At a Glance
- Tasks: Lead cyber security initiatives and protect critical systems in a dynamic environment.
- Company: Join Leidos, a global leader in science and technology solutions.
- Benefits: Competitive salary, remote work options, and opportunities for professional growth.
- Other info: Collaborative team culture with a focus on continuous learning and improvement.
- Why this job: Make a real impact on national security while developing your skills.
- Qualifications: Experience in cyber security engineering and strong knowledge of security frameworks.
The predicted salary is between 60000 - 80000 £ per year.
hackajob is collaborating with Leidos to connect them with exceptional professionals for this role.
Location: Farnborough
Security Clearance Level High: DV - Developed Vetting
Role Overview:
Everything we do is built on a commitment to do the right thing for our customers, our people and our community. Our mission and our values guide the way we do business. The foundation of our Leidos culture is our Values, Beliefs and Expectations by which we select, recognise and reward employees. They create the environment that drives us toward our mission.
Inspired to make a difference, we are committed to solving the world's toughest problems. Passionate about customer success, we work closely with our stakeholders to understand, shape, and deliver secure solutions that enable critical outcomes.
United as a team, we are bound together by our conviction that ethics and integrity are core to how we operate. In this role, you will be a trusted security practitioner, working with minimal direction on a critical programme and helping to raise the security bar across engineering and operations.
Because of a key strategic development and a new exciting business opportunity, we have a requirement for a security-cleared Senior Cyber Security Engineer based in the UK working at our Farnborough site and remotely.
Leidos has more than 30 years' experience of developing and running some of the largest government systems in the world. We are currently hiring to expand our UK based technical team who support our delivery for the UK Govt.
Come join our team and further develop your skills as we deliver and support systems key to the defence of the UK and partner nations.
Being part of the Leidos team is a commitment to push yourself and those around you to do better, constantly adapt and learn new technologies. We're a passionate team and are committed to developing and growing our staff.
Leidos is a global science and technology solutions leader working to solve the world's toughest challenges in the defence, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers.
What Will You Be Doing?
To support current program delivery, we currently have a permanent vacancy for a Senior Cyber Security Engineer to support the development and transition into live of a MOD application and infrastructure solution providing support to a critical operational end user.
Leidos is seeking an enthusiastic protective security specialist to lead the implementation and assurance of security within a key defence project. You will contribute across the delivery lifecycle—shaping secure designs, defining and assuring controls, and providing senior-level security engineering support across protective and information security. You will have demonstrable experience applying recognised security frameworks (e.g., Government Functional Standard 007, NIST, CIS benchmarks) to real-world systems and services.
You will be joining a team of highly skilled and highly motivated individuals who are working on one of the UKs leading programmes.
Required Skills:
The Senior Cyber Security Engineer (T4) plays a critical role in protecting and enabling mission IT by combining deep technical expertise with pragmatic risk management. You will be able to work with minimal direction on a specific programme, taking responsibility for planning, implementing, and assuring security controls across infrastructure, platforms, and applications (including cloud services). You will provide clear security advice and assurance to stakeholders, typically aligned to HMG/MOD expectations and recognised standards (e.g., NIST, CIS benchmarks), and you will support teams by sharing knowledge and guiding good practice.
Key functions/outputs:
- Vulnerability Management, Reporting & Risk Prioritisation
- Endpoint, Identity & Cloud Security Engineering (AWS)
- Incident Response Leadership & Operational Security
- Secure Configuration, Hardening & Compliance Assurance
- Security Design Review, Change Impact Assessment & ST&V
- Stakeholder Engagement, Governance & Decision Support
- Documentation, Mentoring & Continuous Improvement
Main Objectives:
Vulnerability Management, Reporting & Risk Prioritisation
Perform regular vulnerability assessments and generate actionable reporting using approved toolsets (or equivalent). The process should focus on ensuring scanners and signatures are current, coverage is agreed, and findings are prioritised based on risk, mission impact, and exploitability. You will support (and where required lead) triage with engineering teams to drive remediation to closure and provide clear risk narratives to senior stakeholders.
Code Scans: perform regular code scans to assess code quality, detect potential bugs, and identify security vulnerabilities; work with development teams to agree remediation approaches and prevent recurrence.
Vulnerability Management Tooling: perform regular vulnerability management scans and ensure repositories/plugins are maintained to detect emerging vulnerabilities across endpoints, servers, and cloud workloads.
Reporting: produce and quality-assure recurring vulnerability and risk reporting for the cyber security and IA lead; highlight trends, systemic issues, and recommendations for control improvements.
Endpoint, Identity & Cloud Security Engineering (AWS):
Endpoint Protection: drive endpoint security posture through regular updates, policy tuning, and validation activities aligned to current threats and programme requirements.
Antivirus and Anti-malware Protection: perform assurance checks to ensure controls are deployed successfully, monitored, and kept up to date; define exceptions and compensating controls where needed.
Network Controls: perform compliance checks and targeted audits of network security controls (e.g., firewall rules, segmentation, proxying) to ensure unauthorised access and threats are blocked and logged appropriately.
Access Control & IAM: design and ensure access controls are implemented correctly to enforce least privilege and need-to-know across systems and data; provide oversight of privileged access, account lifecycle, and authentication policy.
AWS Cloud Security: design and assure cloud security controls across networking, identity, logging/monitoring, and configuration management; validate guardrails and support secure landing zone patterns where applicable.
Incident Response Leadership & Operational Security:
Incident Identification: help to recognise and confirm potential incidents through alerts, logs, and user reports; apply sound judgement to distinguish true threats from false positives.
Incident Response: lead or provide senior support to containment, eradication, investigation, and recovery activities; coordinate with service owners and stakeholders to restore operations and capture lessons learned.
Tickets & Requests: manage and resolve tickets raised to the Leidos Security group that require Cyber Security Engineering input; prioritise based on risk and impact, and mentor others through complex issues.
Secure Configuration, Hardening & Compliance Assurance:
Patch Updates to Security Products: ensure security toolsets are kept up to date with patches and software updates; assess impact and coordinate change implementation in line with governance.
System Compliance: perform and oversee regular compliance audits to ensure systems meet agreed baselines and best practices (e.g., CIS, STIG, NIST); manage exceptions with evidence-based rationale and compensating controls.
Security Enforcing Function Configuration: assist in the design, review, and improvement of security enforcing functions (e.g., GPOs, system policies, cloud guardrails) to ensure they are compliant, testable, and fit for purpose.
Assurance Activities: conduct periodic technical assessments (configuration reviews, control testing, threat-driven checks) to identify weaknesses and drive measurable improvements.
Security Design Review, Change Impact Assessment & ST&V:
Security Impact Triage Tool (SITT): lead or support evaluation and impact assessment of proposed changes to security posture; provide clear recommendations, conditions, and required evidence for approval.
Security Evaluation, Testing and Assurance (ST&V): plan and execute security evaluation and assurance activities for changes delivered through PI Planning; define test scope, coordinate evidence capture, and ensure outcomes are documented and traceable.
Stakeholder Engagement, Governance & Decision Support:
Senior Cyber Security Engineers are expected to lead and contribute to governance forums and working groups, providing clear security advice, risk-based recommendations, and decision support. This may include the following depending on work activity.
You will interface with customer security representatives, accreditation/assurance stakeholders, delivery teams, and third-party/supplier engineers to agree security requirements, provide evidence, manage risks and exceptions, and support timely decisions.
Security Working Group (SWG)
Customer/Supplier Security Forums
Vulnerability Triage
Security Workshop
PI Planning
Daily Standups (Blue/Green Team)
Documentation, Mentoring & Continuous Improvement:
Senior Cyber Security Engineers are responsible for creating, maintaining, and reviewing high-quality documentation and security evidence. This includes High-Level & Low-Level Designs (HLD/LLD), Standard Operating Procedures (SOPs), risk assessments, and compliance/assurance reports. You will also support capability uplift through mentoring, knowledge sharing, and identifying opportunities to automate and improve security processes.
Essential Experience:
- Proven experience in a senior cyber security engineering role, delivering security outcomes across complex IT environments (on-prem and/or cloud).
- Practical experience implementing security as code and policy as code in AWS environments, leveraging tools such as AWS CloudFormation, Terraform, and AWS Organisations service control policies.
- Strong knowledge of secure configuration and hardening practices, and ability to apply benchmarks/standards (e.g., CIS, NIST, STIG) pragmatically.
- Hands-on experience with vulnerability management and risk-based prioritisation, including working with engineering teams to drive remediation.
- Experience supporting or leading incident response activities, including investigation, containment, and lessons learned.
- Ability to communicate technical security issues clearly to non-specialists and support governance/assurance decision-making.
- Experience producing high-quality security documentation and evidence suitable for audit/assurance.
- AWS security-related certifications (e.g., AWS Certified Security – Specialty) or equivalent cloud security experience.
Desirable Certifications:
- CISSP, CISM, or equivalent senior-level security certification.
Degree or postgraduate qualification in cyber security, such as a master's or PhD in Information Security, Cyber Security, or a related discipline.
Clearance Requirements:
Clearance to Start and for Role SC/DV
StudySmarter Expert Advice🤫
We think this is how you could land Senior Cyber Security Engineer Or Architect in Cove
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Leidos, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Leidos
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Leidos. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Senior Cyber Security Engineer Or Architect in Cove
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Leidos insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Leidos that you’re committed to staying ahead in the game.
How to prepare for a job interview at Leidos
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Leidos to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Leidos.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.