2 x Lead Cyber Security Engineer (Identity & Payments) in Glasgow

We are looking for experienced Cyber Security Engineers to lead on the secure design and operation of high-profile and leading-edge government common platforms. You’ll join a multi-disciplinary agile team, and work on the latest set of Cloud and Security technologies.

This is a great opportunity for Cyber Security Engineers with a deep technical understanding of the latest technologies, and proven experience leading the deployment of modern security tooling to provide Extended Threat Detection and Response, Patch and Vulnerability Management, Security Automation, Protective Monitoring, Identity & Access Management, and more, across the entire development life-cycle.

While the technology you may work with is broad and varied, experience securing user-facing, web-based applications with AWS, GitHub, GitLab, Codespaces, Kubernetes, Okta, CrowdStrike, Sentinel, ExaBeam and similar technologies would be highly beneficial.

As an experienced Cyber Security Engineer, you’ll have the opportunity to shape secure digital services that matter — influencing the protection of systems used across the Scottish public sector and the millions of people who rely on them every day. Your guidance will help engineering teams embed secure development and operational best practice, strengthening our security posture and driving continuous improvement in how services are built, tested, and operated. Your expertise will be trusted, your perspective valued, and your leadership encouraged when identifying risks and proposing pragmatic solutions.

Collaboration is central to the role, working with colleagues across security, engineering, architecture, product, and service management. As a respected member of the community, your knowledge and experience will support others through mentoring, open knowledge-sharing, and meaningful contributions to governance decisions that shape our cyber resilience.

We are looking for two Security Engineers to join the Digital Directorate and play a key role in delivering secure, resilient digital public services across government. This is an exciting opportunity to support some of Scotland’s most significant, multi-million-pound digital programmes, including ScotPayments and ScotAccount, as well as other major national initiatives built on our emerging common platforms and services. These initiatives are key enablers of Scotland’s Digital Strategy, and form part of the Delivery Plan (2025 – 2028) for Sustainable Digital Public Services.

The roles form part of a growing and maturing security capability within the Digital Directorate. While you may provide focused support to specific programmes, you will also contribute to the Directorate security expertise that enables consistent, scalable security practices across government’s digital services.

Responsibilities:

• Identify, design, and develop cyber security solutions across a wide variety of applications and infrastructure.
• Engage with the Digital Technical Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes.
• Develop security operating procedures for use across multiple information systems or support compliance with them, including vulnerability management, incident response, protective security monitoring.
• Apply routine security procedures appropriate to the role, such as patching, managing access rights, malware protection, or vulnerability testing with autonomy.
• Champion secure design principles, frameworks, and standards for a digital service or programme.
• Drive secure coding practices and champion them, mentoring the engineering team to be able to undertake these tasks.
• Lead and translate security requirements into application design elements including documenting specific security criteria.
• Design advanced audit points into digital services.
• Act as a subject matter expert (SME) for CI/CD pipeline, infrastructure automation and cloud security, lead software debugging and guide engineers to resolve issues.
• Create and deliver automated assurance against Technical Security guidance and configurations.

Success Profile

Success profiles are specific to each job, and they include the mix of experience, skills and behaviours candidates will be assessed on.

Experience:

• Lead Criteria 1 - Cyber Security Operations: Develop and support security procedures, ensuring compliance. Apply routine security measures autonomously and lead small teams in managing Cyber Security operations.
• Lead Criteria 2 - Specific Security Technology and Understanding: Understand and articulate the impact of vulnerabilities on coding, designs, and systems. Specialise in specific systems and contribute to the overall security strategy.
• Secure Design: Champion secure design principles and standards. Translate security requirements into detailed design elements and integrate advanced audit points into digital services.
• Secure Development: Develop services using programming and scripting languages. Lead software debugging, guide developers, and implement solutions to prevent fraud and error.

Technical Skills: This role is aligned to the Cyber Security Engineer job role within the Senior Cyber Security Engineer job family. You can find out more about the skills required, here: Cyber security: operations - gov.scot. These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment.

Behaviours:

• Leadership (Level 4)
• Changing and Improving (Level 4)

You can find out more about Success Profiles Behaviours, here. Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage.

How to apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the 4 Experience criteria listed in the Success Profile above. Candidates will have their applications assessed against all Experience criteria. If a large number of applications are received an initial sift will be conducted on the Lead Criteria highlighted above. Candidates who pass the initial sift will have their applications fully assessed against the remaining Experience criteria.

Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment.

If invited for further assessment, this will consist of an interview and Government Cyber technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed.

The sift is scheduled for w/c 15th June - w/c Monday 22nd June. Interviews and Technical assessments are scheduled for w/c 29th June - w/c Monday 6th July, however these may be subject to change.

Qualifications About us

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland. We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.

Working pattern

Our standard hours are 35 hours per week, we offer flexible working including full-time, part-time, flexitime, and compressed hours depending on the needs of the role. From October 2025, the Scottish Government will require staff in hybrid-compatible roles to work in-person 40% of the time either in an office or other agreed work location.

If you have specific questions about the role you are applying for, please contact Digitalcareers@gov.scot.

Security checks

Successful candidates must complete the Baseline Personnel Security Standard (BPSS) before they can be appointed. BPSS is comprised of four main pre-employment checks – Identity, Right to work, Employment History and a Criminal Record check (unspent convictions). You can find out more about BPSS on the UK Government website, or read about the different levels of security checks in our Candidate Guide.

Pay Supplement

This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000.00 annual GDD pay supplement, which is paid monthly – pay supplements are reviewed regularly. The Government Digital and Data (GDD) Profession is a UK-wide group of over 24,000 civil servants dedicated to driving digital transformation in government through more efficient, data-driven public services. This community oversees a wide range of responsibilities, including architects, data scientists, engineers, and content designers, across different, multidisciplinary teams. The profession, sponsored by the Government Digital Service (GDS), offers the frameworks, skills, and development routes necessary for these individuals to thrive and produce improved outcomes for the public.

Equality Statement

We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Further information can be found on our Careers Website. Read our Candidate Guide for further information on our recruitment and application processes.

Apply Before: Sunday 24th May (23:59)