×
Register Here to Apply for Jobs or Post Jobs. X

Senior Security Assurance Engineer

Job in Paisley, Renfrewshire, PA1, Scotland, UK
Listing for: Made Tech Limited
Full Time position
Listed on 2026-07-06
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below

We help UK public sector organisations build and run digital services that are secure, trustworthy, and resilient. As a Senior Security Assurance Engineer in our Cyber practice, you'll take end‑to‑end ownership of security assurance work across complex government environments – designing audit approaches, leading risk assessments, and helping clients understand and improve their security posture in ways that are proportionate, practical, and grounded in how their services actually work.

At Senior level, you're also expected to raise the standard of security practice around you – not just through your own work, but by mentoring colleagues, contributing to how the team operates, and helping clients build their own capability over time. We're a consultancy that believes good security outcomes come from embedding security into delivery as a continuous concern, not bolting it on at the end.

You'll be central to making that real.

Key responsibilities
  • Design and lead security audits across complex government systems – combining automated scanning with manual testing, producing findings that are clearly framed around risk and remediation rather than just compliance status.
  • Drive continuous compliance monitoring against applicable standards and regulations – Cyber Essentials, the NCSC Cyber Assessment Framework, Gov Assure, UK GDPR, and NIS Regulations – feeding posture data into governance and risk reporting rather than treating it as a point‑in‑time exercise.
  • Lead risk assessments and threat‑modelling sessions
    , selecting methodologies (ISO 27005, NIST RMF, STRIDE, MITRE ATT&CK) that are proportionate to system criticality, and ensuring findings feed into programme governance decisions rather than sitting in security documentation alone.
  • Communicate security findings and risk clearly to a range of audiences – technical detail for engineering teams, risk‑framed summaries for senior stakeholders – structuring reports around the decisions people need to make, not just the controls you've tested.
  • Embed security as a continuous engineering concern
    , supporting threat modelling and security reviews throughout delivery, challenging designs that create unnecessary risk, and mentoring colleagues on secure‑by‑default practices.
  • Support and assess supply‑chain and third‑party security
    , creating proportionate assurance processes aligned with recognised standards and helping clients identify and address gaps in how they manage vendor and software supply‑chain risk.
  • Mentor and coach colleagues and client team members
    , pairing on complex assurance work, sharing knowledge openly across the practice, and actively contributing to the capability of everyone around you – not just delivering your own work well.
  • Contribute to the commercial and strategic health of engagements
    , staying alert to unmet client needs, managing scope within contracted boundaries, and surfacing opportunities or risks to account leadership as they arise.
Skills, knowledge and expertise
  • Hold one of the following – Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP) – or an equivalent audit and assurance practitioner credential.
  • Certified in Risk and Information Systems Control (CRISC).
  • Certified Information Systems Security Professional (CISSP).
  • Experience advising clients on UK government security frameworks – including Gov Assure, the NCSC Cyber Assessment Framework, Cyber Essentials Plus, and the HMG Security Policy Framework – and how they interact in practice.
  • Experience leading risk assessments using structured methodologies (ISO 27005, NIST RMF, or FAIR) and embedding risk outputs into programme governance rather than treating them as standalone deliverables.
  • Demonstrated ability to design security controls and governance approaches for cloud environments, with an understanding of how compliance requirements apply in AWS, Azure, or GCP contexts.
  • Working knowledge of incident response planning – establishing policies, assessing team readiness, and mentoring others on preparedness – ideally in a government or regulated environment.
  • Experience conducting or leading supply‑chain security assessments, including…
Position Requirements
10+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary