Cyber Security Specialist
12-month contract
£550-£600 per day
Inside IR35
Hybrid - Edinburgh (1-2 days per week onsite)
We are currently recruiting for an experienced Cyber Security Specialist to join a large-scale digital transformation environment on a 12-month contract. This role will focus on core security design, assurance, and governance activities, ensuring that robust cyber security standards are embedded across change initiatives.
Working as part of a central cyber security function, you will provide oversight, guidance, and assurance across the full service lifecycle, with particular emphasis on standards, risk management, and secure design processes.
Key responsibilities:
1. Provide expert cyber security advice across digital transformation programmes, covering the full service lifecycle.
2. Develop and draft new cyber security standards where new technologies or assurance frameworks are introduced.
3. Interpret security best practice and accreditation requirements to define controls and security requirements.
4. Coordinate secure change activity to ensure a consistent and forward-looking approach to security across programmes.
5. Carry out and review threat modelling and risk assessments, including work conducted by other teams.
6. Maintain and evolve security design assessment processes for change initiatives.
7. Review high-level and low-level solution designs to ensure alignment with security standards.
8. Undertake hands-on security assessments and review vulnerability scan outputs.
9. Support governance processes by contributing to stage gate and go-live security decisions.
10. Take ownership of all security-related delivery evidence, ensuring completeness and accuracy.
11. Provide recommendations for SecOps processes and automation to support new and evolving systems.
Key requirements:
12. Strong experience designing and delivering security and risk assessment processes within enterprise-scale environments.
13. Demonstrable experience contributing to the secure delivery of digital services.
14. In-depth understanding of cyber security best practices, standards, and current threat landscape.
15. Experience operating in agile environments, working closely with internal teams and third-party suppliers.
16. Ability to take ownership of security activities from initiation through to delivery and handover.
17. Strong communication skills, with the ability to engage both technical and non-technical stakeholders.
18. Technical experience across:
19. Enterprise security tooling including email filtering, antivirus, firewalls, WAF, and Microsoft Defender
20. Security testing approaches such as SAST and DAST
21. Enterprise platforms including Active Directory, PKI, SCCM, Microsoft 365, and Azure (including Entra and Intune)
22. Virtualisation and operating systems including Windows Server and Hyper-V
23. Cloud platforms, particularly Microsoft Azure
24. Application platforms such as Microsoft Dynamics and Power Platform
25. Security frameworks and standards such as Zero Trust and Cyber Assessment Framework (CAF)
Desirable experience:
26. Experience working with Azure, Microsoft Dynamics, and Power Platform
27. Experience managing independent penetration testing activities
28. Relevant certifications (. MCSE, ITIL) or equivalent experience
This is a great opportunity to play a critical role in strengthening and shaping security practices within a complex, fast-moving environment, with strong stakeholder engagement and meaningful programme impact.
Please note that this role has a compulsory 1-2 days onsite requirement in the Edinburgh office.
Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.