Senior Security Engineer in London

Senior Security Engineer in London

London Full-Time 55000 - 65000 £ / year (est.) Home office (partial)
Made Tech

At a Glance

  • Tasks: Lead security audits and risk assessments for complex government systems.
  • Company: Join a consultancy dedicated to secure digital services for the UK public sector.
  • Benefits: Enjoy 30 days holiday, flexible hours, remote work, and paid counselling.
  • Other info: Embrace a culture of inclusivity and continuous learning.
  • Why this job: Make a real impact on national security while mentoring and growing your team.
  • Qualifications: Must hold relevant security certifications and have experience with UK government frameworks.

The predicted salary is between 55000 - 65000 £ per year.

We help UK public sector organisations build and run digital services that are secure, trustworthy, and resilient. As a Senior Security Assurance Engineer in our Cyber practice, you'll take end-to-end ownership of security assurance work across complex government environments - designing audit approaches, leading risk assessments, and helping clients understand and improve their security posture in ways that are proportionate, practical, and grounded in how their services actually work. At Senior level, you're also expected to raise the standard of security practice around you - not just through your own work, but by mentoring colleagues, contributing to how the team operates, and helping clients build their own capability over time. We're a consultancy that believes good security outcomes come from embedding security into delivery as a continuous concern, not bolting it on at the end. You'll be central to making that real.

Key responsibilities

  • Design and lead security audits across complex government systems - combining automated scanning with manual testing, producing findings that are clearly framed around risk and remediation rather than just compliance status.
  • Drive continuous compliance monitoring against applicable standards and regulations - Cyber Essentials, the NCSC Cyber Assessment Framework, GovAssure, UK GDPR, and NIS Regulations - feeding posture data into governance and risk reporting rather than treating it as a point-in-time exercise.
  • Lead risk assessments and threat-modelling sessions, selecting methodologies (ISO 27005, NIST RMF, STRIDE, MITRE ATT&CK) that are proportionate to system criticality, and ensuring findings feed into programme governance decisions rather than sitting in security documentation alone.
  • Communicate security findings and risk clearly to a range of audiences - technical detail for engineering teams, risk-framed summaries for senior stakeholders - structuring reports around the decisions people need to make, not just the controls you've tested.
  • Embed security as a continuous engineering concern, supporting threat modelling and security reviews throughout delivery, challenging designs that create unnecessary risk, and mentoring colleagues on secure-by-default practices.
  • Support and assess supply-chain and third-party security, creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply-chain risk.
  • Mentor and coach colleagues and client team members, pairing on complex assurance work, sharing knowledge openly across the practice, and actively contributing to the capability of everyone around you - not just delivering your own work well.
  • Contribute to the commercial and strategic health of engagements, staying alert to unmet client needs, managing scope within contracted boundaries, and surfacing opportunities or risks to account leadership as they arise.

Skills, knowledge and expertise

  • Hold one of the following: Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), or an equivalent audit and assurance practitioner credential.
  • Certified in Risk and Information Systems Control (CRISC).
  • Certified Information Systems Security Professional (CISSP).
  • Experience advising clients on UK government security frameworks – including GovAssure, the NCSC Cyber Assessment Framework, Cyber Essentials Plus, and the HMG Security Policy Framework – and how they interact in practice.
  • Experience leading risk assessments using structured methodologies (ISO 27005, NIST RMF, or FAIR) and embedding risk outputs into programme governance rather than treating them as standalone deliverables.
  • Demonstrated ability to design security controls and governance approaches for cloud environments, with an understanding of how compliance requirements apply in AWS, Azure, or GCP contexts.
  • Working knowledge of incident response planning, establishing policies, assessing team readiness, and mentoring others on preparedness, ideally in a government or regulated environment.
  • Experience conducting or leading supply-chain security assessments, including third-party risk and software provenance, with reference to recognised standards.
  • Familiarity with tools used for continuous compliance monitoring, automated controls testing, or cloud security posture management (for example, CSPM tooling, SIEM platforms, or vulnerability management tools).
  • Evidence of actively shaping your own development, a T-shaped specialism, seeking and acting on feedback, and sharing learning openly with colleagues and the wider practice.
  • Experience contributing reusable assets, playbooks, templates, tooling, or patterns back into a practice or community rather than leaving knowledge within a single engagement or team.
  • Experience running or contributing to structured mentoring relationships, pairing sessions, or retrospectives in a way that measurably improved team capability or ways of working.
  • Experience co-designing solutions with clients and stakeholders, bringing them into the process rather than presenting conclusions for approval, and delivering value anchored to outcomes rather than outputs.
  • Experience conducting skills-based assessment of candidates, contributing to interview scripts, or calibrating assessment criteria to ensure fair and consistent evaluation.

What you'll bring

  • Contextual judgement over formulaic approaches. You think carefully about what's proportionate for each engagement rather than reaching for the same framework every time. You can articulate trade-offs clearly and help clients understand the reasoning behind your recommendations.
  • A team-first mindset. You take your own work seriously, and you take the growth of the people around you equally seriously. You pair, you share, you coach — and you make it safe for others to ask questions and admit gaps.
  • Confidence communicating across boundaries. You're as comfortable presenting risk findings to a senior civil servant as you are working through a threat model with an engineering team. You adjust how you communicate without losing substance or clarity.
  • Genuine ownership. You take responsibility for the outcomes of your work — maintaining momentum through ambiguity, escalating risks early rather than absorbing them, and seeing significant pieces of work through from start to finish.

Benefits

  • 30 days Holiday – we offer 30 days of paid annual leave.
  • Flexible Working Hours – we are flexible with what hours you work.
  • Flexible Parental Leave – we offer flexible parental leave options.
  • Remote Working – we offer part time remote working for all our staff.
  • Paid counselling – we offer paid counselling as well as financial and legal advice.

Eligibility

An increasing number of our customers are specifying a minimum of SC check in order to work on their projects. As a result, we're looking for all successful candidates for this role to have eligibility. Eligibility for SC requires 5 years' UK residency and 5 years' employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC, we won't be able to progress your application and we will contact you to let you know why.

Equal Opportunity

We are collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us.

Senior Security Engineer in London employer: Made Tech

Made Tech is an exceptional employer, dedicated to fostering a collaborative and inclusive work culture that empowers employees to make a real impact in the public sector. With a strong focus on professional development, you will have the opportunity to mentor junior analysts and enhance your technical skills while working on meaningful projects that protect sensitive public data. Our generous benefits package, including 30 days of holiday and flexible working arrangements, ensures a healthy work-life balance, making Made Tech a truly rewarding place to grow your career.

Made Tech

Contact Details:

Made Tech Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Senior Security Engineer in London

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Made Tech, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through Made Tech

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Made Tech. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Senior Security Engineer in London

Security Audit Design
Risk Assessment
Threat Modelling
ISO 27005
NIST RMF
Cyber Essentials
Governance Frameworks

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Made Tech insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Made Tech that you’re committed to staying ahead in the game.

How to prepare for a job interview at Made Tech

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at Made Tech to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Made Tech.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.