Security Testing Consultant in London

Location: Bristol or London | Hybrid - 1-2 days per week on client site in Bristol, Bath or London

Duration: 31/03/2027

Total cost to Capgemini: £595 - £615 (Inside IR35)

Role Description:

We are seeking an MOD experienced, senior Client facing Security Consultant to drive the Security Assurance activities for a number of digital products/platforms, being developed as part of a broader MOD business and digital transformation programme for which Capgemini is the Client's prime Digital Delivery Partner. The products/platforms are being deployed on to the MOD's Digital estate (MODCloud) for use by military end users.

You’ll be operating in a cross-Programme role, working collaboratively with the Delivery Managers and Technical Leads/Solution Architects for each of the digital products/platforms being developed, and the key MOD Client stakeholders for them (Project Managers, Service Owners, Senior Responsible Owners (SRO), Information Asset Owners (IAO), JSP453 Case Officers/Service Transition Officers, Technical Assurance/Technical Design Authority).

You’ll be responsible for ensuring that each of the digital products/platforms being developed are appropriately Secure by Design (SbD), compliant with relevant MOD and industry standards, and are adhering to the MOD security assurance requirements at each stage of their product lifecycle, from Design through to Live service/Through Life Support.

Key Responsibilities:

• Security Assurance
  • Support Secure by Design (SbD) compliance, including threat and risk assessments, architecture and security control reviews, CAAT, DPIAs, ToA, Data Through Life Management, and assurance status tracking.
  • Develop and review SMPs, SyOPs, vulnerability and patch management plans, privacy notices, and terms of use.
  • Support DAR entries, IT health checks (ITHC) or SAST/DAST testing where applicable, remediation action plans, and MODCERT reporting using Vigilant.
• Wider MOD Assurance
  • Support JSP 453 compliance, including PEF and TRRA responses.
  • Engage with JSP453 rule owners and Security Transition Officers/Case Officers to secure approvals and sign-off.
• Security Planning and Risk Management
  • Ensure Security Assurance activities are appropriately documented in Delivery Plans (working with Delivery Managers).
  • Maintain RAID inputs and tracking and assist with identification and escalation of security risks.
• Cyber Security Governance
  • Support internal and external cyber security audits.
• Design & Delivery Support
  • Contribute to security requirements definition (principles, functional and non-functional requirements) within an Agile SDLC.
  • Support access control design, configuration, and security test script development.
• Specialist Assurance
  • Support NCSC Bulk Data Assessments where bulk data is in scope.
  • Support Secure Software Development Lifecycle (SSDLC) management when required.
• Education & Awareness
  • Promote Secure by Design through cyber security education and awareness across delivery teams.

Key Skills and Experience:

Essential:

• Proven experience as a Client facing Security Assurance Consultant/Coordinator/Security Manager, or similar role.
• UK MOD Delivery experience, including experience of delivering across the Government Digital Services (GDS) lifecycle, and managing assurance activities to MOD’s Secure by Design (SbD), JSP 453 (or earlier JSP 604), and JSP 440 standards.
• Experience working with distributed or hybrid teams.
• Demonstrated ability to work across cross-functional teams.
• Excellent facilitation, communication, and stakeholder management skills.
• Experience managing security risks, issues, and dependencies.
• Familiarity with Agile delivery tools Jira, Confluence.

Highly Desirable:

• Experience managing the Security Assurance aspects of digital products deployed onto the MOD Digital estate (MODCloud).
• Background in secure digital product design and development, software engineering, data, or transformation projects.
• Security Certifications.