Location: Hybrid working in either Bristol, Manchester, London or Swansea.
Salary: £85,000 - £120,000
Support in applying
If you need this job description in another format, or other support in applying, please email email@example.com.
We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. We’re collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us.
When you apply, we’ll put you in touch with a talent partner who can help with any needs or adjustments we may need to make to help with your application. This includes alternative formats for documents, the time allotted for interviews and any other needs. We also welcome any feedback on how we can improve the experience for future candidates.
Based within the Cloud & Engineering Practice, the Principal Security Engineer role is accountable for driving the growth of our cyber security capability while supporting client deliveries and providing security assurance to our engineering teams.
We’re looking for technical leaders who can work closely with client stakeholders and our delivery teams to ensure we adopt security best practices and mitigate cyber and information security risks against the software we deliver. They will also provide oversight and help clients to develop and evolve their cyber security strategy.
People in this role primarily work consultatively and are expected to build relationships with clients across our industry verticals, ranging from Central Government to Health and Local Government. Identification of growth opportunities for existing accounts and new clients is also a key responsibility.
What does the job entail?
Responsible for helping to ensure the secure delivery of high quality technical outcomes for our clients:
- Taking responsibility for understanding the client’s security landscape, requirements and risk profile and helping to shape and deliver security-related opportunities.
- Providing security leadership and advocacy to our delivery teams and strategic advice to clients.
- Providing pre-sales support on bids to confidently address stated client security needs.
- Shaping and drafting responses and supporting proposal presentations to existing or new clients to help add value and credibility and maximise successful bid outcomes.
- Content generation and thought leadership through supporting marketing initiatives, writing blog posts, speaking at events, etc.
- Working with and in account teams to build strong client relationships and find additional growth opportunities.
Responsible for providing support to Made Tech colleagues and promoting better understanding and integration of cyber security across Made Tech:
- Leading and championing security across Made Tech through community of practice involvement and by coaching and mentoring more junior team members.
- Supporting and briefing our client partners to help them better understand our security proposition with the goal of identifying additional opportunities.
- Hiring and line management of more junior colleagues to support their development, pursuit of career goals and management of their overall performance.
Responsible for assuring the security of technical deliveries:
- When not actively working with clients, being available to delivery teams to provide security support and guidance.
- Reviewing security readiness at various checkpoints throughout a delivery’s lifecycle.
What experience are we looking for?
While we will look for you to have experience in these things, if you don’t have one of these don’t let that stop you from applying.
- Working directly with customers
- Working within a technology consultancy
- Developing a cyber and information security capability or function
- Shaping cyber and information security strategy and managing continuous risk reduction across an organisation, portfolio and/or multiple programmes
- End-to-end security involvement, including governance, risk and compliance, operational security, supply chain security and secure user management
- Identifying security issues in existing system designs, digital services (products) and platforms, including recommending mitigations that balance cost, risk and usability
- Strong understanding of integrating security as part of a multidisciplinary approach to delivering digital services (products) and platforms utilising a DevSecOps approach and enabling Continuous Security as part of wider CI/CD tools and practices
- Up-to-date understanding of, and ensuring compliance to, security standards and regulations including GDS Technology Code of Practice, NCSC Cyber Principles, NCSC Cyber Assessment Framework and GDPR
- Up-to-date understanding of testing the security of software and infrastructure using appropriate security tools including automated cloud-based tooling
- Up-to-date understanding of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS)
- Up-to-date understanding of identity management and authentication/authorisation products and patterns
- Evidence of self-development – we value keen learners
- Drive to deliver outcomes for users
- Desire to mentor others
- Empathy and people skills
Don’t forget to mention any of the experiences listed below. While it’s optional, it’s all highly desired!
- Leadership of a cyber and information security capability or function
- A relevant cyber and information security qualification (one of: CISSP, SSCP, CISM, CRISC, CAP, CPP, GCHQ-certified Master’s degree in cyber security, or a PhD that is relevant to cyber security)
- Penetration testing qualifications (one of: OSCP, CREST or equivalent)
- Working within bid teams to win contracts exceeding value of £1m
- Working with multidisciplinary digital and technology teams
- Working within the public sector
- Experience in hiring, forming and running teams
We are always listening to our growing teams and evolving the benefits available to our people. As we scale, as do our benefits and we are scaling quickly. We've recently introduced a flexible benefit platform which includes a Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. We’re also big on connection and have an optional social and wellbeing calendar of events for all employees to join should they choose to.
Here are some of our most popular benefits listed below:
- ✈️ Taking Holiday – We offer 30 days’ paid annual leave
- 🕰️ Flexible Working Hours – We are flexible with what hours you work
- 🗓️ Flexible Working Days – We are flexible to the amount of days you work in a week
- 👶 Flexible Parental Leave – We provide flexible parental leave options
- 👩💻 Remote Working – We offer part-time remote working for all of our staff
- 🤗 Paid counselling – We offer paid counselling as well as financial and legal advice