to design secure, proportionate solutions that reduce risk while keeping services accessible. Comfortable influencing strategy, policies and behaviours, you adapt your approach as needed and stay effective in a fast changing environment. Equal Opportunities and Diversity Westminster City Council is committed to supporting Care Leavers into the workplace. Care leavers seeking their first job and who wish to be considered under our scheme, will automatically be invited to interview should they meet the essential criteria for the role. The Council is committed to achieving diverse shortlists to support our desire to increase the number of staff from under represented groups in our workforce. We especially encourage applications from a Global Majority (GM), people who are Black, Asian, Brown, dual heritage, indigenous to the global south, and/or have been racialised as 'ethnic minorities' (formally known as B.A.M.E, Black, Asian and Multiple Ethnic) background and, while the role is open to all applicants, we will utilise the positive action provisions of the Equality Act 2010 to appoint a candidate from a global majority background where there is a choice between two candidates of equal merit. If you are from a Global Majority background you can self declare this to the hiring manager as part of our positive action commitments. Westminster City Council is a Disability Confident Employer. If you have declared a disability in your application, we guarantee an interview if you meet the essential criteria of the job. If you are invited for interview, you will be asked if you need any reasonable adjustments in order to attend, and we will make these wherever possible. We reserve the right to extend or close this vacancy early without warning subject to the volume of suitable applicants.
Senior Network Engineer From 55,000pa Bedford, Hybrid Permanent, Full Time Can you Design, implement, and maintain robust, secure, and scalable network infrastructure solutions? Are you able to ensure high availability, performance, and security of bpha's network systems while mentoring junior staff and collaborating across IT teams? Then we want to hear from you! We're looking for someone who can do all of the above and more! Take a look at our key responsibilities below, and if you think that sounds like you, why not apply! Key Responsibilities Design and develop network architecture strategies aligned with business needs and industry standards. Implement and manage network security measures (firewalls, VPNs, IDS/IPS). Configure and maintain routers, switches, wireless systems, and firewalls. Deploy scalable, high-performance network solutions with minimal downtime. Conduct regular network maintenance, updates, and upgrades. Perform security audits and vulnerability assessments. Respond to and mitigate network security incidents. Automate network tasks and processes using scripting tools. Maintain comprehensive network documentation and diagrams. Collaborate with IT teams and third-party vendors on network-related projects. Provide technical guidance and mentorship to team members. Stay current with emerging network technologies and trends. Key Performance Indicators High network uptime and minimal downtime. Successful delivery of network projects on time and within budget. Zero or minimal security breaches. Positive stakeholder feedback on network performance and documentation. Effective automation and continuous improvement of network processes. Accurate and timely documentation updates. Strong collaboration and communication across teams. Essential Skills & Attributes Logical and analytical problem-solving skills. Excellent communication and customer service skills. Ability to manage multiple priorities and projects. Strategic thinking and stakeholder management. Adaptability and responsiveness to change. Strong vendor relationship management. Willingness to travel to remote sites as needed. Essential Experience & Knowledge Proven experience as a Senior Network Engineer. Proficiency in network protocols (TCP/IP, BGP, OSPF). Hands-on experience with Cisco, Meraki, Fortinet, NETGEAR, ZYXEL. Experience with SD-WAN technologies and network security tools. Strong background in Microsoft Azure and automation tools. Experience leading network projects and scripting for automation. Desirable Experience Windows Server administration. Experience with Amazon AWS or other cloud platforms. Familiarity with Agile methodologies (Scrum) or project management (PRINCE2, APM). ITIL Foundation certification. Qualifications Relevant degree or equivalent experience. Certifications such as CCNP, CCIE, or equivalent (Essential). Full clean driving license (Essential). Please note that we reserve the right to close this vacancy early if we receive a sufficient number of applications or find a suitable candidate before the advertised closing date. We encourage interested applicants to apply as soon as possible to avoid disappointment.
12/05/2026
Full time
Senior Network Engineer From 55,000pa Bedford, Hybrid Permanent, Full Time Can you Design, implement, and maintain robust, secure, and scalable network infrastructure solutions? Are you able to ensure high availability, performance, and security of bpha's network systems while mentoring junior staff and collaborating across IT teams? Then we want to hear from you! We're looking for someone who can do all of the above and more! Take a look at our key responsibilities below, and if you think that sounds like you, why not apply! Key Responsibilities Design and develop network architecture strategies aligned with business needs and industry standards. Implement and manage network security measures (firewalls, VPNs, IDS/IPS). Configure and maintain routers, switches, wireless systems, and firewalls. Deploy scalable, high-performance network solutions with minimal downtime. Conduct regular network maintenance, updates, and upgrades. Perform security audits and vulnerability assessments. Respond to and mitigate network security incidents. Automate network tasks and processes using scripting tools. Maintain comprehensive network documentation and diagrams. Collaborate with IT teams and third-party vendors on network-related projects. Provide technical guidance and mentorship to team members. Stay current with emerging network technologies and trends. Key Performance Indicators High network uptime and minimal downtime. Successful delivery of network projects on time and within budget. Zero or minimal security breaches. Positive stakeholder feedback on network performance and documentation. Effective automation and continuous improvement of network processes. Accurate and timely documentation updates. Strong collaboration and communication across teams. Essential Skills & Attributes Logical and analytical problem-solving skills. Excellent communication and customer service skills. Ability to manage multiple priorities and projects. Strategic thinking and stakeholder management. Adaptability and responsiveness to change. Strong vendor relationship management. Willingness to travel to remote sites as needed. Essential Experience & Knowledge Proven experience as a Senior Network Engineer. Proficiency in network protocols (TCP/IP, BGP, OSPF). Hands-on experience with Cisco, Meraki, Fortinet, NETGEAR, ZYXEL. Experience with SD-WAN technologies and network security tools. Strong background in Microsoft Azure and automation tools. Experience leading network projects and scripting for automation. Desirable Experience Windows Server administration. Experience with Amazon AWS or other cloud platforms. Familiarity with Agile methodologies (Scrum) or project management (PRINCE2, APM). ITIL Foundation certification. Qualifications Relevant degree or equivalent experience. Certifications such as CCNP, CCIE, or equivalent (Essential). Full clean driving license (Essential). Please note that we reserve the right to close this vacancy early if we receive a sufficient number of applications or find a suitable candidate before the advertised closing date. We encourage interested applicants to apply as soon as possible to avoid disappointment.
Overview Octopus Energy started with a bold idea: to build Britain's first truly digital energy supplier. By combining world-class tech with brilliant humans who care deeply about customers and driving the renewable energy transition, we became Britain's largest energy supplier. We're scaling fast and building the next generation of products to accelerate the green energy transition, from making it effortless to switch to heat pumps, solar and EVs, to launching smart tariffs and creating renewable generation at scale. We're also enabling our global businesses to roll out learnings, products and experiences that customers love here worldwide. At Octopus Tech, you'll have real ownership, variety, and the chance to shape products that make a tangible difference in people's lives - lowering bills, enabling greener living, and delivering experiences customers genuinely love. You'll work side by side with teams across marketing, operations, and data, and see the impact of your work in the real world, fast. We are expanding our Cyber and Information Security team at Octopus Energy. We are looking for an ambitious, knowledgeable, and experienced Lead Security Engineer to join our team, to grow with the rest of the company, and ensure we continue to do so in a secure and safe way. You will be a key partner in defining what Security is at Octopus. We will be shaping this team to provide a world class support service to our employees, building our way out of problems with engineering firepower and undertaking transformational organisational change. You'll play a crucial role in helping to secure our software development processes, securing our platform services, integrating security practices, and shaping a culture of security. This is a creative, and collaborative position that is a full-time member of a Cloud-First organisation. If you're passionate about Cloud technologies and driving security by design, we encourage you to apply! Specifically, we are looking for a Lead Security Engineer with at least 5 years of relevant experience. You will lead a team of up to 6 people and help shape the technical direction of the security engineering function. There will be time within the role for hands-on engineering work. If this sounds exciting, we'd love to chat. What you'll do Have ownership of a functional team within the Cyber Security Team, working closely with the Head of Cyber Security to define strategic objectives and team direction Manage team priorities and ensure initiatives are completed within deadlines Collaborate regularly and effectively with the rest of the Cyber Security and Information Security Teams to deliver outcomes Lead delivery of major initiatives on clear timelines Build a strong culture of open communication where teammates can ask questions without fear, promoting a positive and inclusive team environment Line-manage a team of Security Engineers in the same or similar timezone Set performance expectations and goals for team members Regularly review individual and team performance, offering actionable insights and constructive feedback to support and grow team members Support team delivery for example through code reviews, technology research or architectural guidance Provide support for production systems owned by your team Support the implementation of security processes and requirements Stay abreast of emerging security threats, technologies, and industry trends to continuously enhance the organisation's security strategy What you'll have Proven experience in a leadership role within Security Engineering or closely related field Strong background in Security Engineering with a deep understanding of security best practices and standards Excellent communication, with a focus on doing this asynchronously Experience of mentoring and coaching a team to perform at a high-level of quality Experience of incident management Previous experience working in engineering teams focused on one or more of the following areas Application Security - including web application security concepts, including OWASP Top 10 vulnerabilities, secure coding practices, and static and dynamic application security testing (SAST/DAST) tools Cloud Security - including good AWS experience (or knowledge) and familiarity with various AWS security services (or familiarity with Azure and/or GCP with a willingness to learn AWS) and cloud security tooling Experience in SaaS and/or End-User Device Security - including security posture management tooling and end-user device security tooling such as EDR and ZTNA Ideally, you will have experience in one or more of the areas mentioned (or others), but we're not expecting you to be an expert in all areas of security engineering! What will help Security certifications (any of the famous abbreviations) Certifications from cloud providers' certification paths Security qualifications (e.g. apprenticeships or degrees) Strong skills in creating high-quality, comprehensive security documentation Familiarity with AWS services and experience in managing cloud security services Familiarity using Infrastructure-as-Code (IaC) to manage security tooling and services Familiarity with CI/CD tooling and security best practices Familiarity with vulnerability management processes and automations Experience using logging and monitoring tools to generate alerts and reports Knowledge of the MITRE ATT&CK framework Why else you'll love it here Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it's something we always cover as we genuinely want to match your experience with the correct salary. We don't advertise because we have flexibility and want to find the right octofit. Octopus Energy Group has a unique culture. An organisation where people learn, decide, and build quicker. People work with autonomy, alongside a wide range of co-owners, on projects that break new ground. We were voted best company to work for in 2022 and top 10 companies for senior leadership. Visit our UK perks hub - Octopus Employee Benefits We offer flexible hybrid working. Don't let location discourage you from applying if you can't make it to an office! Got any burning questions before then? Drop us a message at and we'd love to help! If this sounds like you then we'd love to hear from you. Are you ready for a career with us? We want to ensure you have all the tools and environment you need to unleash your potential. Need any specific accommodations? Let us know, and we'll do what we can to customise your interview process for comfort. Studies have shown that some groups of people, like women, are less likely to apply to a role unless they meet 100% of the job requirements. Whoever you are, if you like one of our jobs, we encourage you to apply as you might just be the candidate we hire. Octopus is an equal opportunity employer and we do not discriminate on the basis of any protected attribute. We are committed to providing equal opportunities, an inclusive work environment, and fairness for everyone.
12/05/2026
Full time
Overview Octopus Energy started with a bold idea: to build Britain's first truly digital energy supplier. By combining world-class tech with brilliant humans who care deeply about customers and driving the renewable energy transition, we became Britain's largest energy supplier. We're scaling fast and building the next generation of products to accelerate the green energy transition, from making it effortless to switch to heat pumps, solar and EVs, to launching smart tariffs and creating renewable generation at scale. We're also enabling our global businesses to roll out learnings, products and experiences that customers love here worldwide. At Octopus Tech, you'll have real ownership, variety, and the chance to shape products that make a tangible difference in people's lives - lowering bills, enabling greener living, and delivering experiences customers genuinely love. You'll work side by side with teams across marketing, operations, and data, and see the impact of your work in the real world, fast. We are expanding our Cyber and Information Security team at Octopus Energy. We are looking for an ambitious, knowledgeable, and experienced Lead Security Engineer to join our team, to grow with the rest of the company, and ensure we continue to do so in a secure and safe way. You will be a key partner in defining what Security is at Octopus. We will be shaping this team to provide a world class support service to our employees, building our way out of problems with engineering firepower and undertaking transformational organisational change. You'll play a crucial role in helping to secure our software development processes, securing our platform services, integrating security practices, and shaping a culture of security. This is a creative, and collaborative position that is a full-time member of a Cloud-First organisation. If you're passionate about Cloud technologies and driving security by design, we encourage you to apply! Specifically, we are looking for a Lead Security Engineer with at least 5 years of relevant experience. You will lead a team of up to 6 people and help shape the technical direction of the security engineering function. There will be time within the role for hands-on engineering work. If this sounds exciting, we'd love to chat. What you'll do Have ownership of a functional team within the Cyber Security Team, working closely with the Head of Cyber Security to define strategic objectives and team direction Manage team priorities and ensure initiatives are completed within deadlines Collaborate regularly and effectively with the rest of the Cyber Security and Information Security Teams to deliver outcomes Lead delivery of major initiatives on clear timelines Build a strong culture of open communication where teammates can ask questions without fear, promoting a positive and inclusive team environment Line-manage a team of Security Engineers in the same or similar timezone Set performance expectations and goals for team members Regularly review individual and team performance, offering actionable insights and constructive feedback to support and grow team members Support team delivery for example through code reviews, technology research or architectural guidance Provide support for production systems owned by your team Support the implementation of security processes and requirements Stay abreast of emerging security threats, technologies, and industry trends to continuously enhance the organisation's security strategy What you'll have Proven experience in a leadership role within Security Engineering or closely related field Strong background in Security Engineering with a deep understanding of security best practices and standards Excellent communication, with a focus on doing this asynchronously Experience of mentoring and coaching a team to perform at a high-level of quality Experience of incident management Previous experience working in engineering teams focused on one or more of the following areas Application Security - including web application security concepts, including OWASP Top 10 vulnerabilities, secure coding practices, and static and dynamic application security testing (SAST/DAST) tools Cloud Security - including good AWS experience (or knowledge) and familiarity with various AWS security services (or familiarity with Azure and/or GCP with a willingness to learn AWS) and cloud security tooling Experience in SaaS and/or End-User Device Security - including security posture management tooling and end-user device security tooling such as EDR and ZTNA Ideally, you will have experience in one or more of the areas mentioned (or others), but we're not expecting you to be an expert in all areas of security engineering! What will help Security certifications (any of the famous abbreviations) Certifications from cloud providers' certification paths Security qualifications (e.g. apprenticeships or degrees) Strong skills in creating high-quality, comprehensive security documentation Familiarity with AWS services and experience in managing cloud security services Familiarity using Infrastructure-as-Code (IaC) to manage security tooling and services Familiarity with CI/CD tooling and security best practices Familiarity with vulnerability management processes and automations Experience using logging and monitoring tools to generate alerts and reports Knowledge of the MITRE ATT&CK framework Why else you'll love it here Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it's something we always cover as we genuinely want to match your experience with the correct salary. We don't advertise because we have flexibility and want to find the right octofit. Octopus Energy Group has a unique culture. An organisation where people learn, decide, and build quicker. People work with autonomy, alongside a wide range of co-owners, on projects that break new ground. We were voted best company to work for in 2022 and top 10 companies for senior leadership. Visit our UK perks hub - Octopus Employee Benefits We offer flexible hybrid working. Don't let location discourage you from applying if you can't make it to an office! Got any burning questions before then? Drop us a message at and we'd love to help! If this sounds like you then we'd love to hear from you. Are you ready for a career with us? We want to ensure you have all the tools and environment you need to unleash your potential. Need any specific accommodations? Let us know, and we'll do what we can to customise your interview process for comfort. Studies have shown that some groups of people, like women, are less likely to apply to a role unless they meet 100% of the job requirements. Whoever you are, if you like one of our jobs, we encourage you to apply as you might just be the candidate we hire. Octopus is an equal opportunity employer and we do not discriminate on the basis of any protected attribute. We are committed to providing equal opportunities, an inclusive work environment, and fairness for everyone.
2nd Line Security Analyst Bath Hybrid working - 2-3 days a week £Competitive + Progression into Leadership + A Healthy Training and Development Budget + 25 Days Annual Leave + Bank Holidays + Matched Pension (5-9%) + Hybrid Working Excellent opportunity for a 2nd Line Security Analyst / EUC Security Analyst or similar to join a company offering a career path into leadership, a great benefits package, and a very healthy training and development budget. This company are a market-leading global engineering business going through an exciting period of change and growth. As part of this, they are continuing to invest heavily in their Cyber Security teams globally, making this a great opportunity to join a business where you can make a real impact and progress your career. In this role you will serve as a key escalation point for the 1st Line team, supporting the identification, containment, and remediation of threats across the End User Compute estate. You will investigate issues such as malware, phishing, unauthorised access, and endpoint vulnerabilities, while working closely with wider security and infrastructure teams to support patching, remediation, and secure device configuration. The ideal candidate will have experience in a similar security or EUC-focused support role, with knowledge of endpoint vulnerability remediation, patch management, and Microsoft-based environments. Candidates with exposure to tools such as Intune, SCCM, Qualys, Entra ID, Microsoft Defender, Microsoft 365, and Active Directory will be of particular interest. Any experience supporting Cyber Essentials Plus, ISO 27001, or similar security standards would also be beneficial. This is a fantastic opportunity to join a business offering a very healthy training and development budget, an excellent benefits package, and progression all the way up to Global Team Leadership. The Role: 2nd Line Security Analyst / EUC Security Analyst position Incident response, containment, and remediation across endpoint environments Work closely with 1st and 3rd line teams to resolve and escalate security issues where needed Hybrid working - 2-3 days a week onsite The Person: Experience within a similar security, EUC, or 2nd line support position Good understanding of endpoint security, remediation, and Microsoft environments Exposure to tools such as Intune, SCCM, Qualys, Entra ID, Defender, Microsoft 365, and Active Directory Looking for progression and commutable to Bath Reference Number: BBBH269570 Rise Technical Recruitment Ltd acts an employment agency for permanent roles and an employment business for temporary roles. The salary advertised is the bracket available for this position. The actual salary paid will be dependent on your level of experience, qualifications and skill set and will be decided by our client, the employer. Rise are not responsible or liable for any hiring decisions made by the end client. We are an equal opportunities company and welcome applications from all suitable candidates.
12/05/2026
Full time
2nd Line Security Analyst Bath Hybrid working - 2-3 days a week £Competitive + Progression into Leadership + A Healthy Training and Development Budget + 25 Days Annual Leave + Bank Holidays + Matched Pension (5-9%) + Hybrid Working Excellent opportunity for a 2nd Line Security Analyst / EUC Security Analyst or similar to join a company offering a career path into leadership, a great benefits package, and a very healthy training and development budget. This company are a market-leading global engineering business going through an exciting period of change and growth. As part of this, they are continuing to invest heavily in their Cyber Security teams globally, making this a great opportunity to join a business where you can make a real impact and progress your career. In this role you will serve as a key escalation point for the 1st Line team, supporting the identification, containment, and remediation of threats across the End User Compute estate. You will investigate issues such as malware, phishing, unauthorised access, and endpoint vulnerabilities, while working closely with wider security and infrastructure teams to support patching, remediation, and secure device configuration. The ideal candidate will have experience in a similar security or EUC-focused support role, with knowledge of endpoint vulnerability remediation, patch management, and Microsoft-based environments. Candidates with exposure to tools such as Intune, SCCM, Qualys, Entra ID, Microsoft Defender, Microsoft 365, and Active Directory will be of particular interest. Any experience supporting Cyber Essentials Plus, ISO 27001, or similar security standards would also be beneficial. This is a fantastic opportunity to join a business offering a very healthy training and development budget, an excellent benefits package, and progression all the way up to Global Team Leadership. The Role: 2nd Line Security Analyst / EUC Security Analyst position Incident response, containment, and remediation across endpoint environments Work closely with 1st and 3rd line teams to resolve and escalate security issues where needed Hybrid working - 2-3 days a week onsite The Person: Experience within a similar security, EUC, or 2nd line support position Good understanding of endpoint security, remediation, and Microsoft environments Exposure to tools such as Intune, SCCM, Qualys, Entra ID, Defender, Microsoft 365, and Active Directory Looking for progression and commutable to Bath Reference Number: BBBH269570 Rise Technical Recruitment Ltd acts an employment agency for permanent roles and an employment business for temporary roles. The salary advertised is the bracket available for this position. The actual salary paid will be dependent on your level of experience, qualifications and skill set and will be decided by our client, the employer. Rise are not responsible or liable for any hiring decisions made by the end client. We are an equal opportunities company and welcome applications from all suitable candidates.
