Senior Cyber Security Engineer (3861)
Job summary
Social Security Scotland is seeking a Senior Cyber Security Engineer to help secure the cloud platforms that deliver vital public services. This is a key role in a cloud‑first organisation, working to ensure solutions are secure by design, resilient, and compliant.
The Senior Cyber Security Engineer leads the design, implementation, and assurance of cyber security controls across cloud platforms, applications, and infrastructure. You will translate security policy and risk into practical cloud security solutions, working closely with Architecture, Cloud Engineering, DevOps, and Product teams.
Acting as a technical authority, you will provide hands-on expertise, assurance, and risk-based guidance, embedding security throughout the delivery lifecycle.
GDD Pay Supplement
This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.
Job description
The Cyber Security Engineer builds, develops, and configures tooling and processes to be secure. They build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production.
They have experience of operating systems, Networking, PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code.
- Identify, design and develop cyber security solutions across a wide variety of applications and infrastructure
- Lead the implementation of cyber security policy and standards
- Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects
- Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes
- Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards and solutions.
Main Duties
- Design and deliver secure cloud architectures across IaaS, PaaS, and SaaS environments, embedding security controls aligned to organisational policy and industry best practice.
- Lead the implementation of cyber security standards and controls across cloud platforms, influencing delivery teams and ensuring security is built in from the outset.
- Provide senior cyber security consultancy, including cloud risk assessments, threat modelling, architecture reviews, audits, and contribution to cyber strategy.
- Work closely with Architecture teams to shape secure target architectures and ensure security requirements are reflected in technical designs.
- Lead and enhance cloud security operations, including but not limited to identity and access management, vulnerability management, logging, monitoring, and incident response.
- Design and implement automated security controls and assurance, including policy as code, secure configuration baselines, and continuous compliance.
- Translate security requirements into engineering level guidance, supporting developers and engineers to remediate issues and adopt secure coding and deployment practices.
- Engage with internal and external stakeholders, providing security assurance, clear risk articulation, and support for change associated with security improvements.
- Act as a technical mentor, championing cloud security best practice and supporting the development of engineers and security practitioners.
- Design, review, and implement secure cloud infrastructure using Infrastructure as Code (IaC) tooling, embedding security controls, configuration standards, and policy as code into automated deployment pipelines (e.g. Terraform, CloudFormation), and providing assurance that environments are secure, consistent, and resilient.
Person specification
Success Profiles
We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here.
For this post, the following Success Profile elements will be assessed:
Essential Experience
Experience implementing cloud native security controls such as IAM, encryption, key management, logging, and monitoring.
- Experience embedding security across the full delivery lifecycle, from early design through to live operations.
- Experience creating or implementing automated security controls and assurance, e.g. policy as code, configuration compliance, or security monitoring rules utilising IaC Tooling
Behaviours
- Leadership - Level 3
You can find out more about Success Profiles Behaviours here: Success Profiles - Civil Service Behaviours (publishing.service.gov.uk)
Technical / Professional Skills:
This role is aligned to Senior Cyber Security Engineer within the Government Digital, Data and Technology Profession.
These skills will be tested during the Technical Assessment if you are successful at sift stage. They will not be assessed at application stage. Please review the following to understand the skill expectations - Cyber security engineer - Cyber security: operations - gov.scot
Benefits
Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have 11.5 public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as leave when suitable.A Civil Service Pension - This job comes with a Civil Service pension. New joiners to the Civil Service will join a career average pension scheme as standard. Read more here - www.civilservicepensionscheme.org.uk.
Healthy work life balance - We can offer the possibility of full-time, part-time, term-time, and job shares. We also encourage flexible working.
Discounts - You can enjoy a vast range of retail, travel and lifestyle discounts through our benefit scheme.
Personal support for you - Our Employee Assistance Programme gives you confidential, independent information and guidance 24/7.
Volunteering special leave - Up to six days paid special leave a year for volunteering. We support our staff to help causes important to them.
Great locations - Our bright and modern offices in the heart of Dundee and Glasgow have been designed with staff in mind. Both locations are ideal for public transport.
Things you need to know
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.Selection process details
Expected Timeline (subject to change)
Sift – week commencing 1st June 2026
Interview – week commencing 15th June 2026
Location – In Person in either Dundee or Glasgow
To apply please submit an application form by clicking on the ‘Apply at Advertisers Site’ button.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.Contact point for applicants
Job contact :
- Name : Resourcing Team
- Email : Recruitment@socialsecurity.gov.scot
- Telephone : 08001577194
Recruitment team
Further information
https://www.socialsecurity.gov.scot/working-with-us/help-with-your-applicationSalary range
- £49,401 - £59,152 per year