Contracting Authority: Government Client
Contract Length: Until 18/12/2026
Clearance: Active SC or lapsed within the last 24 months
Essential:
• Demonstrable experience in designing and implementing secure infrastructure or cloud architectures.
• Proven experience with risk assessment methodologies and maintaining enterprise risk registers.
• Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).
• Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks.
• Experience conducting or supporting security audits and implementing remediation plans.
• Proficiency in assessing and securing platforms such as Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, Windows/Linux/Unix.
• Strong knowledge of security tooling such as SIEM, endpoint detection (EDR/XDR), and vulnerability management platforms.
• Hands-on experience with policy development, access control models (RBAC, ABAC), and logging standards.
• Experience supporting assurance activities or government-mandated reviews (e.g. GovAssure, Secure by Design).
• Knowledge of Incident Management, Vulnerability Assessments, SIEM & SOC Systems.
• Familiarity with ITSM workflows and change control procedures
• Experience designing or reviewing secure software supply chain and CI/CD security.
• Ability to interpret CVEs, CVSS scores, and threat intelligence feeds.
• Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists.
• Excellent written and verbal communication skills with the ability to present to senior stakeholders.