Cyber Security Engineer - SC Cleared - 6 months

Summary: The Cyber Security Engineer role is focused on enhancing security within a Central Government Institution through the application of DevSecOps principles and tools. The position involves performing penetration testing, vulnerability assessments, and collaborating with developers to ensure secure coding practices. This is a 6-month contract requiring SC clearance and entails a hybrid working arrangement with two days on-site in London. The role is classified as inside IR35.

Key Responsibilities:

• Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure.
• Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations.
• Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices.
• Provide expert input on cloud security (AWS, Azure, or GCP) and DevSecOps tooling.
• Assist in maintaining security assurance across the SDLC in line with NCSC guidelines.

Key Skills:

• Demonstrable experience with penetration testing, ethical hacking, or vulnerability assessments.
• Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.).
• DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.).
• Secure Cloud Infrastructure, specifically AWS and Azure.
• Scripting and automation using Python and Bash.
• Certifications: OSCP or CREST / TIGER Scheme.
• Strong communication skills and the ability to explain security issues to technical and non-technical stakeholders.

Salary (Rate): 700

City: London

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT