Senior Cyber Security Engineer

Social Security Scotland is seeking a Senior Cyber Security Engineer to help secure the cloud platforms that deliver vital public services. This is a key role in a cloud-first organisation, working to ensure solutions are secure by design, resilient, and compliant.

The Senior Cyber Security Engineer leads the design, implementation, and assurance of cyber security controls across cloud platforms, applications, and infrastructure. You will translate security policy and risk into practical cloud security solutions, working closely with Architecture, Cloud Engineering, DevOps, and Product teams.

Acting as a technical authority, you will provide hands-on expertise, assurance, and risk-based guidance, embedding security throughout the delivery lifecycle.

GDD Pay Supplement This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly., The Cyber Security Engineer builds, develops, and configures tooling and processes to be secure. They build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production.

They have experience of operating systems, Networking, PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code.

• Identify, design and develop cyber security solutions across a wide variety of applications and infrastructure
• Lead the implementation of cyber security policy and standards
• Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects
• Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes
• Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards and solutions.

Main Duties

• Design and deliver secure cloud architectures across IaaS, PaaS, and SaaS environments, embedding security controls aligned to organisational policy and industry best practice.
• Lead the implementation of cyber security standards and controls across cloud platforms, influencing delivery teams and ensuring security is built in from the outset.
• Provide senior cyber security consultancy, including cloud risk assessments, threat modelling, architecture reviews, audits, and contribution to cyber strategy.
• Work closely with Architecture teams to shape secure target architectures and ensure security requirements are reflected in technical designs.
• Lead and enhance cloud security operations, including but not limited to identity and access management, vulnerability management, logging, monitoring, and incident response.
• Design and implement automated security controls and assurance, including policy as code, secure configuration baselines, and continuous compliance.
• Translate security requirements into engineering level guidance, supporting developers and engineers to remediate issues and adopt secure coding and deployment practices.
• Engage with internal and external stakeholders, providing security assurance, clear risk articulation, and support for change associated with security improvements.
• Act as a technical mentor, championing cloud security best practice and supporting the development of engineers and security practitioners.
• Design, review, and implement secure cloud infrastructure using Infrastructure as Code (IaC) tooling, embedding security controls, configuration standards, and policy as code into automated deployment pipelines (e.g. Terraform, CloudFormation), and providing assurance that environments are secure, consistent, and resilient., This role is aligned to Senior Cyber Security Engineer within the Government Digital, Data and Technology Profession., * UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Do you have experience in Terraform?, * Experience implementing cloud native security controls such as IAM, encryption, key management, logging, and monitoring.

• Experience embedding security across the full delivery lifecycle, from early design through to live operations.
• Experience creating or implementing automated security controls and assurance, e.g. policy as code, configuration compliance, or security monitoring rules utilising IaC Tooling, Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

Pulled from the full job description

• Annual leave
• Employee discount
• Employee assistance programme
• Company pension
• Paid volunteer time, Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have 11.5 public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as leave when suitable.

A Civil Service Pension - This job comes with a Civil Service pension. New joiners to the Civil Service will join a career average pension scheme as standard. Read more here - www.civilservicepensionscheme.org.uk.

Healthy work life balance - We can offer the possibility of full-time, part-time, term-time, and job shares. We also encourage flexible working.

Discounts - You can enjoy a vast range of retail, travel and lifestyle discounts through our benefit scheme.

Personal support for you - Our Employee Assistance Programme gives you confidential, independent information and guidance 24/7.

Volunteering special leave - Up to six days paid special leave a year for volunteering. We support our staff to help causes important to them.

Great locations - Our bright and modern offices in the heart of Dundee and Glasgow have been designed with staff in mind. Both locations are ideal for public transport.