Principal Cyber Security Consultant

Job Title: Senior / Principal Cyber Security Consultant

Location: Guildford / Bristol / M4 Corridor / South West

Salary: Yes. We’ll have a proper conversation. But if you’ve got 4 years’ experience and a 6-figure expectation, we’re probably not aligned.

Bonus: Of course. We’re not monsters.

Another day, another “Cyber Security Consultant” advert stuffed with buzzwords and written by someone who thinks CISSP is a substitute for personality.

This isn’t that.

This also isn’t a tick-box, audit-heavy, paper-shuffling role where “risk” means updating a spreadsheet and calling it a day.

You’ll be working with defence clients - the kind where failure isn’t inconvenient, it’s headline-worthy (or deliberately never makes the headlines).

You’ll be helping secure systems where “that’ll do” doesn’t cut it.

And yes - you’ll need to either hold or be eligible for UK Government Security Clearance. If you already have DV or similar, we should probably be talking already.

What you’ll actually be doing (Instead of just talking about it in meetings)

• Helping defence organisations avoid becoming case studies
• Working on projects where security is baked in - not awkwardly bolted on at the end
• Designing and reviewing architectures using frameworks like TOGAF, SABSA (and friends)
• Producing risk assessments and assurance documentation that people might actually read

You’ll fit in if you:

• Have 5+ years working with complex ICT systems
• Can handle a room with a mix of engineers, senior stakeholders, and the occasional wildcard
• Know your way around JSPx without needing a quiet Google first
• Have real experience with Secure by Design / CSMv4
• Understand system and security architecture, and don’t panic at acronyms like TOGAF, SABSA, or NIST
• Get Information Assurance and Risk Advisory beyond just the definitions

What we’re really looking for:

• You’ve worked in Defence - properly, not just parachuted in for a short engagement
• You understand cyber risk in terms of mission impact, not just vulnerabilities and patching cycles
• You’re self-sufficient, pragmatic, and can get things done without needing constant direction
• You know that real-world delivery is messy - and you’re fine with that

What’s in it for you:

• Work that actually matters (not just another internal transformation project no one remembers)
• Training that leads somewhere - certifications, progression, real development
• Clear routes into Principal / Chartered status with the UK Cyber Security Council
• Support for certifications like CISSP, CISM, SABSA, TOGAF, CREST and more

The bottom line:

If your version of cyber security is resetting passwords and suggesting people “try turning it off and on again” - this isn’t your role.

If you want to work on securing systems that actually keep things running - from defence comms to national infrastructure - then we should talk.