Lead Cyber Security Engineer (Identity & Payments) (Req 2918)

Scottish Government
Glasgow, United Kingdom
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
£ 75K

Job location

Glasgow, United Kingdom

Tech stack

Amazon Web Services (AWS)
Cloud Computing
Cloud Computing Security
Computer Security
Information Systems
Continuous Integration
Software Debugging
Github
Identity and Access Management
Intrusion Detection and Prevention
Systems Development Life Cycle
Secure Coding
Software Deployment
Software Engineering
Software Vulnerability Management
Web Applications
Okta
Gitlab
Falcon Platform
Kubernetes
Infrastructure Automation Frameworks
Security Orchestration, Automation & Response
Programming Languages

Job description

About the Roles We are looking for experienced Cyber Security Engineers to lead on the secure design and operation of high-profile and leading-edge government common platforms. You’ll join a multi-disciplinary agile team, and work on the latest set of Cloud and Security technologies.

How You’ll Contribute

This is a great opportunity for Cyber Security Engineers with a deep technical understanding of the latest technologies, and proven experience leading the deployment of modern security tooling to provide Extended Threat Detection and Response, Patch and Vulnerability Management, Security Automation, Protective Monitoring, Identity & Access Management, and more, across the entire development life-cycle.

While the technology you may work with is broad and varied, experience securing user-facing, web-based applications with AWS, GitHub, GitLab, Codespaces, Kubernetes, Okta, CrowdStrike, Sentinel, ExaBeam and similar technologies would be highly beneficial. Does this sound like the kind of work that interests you?

As an experienced Cyber Security Engineer, you’ll have the opportunity to shape secure digital services that matter — influencing the protection of systems used across the Scottish public sector and the millions of people who rely on them every day.

Your guidance will help engineering teams embed secure development and operational best practice, strengthening our security posture and driving continuous improvement in how services are built, tested, and operated. Your expertise will be trusted, your perspective valued, and your leadership encouraged when identifying risks and proposing pragmatic solutions.

Where These Roles Sit

We are looking for two Security Engineers to join the and play a key role in delivering secure, resilient digital public services across government. This is an exciting opportunity to support some of Scotland’s most significant, multi-million-pound digital programmes, including and , as well as other major national initiatives built on our emerging common platforms and services. These initiatives are key enablers of Scotland’s , and form part of the .

The roles form part of a growing and maturing security capability within the Digital Directorate. While you may provide focused support to specific programmes, you will also contribute to the Directorate security expertise that enables consistent, scalable security practices across government’s digital services., * Identify, design, and develop cyber security solutions across a wide variety of applications and infrastructure.

  • Engage with the Digital Technical Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes.

  • Develop security operating procedures for use across multiple information systems or support compliance with them, including vulnerability management, incident response, protective security monitoring.

  • Apply routine security procedures appropriate to the role, such as patching, managing access rights, malware protection, or vulnerability testing with autonomy.

  • Champion secure design principles, frameworks, and standards for a digital service or programme. Drive secure coding practices and champion them, mentoring the engineering team to be able to undertake these tasks.

  • Lead and translate security requirements into application design elements including documenting specific security criteria. Design advanced audit points into digital services.

  • Act as a subject matter expert (SME) for CI/CD pipeline, infrastructure automation and cloud security, lead software debugging and guide engineers to resolve issues. Create and deliver automated assurance against Technical Security guidance and configurations., We'll assess you against these behaviours during the selection process:

  • Leadership

  • Changing and Improving, Interviews and Technical assessments are scheduled for w/c 29th June - w/c Monday 6th July, however these may be subject to change. Feedback will only be provided if you attend an interview or assessment., * UK nationals

  • nationals of the Republic of Ireland

  • nationals of Commonwealth countries who have the right to work in the UK

  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)

  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)

  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020

  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Requirements

Do you have experience in Software deployment?, * Lead Criteria 1 - Cyber Security Operations: Develop and support security procedures, ensuring compliance. Apply routine security measures autonomously and lead small teams in managing Cyber Security operations.

  • Lead Criteria 2 - Specific Security Technology and Understanding: Understand and articulate the impact of vulnerabilities on coding, designs, and systems. Specialise in specific systems and contribute to the overall security strategy.
  • Secure Design: Champion secure design principles and standards. Translate security requirements into detailed design elements and integrate advanced audit points into digital services.
  • Secure Development: Develop services using programming and scripting languages. Lead software debugging, guide developers, and implement solutions to prevent fraud and error.

Experience is assessed at sift, along with a more in-depth assessment at interview.

Technical Skills:

This role is aligned to the Cyber Security Engineer job role within the Senior Cyber Security Engineer job family.

You can find out more about the skills required, here:

These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment.

Behaviours:

  • Leadership (Level 4)
  • Changing and Improving (Level 4), This vacancy is using Success Profiles , and will assess your Behaviours, Experience and Technical skills.

Benefits & conditions

  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%

Apply for this position