This job is with Mott MacDonald, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Location/s: Newcastle, UK
Recruiter contact: Nikki George
Mott MacDonald is a global engineering, management, and development consultancy with over 20,000 employees across more than 50 countries and 140+ offices.
We work across incredible global industries, delivering exciting work that is defining our future and making an important societal impact in the communities we serve. Our people power our performance - we succeed when they do. With countless opportunities to collaborate, learn, and grow, the possibilities for excellence are as varied as every individual.
Whether you want to grow as a subject matter expert or broaden your experience with roles across our international community, you're surrounded by global specialists who want to combine their expertise and champion you to be your best. As a proudly employee-owned business, we benefit our clients, our communities, and each other, investing in creating the right space for everyone to feel empowered, included, and valued. Whatever your ambition, Mott MacDonald is where people come to be brilliant.
Overview Of The Role
As an IT Specialist in Cyber Defence, you will play a vital role in protecting the organisation's infrastructure and services from evolving threats. Reporting to the IT Manager - Cyber Defence, you will deliver technical controls and processes across four specialist pillars: Pen Testing & System Hardening, Communication Security, Web Security, and Cloud Security.
You will work collaboratively with IT, engineering, product, and security operations teams to implement secure-by-design principles, remediate vulnerabilities, and maintain compliance with regulatory and organisational standards. This role requires strong technical expertise, attention to detail, and a proactive approach to identifying and mitigating risks.
We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will be supported and empowered to develop your skills, contribute to innovation, and help protect the organisation.
Key Responsibilities And Duties Include
Plan and execute penetration tests and vulnerability assessments using recognised frameworks; analyse findings, prioritise remediation, and verify fixes through re-testing
Apply secure configuration baselines (such as CIS Benchmarks) and assist with the development and maintenance of hardened build standards
Support patching and vulnerability management processes to minimise exploit windows
Implement and maintain advanced email, messaging, and collaboration security controls; enforce cryptographic standards and monitor for anomalies
Perform application security testing, manage findings through remediation workflows, and support secure development practices
Deploy and monitor cloud-native security controls across multi-cloud environments; assist with compliance enforcement, continuous control monitoring, and cloud incident response activities
Maintain accurate records of vulnerabilities, remediation status, and compliance evidence; support audit preparation for Cyber Essentials, ISO certifications, and internal governance reviews
Contribute to the development and update of security policies, standards, and operational procedures
Work with SOC and IT teams to contain and remediate security incidents, providing technical input for root cause analysis and corrective actions
Proactively identify opportunities to improve the organisation's security posture and reduce risk
Personal Attributes
Demonstrates meticulous attention to detail in all aspects of security testing, configuration, and documentation
Applies strong analytical thinking to interpret complex technical findings and prioritise effective remediation
Collaborates effectively with colleagues across IT, engineering, and business teams, building positive working relationships
Communicates clearly and confidently, adapting technical information for both technical and non-technical audiences
Proactively identifies and acts on opportunities to strengthen the organisation's security posture and reduce risk
Maintains the highest standards of integrity, confidentiality, and professional conduct at all times
Adapts positively to changing priorities and remains resilient under pressure
Key Performance Indicators
Timely closure of vulnerabilities within SLA
Compliance with secure configuration baselines and patching standards
Reduction in phishing success rates and web application risk scores
Audit readiness and successful evidence submission
Contribution to incident containment and post-incident improvements
Candidate specification
Essential
Demonstrable hands-on experience in penetration testing, vulnerability management, or security engineering within a complex enterprise environment
Strong knowledge of secure configuration, cryptographic standards, and application security principles
Practical experience with patch management, vulnerability scanning, and remediation processes
Familiarity with cloud security concepts, multi-cloud environments, and compliance frameworks
Experience supporting or preparing for security audits and maintaining compliance evidence
Ability to interpret and apply security policies, standards, and regulatory requirements
Strong problem-solving skills, with the ability to analyse technical issues and recommend effective solutions
Excellent written and verbal communication skills, able to document findings and engage with both technical and non-technical stakeholders
Proven ability to work independently and as part of a team, managing multiple priorities in a fast-paced environment
Desirable
Industry certifications such as OSCP, CompTIA Security+, CCSP, or equivalent
Experience with security tools such as Tenable, Burp Suite, Microsoft Defender, Zscaler, ServiceNow, or similar
Exposure to frameworks and standards such as OWASP ASVS, ISO 27001, NIST CSF
Experience participating in incident response activities and post-incident reviews
Awareness of automation and scripting for security operations.
Please be advised that offers for this role are conditional upon obtaining the appropriate level of Security Clearance.
UK Immigration
Mott MacDonald Ltd. are not currently offering sponsorship to candidates under the Skilled Worker visa route in the UK. This decision is as a consequence of the changes made to the Skilled Worker route by the UK Government in April 2024. We continue to welcome applications from candidates who are eligible for alternative immigration routes in the UK, that do not require sponsorship as a Skilled Worker now or in future.
Agile working
At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team, and personal commitments. We offer a hybrid working policy that embraces your well-being, flexibility, and trust.
Equality, diversity, and inclusion
We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.
Accessibility
We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at and we will talk to you about how we can support you.
We Offer Some Fantastic Benefits Including
Financial wellbeing
We match employee pension contributions between 4.5% and 7%.
Life assurance equal up to 4 x your basic salary, with an option to increase the level of cover to 6 x your salary.
Our income protection scheme provides a financial benefit, as well as absence and return to work support due to long-term illness or injury.
Flexible benefits, including increased life assurance cover, critical illness insurance, payroll saving and will writing.
As an independently owned business we share the financial success of the business with all our colleagues in various ways including annual bonus schemes.
Employee Ownership
Our employee ownership model means no external investors, just us, creating a culture of shared success.
Our employees have a stake and a voice in our business, giving them a direct connection to our success through our personal and group performance bonuses.
As your career grows, so does your stake, recognising your long-term impact and contribution.
Your voice matters, with the opportunity to connect directly with senior leadership through formal channels to help shape our future.
For our senior roles you will have a direct pathway towards ownership from day one.
Health and wellbeing
Private medical insurance for all UK colleagues.
Health cash plan to support you with every day health costs and treatments.
Access to Peppy, providing free support from menopause experts for all UK colleagues.
A variety of wellbeing support is available through our comprehensive wellbeing program, including access for you and your family.
Ability to flex your salary to opt into a wide range of health benefits, many of which can be extended to your family too.
Lifestyle
A minimum of 33-35 days holiday each year, inclusive of public holidays and dependent on level, with the ability to buy or sell leave through our flexible benefits programme.
Holiday entitlement increased to a minimum of 35 days after 5 years' service.
Variety of employee saving schemes and discounts from high-street retailers.
Enhanced family and carers leave
Enhanced family leave policies, including 26 weeks paid maternity and adoption leave, and two weeks paid paternity/partner leave.
Our shared parental leave matches maternity leave meaning we pay up to 24 weeks at full pay.
Up to five additional days leave are provided for those with significant caring responsibilities, two of which are paid.
Learning and development
Primary annual professional institution subscription.
A broad range of opportunities to enhance both technical and soft skills through mentoring, formal training, and self-development options.
Networks, communities, and social outcomes
Join a wide range of groups including our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability, and parents/carers communities.
Make a difference within our communities through our social outcomes.
Apply now, or for more information about our application process, click here.