At a Glance
- Tasks: Lead security assurance for government projects, shaping risk management and vulnerability strategies.
- Company: Join Made Tech, a forward-thinking company enhancing digital services for the UK public sector.
- Benefits: Enjoy 30 days holiday, flexible working hours, remote options, and a range of health benefits.
- Other info: Be part of a dynamic team that values growth, collaboration, and innovation.
- Why this job: Make a real difference in public sector security while developing your skills in a supportive environment.
- Qualifications: Proven experience in security assurance and strong communication skills with senior stakeholders.
The predicted salary is between 70000 - 90000 £ per year.
hackajob is collaborating with Made Tech to connect them with exceptional professionals for this role. Made Tech helps UK government and public sector organisations build better digital services — and security is central to that mission. As a Lead Security Assurance Engineer in our Cyber practice, you'll be the most senior security assurance voice on client engagements, setting the technical direction for how organisations identify, assess, and respond to security risk.
You'll work across complex government programmes where the stakes are real: services that affect citizens, systems that hold sensitive data, and teams that need to move quickly without cutting corners. You'll be embedded in multidisciplinary teams, shaping how security assurance is woven into everyday engineering work — from threat modelling at design time to control testing in production. You'll build trusted relationships with client security teams, senior stakeholders, and government security communities, translating between technical findings and the risk decisions that senior leaders need to make.
You'll bring the judgement to know when a full ISO 27001 governance programme is appropriate and when a lighter-weight approach serves the engagement better. At Lead level, your impact extends beyond the immediate team. You'll establish assurance frameworks and standards across engagements, grow the security capability of the people around you — colleagues and client staff alike — and contribute to how Made Tech's Cyber practice develops as a community.
If you're someone who builds capability rather than gatekeeping decisions, who treats security as an engineering concern rather than a compliance exercise, and who cares about leaving client teams genuinely stronger than you found them, this role is for you.
- Establish risk-based assurance frameworks, coordinate audit programmes, and maintain living evidence of control effectiveness — feeding findings into vulnerability management backlogs and governance reporting rather than treating audits as point-in-time events.
- Lead vulnerability management as a programme, not a process. Define the prioritisation framework — drawing on EPSS, KEV, CVSS, and asset criticality — set remediation SLAs, own the risk-acceptance register, negotiate remediation plans with IT operations and product teams, and report programme KPIs (MTTR by severity, backlog age, coverage, recurrence rate) to senior stakeholders.
- Drive security into the team's normal rhythm. Embed threat modelling, secure code review, SAST, SCA, dependency policy, and container scanning into design and delivery cycles — making security a shared engineering responsibility rather than a specialist handover at the end of a sprint.
- Navigate UK government security standards with confidence. Apply the NCSC Cyber Assessment Framework, GovAssure, Cyber Essentials, HMG Security Policy Framework, and relevant legislation (UK GDPR, NIS Regulations) proportionately across engagements — framing standards as guardrails that enable safe delivery, not barriers to it.
- Engage with government security communities and coordinate with departmental security teams.
- Communicate security risk in terms that drive decisions. Report security posture, audit findings, and vulnerability programme performance to senior client stakeholders — tailoring the frame for the audience, showing trends over time, and structuring reports around the decisions the reader needs to make, not just the findings.
- Drive adoption of incident response practices across engagements, own the IR-to-vulnerability-management feedback loop, and coordinate cross-team exercises including known-exploited-vulnerability scramble drills.
- Mentor colleagues across the practice and at client organisations, pair on complex or unfamiliar assurance work, and create structured development opportunities — including for client engineers who may not yet have strong security habits.
- Shape practice standards, contribute to hiring and calibration, build and share expertise externally, and help grow a security assurance community that raises capability across the organisation.
Hold one of the following — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) — or an equivalent senior audit and assurance credential. Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM).
Experience establishing and operating vulnerability management programmes at organisational scale — including risk-based prioritisation using EPSS, KEV, and asset criticality, and managing remediation across multiple delivery teams. Evidence of leading compliance programmes against UK government frameworks — GovAssure, CAF, Cyber Essentials, HMG Security Policy Framework — in a complex multi-supplier or multi-team environment.
Experience conducting or coordinating security audits in UK public sector contexts, including producing formal findings and briefings for senior government stakeholders. Working knowledge of exposure management beyond CVE-only approaches — incorporating misconfiguration, identity exposure, and attack-path analysis using cloud-native tooling (AWS Inspector, GuardDuty, Security Hub, or equivalents).
Experience assessing and assuring supply chain security — including third-party and vendor risk — and integrating supplier risk into wider assurance and governance programmes. Experience building or shaping security assurance capability within a consultancy, programme delivery, or multi-client environment — including growing technical security skills in colleagues and client teams.
Evidence of acting as a trusted adviser to senior client stakeholders — anchoring security recommendations on client outcomes, challenging briefs constructively, and making security value visible rather than reporting activity. Experience setting team ways of working in iterative delivery environments — establishing retrospective cadences, collaborative problem-solving norms, and pairing practices that spread security knowledge across the team.
Familiarity with structured threat modelling approaches — STRIDE, MITRE ATT&CK, attack trees — and experience embedding these into agile delivery ceremonies. Experience integrating SAST, SCA, dependency scanning, and container security tooling into CI/CD pipelines as part of a shift-left security approach.
We've recently introduced a flexible benefit platform which includes a Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. 30 days Holiday — we offer 30 days of paid annual leave. Flexible Working Hours — we are flexible with what hours you work. Flexible Parental Leave — we offer flexible parental leave options. Remote Working — we offer part time remote working for all our staff. We offer paid counselling as well as financial and legal advice.
SC Eligibility: An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. Eligibility for SC requires 5 years' UK residency and 5 years' employment history (or back to full-time education).
StudySmarter Expert Advice🤫
We think this is how you could land Lead Security Assurance Engineer (Bristol)
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Made Tech, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Made Tech
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Made Tech. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Lead Security Assurance Engineer (Bristol)
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Made Tech insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Made Tech that you’re committed to staying ahead in the game.
How to prepare for a job interview at Made Tech
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Made Tech to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Made Tech.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.