Security Engineer – Assurance/Report Writing
We’re looking for a Security Assurance Engineer with the ability to see the whole security picture—technology, people, and process. You’ll join a team of experienced cyber specialists, but your role is to step back from the individual technical outputs and assess what they mean for the overall security posture of the service.
* Review and analyse security artefacts, test results, assessments, and technical outputs from the cyber teams.
* Translate that information into clear, evidence-based Security Assurance Reports.
* Develop, maintain, and communicate security arguments that demonstrate how risks are mitigated and how the service meets required security outcomes.
* Look beyond technical controls and assess people, process, and governance aspects that contribute to end-to-end security.
* Provide a holistic view of how all elements—technical and non-technical—impact the security of implemented services.
* Engage with stakeholders across engineering, delivery, and governance to ensure security assurance is understood and integrated.
Required Skill and Experience:
* SC Clearance is essential and must have been active within the last 12 months.
* Experience producing structured security assurance documentation, security cases, or security arguments (e.g., using GSN, safety/security case approaches, or similar).
* The ability to interpret diverse security inputs—pen test results, architectural designs, risk assessments, compliance outputs—and turn them into coherent assurance narratives.
* A strong understanding of how organisational processes, behaviours, and controls influence security.
* Excellent written communication skills, with the ability to present complex security information clearly and persuasively.
* Experience in large or complex projects where security needed to be managed holistically (not just at a technical-control level).
* Knowledge of relevant security standards or frameworks (e.g., NCSC, ISO 27001, NIST, etc.) is a plus.