About Our Outside IR35 Security Engineer Contract Roles
What does a security engineer contractor do?
Organisations bring in Security Engineer contractors to implement, configure, manage, and improve the technical security controls and tooling that protect an organisation's systems, data, and users from cyber threats. The work spans a wide range of technical security disciplines: configuring and managing security tools including SIEM, EDR, firewalls, and vulnerability scanning platforms, implementing security automation and orchestration workflows, conducting vulnerability management programmes, performing security configuration reviews and hardening, supporting incident response activities, and building the security monitoring and detection capabilities that enable a security operations team to identify and respond to threats effectively.
Security Engineer contractors are expected to have genuine hands-on technical security skills rather than purely advisory or governance expertise, distinguishing the role from Security Architects and GRC specialists. Strong knowledge of at least one primary security technology domain is expected, whether endpoint security and EDR, network security including firewall administration and network segmentation, SIEM engineering and detection rule development, vulnerability management, or identity security. Cloud security engineering experience, particularly the ability to implement and manage security controls within AWS, Azure, or GCP environments using native security services and third-party cloud security tooling, is increasingly expected. The ability to write scripts and automation in Python, PowerShell, or Bash to automate security tasks, improve detection capabilities, and integrate security tooling is expected by most clients at senior Security Engineer level. Security certifications including CISSP, CEH, CompTIA Security+, or vendor-specific credentials relevant to the tooling in use are well regarded.
What is the market like for security engineer contractors?
The Security Engineer contract market is a consistently active and well-paying market within the cybersecurity contractor space, driven by the growing volume and sophistication of cyber threats and the structural need for technical security capability across organisations of all sizes and sectors. Financial services, healthcare, retail, and critical national infrastructure are the most consistent buyers. The adoption of cloud infrastructure has significantly expanded the scope of security engineering work, creating demand for engineers who combine traditional network and endpoint security skills with cloud-native security engineering capability. Supply of Security Engineers with the combination of technical depth, tooling breadth, and cloud security knowledge required is limited relative to demand, supporting strong rates across the discipline.
What does Outside IR35 mean?
IR35 is UK tax legislation that determines whether a contractor is genuinely self-employed or working in a manner that resembles employment. When a contract is classified as outside IR35, the engagement is treated as a business-to-business arrangement. The contractor operates through their own limited company, invoices for services, and manages their own tax affairs including corporation tax, self-assessment, and VAT where applicable.
Outside IR35 engagements are assessed against three key factors: the degree of control the client exercises over how the work is delivered, whether the contractor has a genuine right to provide a substitute, and whether there is a mutuality of obligation between the parties. Contracts that demonstrate contractor autonomy, project-based delivery, and the absence of ongoing employment obligations are more likely to sit outside IR35. Since April 2021, responsibility for making this determination sits with the end client for medium and large private sector organisations.
On QualityContracts.co.uk, approximately 28% of roles with a stated IR35 status are classified as outside IR35. The proportion varies by sector and role type, with some disciplines seeing a significantly higher or lower share of outside IR35 opportunities. Each listing on this page displays its IR35 status where provided by the hiring organisation.
What security engineer roles are usually Outside IR35?
Security engineering sits at around 25% outside IR35 among contracts with a stated status. Outside IR35 opportunities concentrate in specific implementation projects: deploying a SIEM platform, building a security automation pipeline, or implementing zero-trust network controls. The defined, technical nature of these builds works in favour of an outside IR35 determination. Security consultancies and organisations standing up new security capabilities generate the most demand.
How much do security engineer contractors usually earn when working Outside IR35?
Contract rates for security engineer roles typically range from £550 to £950 per day, depending on the scope of the role, required expertise, and the delivery expectations of the engagement. Rates shown are for outside IR35 engagements and reflect the gross day rate paid to the contractor's limited company before any personal tax obligations.
How many Outside IR35 security engineer vacancies are there on Quality Contracts?
Over the past twelve months, we have tracked over 150 security engineer contract roles across the site. Of the roles currently listed on our site, around one in four are Outside IR35. Data reviewed up to June 2026.