Outside IR35 Cybersecurity Contract Jobs
Stay Updated on Contract Jobs
Never miss another opportunity with our email alerts.
Save your searches to be notified as soon as new jobs are added.
Project Coordinator - UK
Posted 4 days ago by 83zero Limited
The role of Project Coordinator / Project Controller involves supporting the delivery of large-scale cyber security proj...
- Rate £301 per day
- Category Outside
- Work type Remote
- Location UK; London; Birmingham; Manchester; Glasgow; Liverpool; Leeds; Edinburgh; Bristol; Cardiff; Nottingham
Create a free account to access remote working contract opportunities outside the UK
Sign UpData Protection Officer (DPO) - London - Outside IR35
Posted 5 days ago by Strike IT Recruitment Services
The Data Protection Officer (DPO) role is a contract position based in London, focusing on enhancing the organization's...
- Rate Negotiable
- Category Outside
- Work type Hybrid
- Location London Area, United Kingdom
Sort By
Saved Searches
No saved searches yet
Filters
IR35 Status
Working Arrangements
Industry
Sector
Posted By
Country
Seniority Level
Date Posted
Contract Rate
About Our Outside IR35 Cybersecurity Contract Roles
What does a cybersecurity contractor do?
Cybersecurity contract work spans across a wide range of specialist disciplines to help organisations protect their systems, data, and operations from cyber threats. The cybersecurity contracting market encompasses penetration testing, security architecture, cloud security, application security, security operations, GRC, identity and access management, threat intelligence, and incident response, among other specialisms. Contractors are brought in when organisations need specific expertise they do not hold permanently, when a security programme requires additional resource, or when an incident or audit finding demands rapid specialist engagement.
The skills required vary enormously by specialism. Technical security contractors, such as penetration testers and security engineers, need deep hands-on expertise with attack techniques, security tooling, and the ability to identify and exploit vulnerabilities across a range of system types. Security architects need the ability to design security controls into complex enterprise and cloud environments. GRC professionals need strong knowledge of regulatory frameworks, risk management methodologies, and compliance standards such as ISO 27001, NIST, and CIS Controls. Across all cybersecurity disciplines, the ability to communicate risk clearly to non-technical stakeholders, including boards and senior executives, is increasingly valued as cybersecurity has become a board-level agenda item. Relevant certifications including CISSP, CISM, OSCP, and CREST qualifications are well regarded and frequently required across the market.
What is the market like for cybersecurity contractors?
The Cybersecurity contract market is one of the most active and resilient segments of the UK technology contracting market. Demand is driven by the persistent and evolving threat landscape, increasing regulatory requirements including NIS2, DORA, and the FCA's operational resilience framework, and the structural shortage of permanent cybersecurity professionals across UK organisations. The market has remained strong despite broader technology hiring slowdowns, as cybersecurity spend is largely non-discretionary for organisations handling sensitive data or operating critical infrastructure. Specialist areas including cloud security, application security, and OT security are experiencing the strongest demand growth, while rates across the market remain at a premium to comparable technology disciplines.
What does Outside IR35 mean?
IR35 is UK tax legislation that determines whether a contractor is genuinely self-employed or working in a manner that resembles employment. When a contract is classified as outside IR35, the engagement is treated as a business-to-business arrangement. The contractor operates through their own limited company, invoices for services, and manages their own tax affairs including corporation tax, self-assessment, and VAT where applicable.
Outside IR35 engagements are assessed against three key factors: the degree of control the client exercises over how the work is delivered, whether the contractor has a genuine right to provide a substitute, and whether there is a mutuality of obligation between the parties. Contracts that demonstrate contractor autonomy, project-based delivery, and the absence of ongoing employment obligations are more likely to sit outside IR35. Since April 2021, responsibility for making this determination sits with the end client for medium and large private sector organisations.
On QualityContracts.co.uk, approximately 28% of roles with a stated IR35 status are classified as outside IR35. The proportion varies by sector and role type, with some disciplines seeing a significantly higher or lower share of outside IR35 opportunities. Each listing on this page displays its IR35 status where provided by the hiring organisation.
What cybersecurity roles are usually Outside IR35?
Around 30% of cybersecurity contracts with a stated IR35 status sit outside. Security assessments, penetration testing engagements, and incident response work with defined scope and timelines are the most likely to carry outside IR35 status. The project-based end of cybersecurity, testing something specific, investigating an incident, or designing a security architecture, maps naturally to outside IR35 treatment. Security consultancies and organisations responding to specific threats or regulatory requirements commission this type of work.
How much do cybersecurity contractors usually earn when working Outside IR35?
Contract rates for cybersecurity roles typically range from £500 to £900 per day, depending on the scope of the role, required expertise, and the delivery expectations of the engagement. Rates shown are for outside IR35 engagements and reflect the gross day rate paid to the contractor's limited company before any personal tax obligations.
How many Outside IR35 cybersecurity vacancies are there on Quality Contracts?
Over the past twelve months, we have tracked over 390 cybersecurity contract roles across the site. Of the roles currently listed on our site, around one in four are Outside IR35. Data reviewed up to June 2026.