This role is Inside IR35.
Clearance:Active SC or lapsed within the last 24 months
Contract Length: Until 18/12/2026
Location:Culham, 2-3 days/week on site
Essential
* Demonstrable experience in designing and implementing secure infrastructure or cloud architectures.
* Proven experience with risk assessment methodologies and maintaining enterprise risk registers.
* Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).
* Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks.
* Experience conducting or supporting security audits and implementing remediation plans.
* Proficiency in assessing and securing platforms such as Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, Windows/Linux/Unix.
* Strong knowledge of security tooling such as SIEM, endpoint detection (EDR/XDR), and vulnerability management platforms.
* Hands‑on experience with policy development, access control models (RBAC, ABAC), and logging standards.
* Experience supporting assurance activities or government‑mandated reviews (e.g. GovAssure, Secure by Design).
* Knowledge of Incident Management, Vulnerability Assessments, SIEM & SOC Systems.
* Familiarity with ITSM workflows and change control procedures.
* Experience designing or reviewing secure software supply chain and CI/CD security.
* Ability to interpret CVEs, CVSS scores, and threat intelligence feeds.
* Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non‑specialists.
* Excellent written and verbal communication skills with the ability to present to senior stakeholders.
#J-18808-Ljbffr