Job Title: Senior Cyber Security Consultant Location: London / Guildford / Bristol / M4 Corridor
Salary: Yes. Let's talk. Though if you're coming with 4 years of experience and wanting 6 figures then this probably isn't the place for you.
Bonus: Absolutely
Another day, another vague “Cyber Security Consultant” job ad full of buzzwords, written by someone who thinks CISSP is a personality type.
This isn’t that ad.
This isn’t a paper-pushing compliance gig either. You’ll be advising government, defence and critical national infrastructure clients - the sort of places where “oops” isn’t an acceptable incident response plan. Your work will directly impact the national interest, from the MOD to wider Civil Service departments.
If you’ve got NatSec or CNI experience, great - we’re listening.
You’ll be helping these organisations protect their ICT investments and defend against the kind of threats that don’t usually make the news (and shouldn’t).
And yes, that means you’ll need to have or be eligible for UK Government Security Clearance. If not, we’re not the place for you. If you hold Green Badge / DV clearance, we definitely need to talk.
What you’ll actually be doing (instead of pretending to on PowerPoint):
Helping public sector and defence organisations not get pwned.
Working on projects where security isn’t a bolt-on - it’s mission-critical.
Designing and reviewing architectures with TOGAF, SABSA or similar frameworks. (Knowing the JSP604/440 ecosystem wouldn’t hurt either.)
Building security into Agile delivery - not waiting until someone’s halfway through DevOps and then panicking.
Writing risk assessments and security assurance documentation people will actually read.
You’ll fit in if you:
Have 5+ years of experience working with complex ICT systems
Can hold your own in a room full of stakeholders, whether they’re techies, suits, or someone from MOD who’s still using Windows 7.
Know what HMG SPF is without having to Google it mid-meeting.
Understand enterprise architecture and aren’t allergic to acronyms like TOGAF, SABSA or NIST.
Can navigate frameworks like ISO27001 without reading off a cheat sheet.
Know your way around security testing, and can explain why it matters to non-specialists without using fear-mongering or memes.
What we’re really looking for:
You’ve worked in Defence, Central Gov, Civil Sector or Critical Infrastructure. And you didn’t just drop in for a 2-week discovery workshop.
You get how national security works in the real world, not just in theory.
You understand that cyber risk isn’t just about patching stuff - it’s about understanding mission impact.
You’re a grown-up. You can work independently and still be part of a team. You get the job done, even when it’s messy.
What’s in it for you:
Interesting work that actually matters.
Training that actually leads to certifications, not just a dusty Udemy login.
Routes into Principal / Chartered status with the UK Cyber Security Council, and support for accreditations like CISSP, CISM, SABSA, TOGAF, CREST and so on.
The bottom line:
If your idea of a “cyber security role” involves shouting “have you tried turning it off and on again?” then this isn’t for you.
But if you’re serious about securing the systems that keep the UK running - from defence comms to critical national infrastructure - then let’s talk.