Lead Security Assurance Engineer
Job Description
hackajob is collaborating with Made Tech to connect them with exceptional professionals for this role.
Are you the right candidate for this opportunity Make sure to read the full description below.
Made Tech helps UK government and public sector organisations build better digital services — and security is central to that mission. As a Lead Security Assurance Engineer in our Cyber practice, you'll be the most senior security assurance voice on client engagements, setting the technical direction for how organisations identify, assess, and respond to security risk. You'll work across complex government programmes where the stakes are real: services that affect citizens, systems that hold sensitive data, and teams that need to move quickly without cutting corners.
This isn't a role where you sit at the edge of delivery reviewing outputs. You'll be embedded in multidisciplinary teams, shaping how security assurance is woven into everyday engineering work — from threat modelling at design time to control testing in production. You'll build trusted relationships with client security teams, senior stakeholders, and government security communities, translating between technical findings and the risk decisions that senior leaders need to make. You'll bring the judgement to know when a full ISO 27001 governance programme is appropriate and when a lighter-weight approach serves the engagement better.
At Lead level, your impact extends beyond the immediate team. You'll establish assurance frameworks and standards across engagements, grow the security capability of the people around you — colleagues and client staff alike — and contribute to how Made Tech's Cyber practice develops as a community. If you're someone who builds capability rather than gatekeeping decisions, who treats security as an engineering concern rather than a compliance exercise, and who cares about leaving client teams genuinely stronger than you found them, this role is for you.
Key Responsibilities
- Own end-to-end assurance across engagements. Establish risk-based assurance frameworks, coordinate audit programmes, and maintain living evidence of control effectiveness — feeding findings into vulnerability management backlogs and governance reporting rather than treating audits as point-in-time events.
Skills, Knowledge & ExpertiseEssential
- Hold one of the following — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) — or an equivalent senior audit and assurance credential.
Desirable
The following would strengthen your application. We don't expect every candidate to bring all of these.
Certifications
- Certified in Risk and Information Systems Control (CRISC)
Capabilities and experience
- Experience establishing and operating vulnerability management programmes at organisational scale — including risk-based prioritisation using EPSS, KEV, and asset criticality, and managing remediation across multiple delivery teams
Tooling and practice familiarity
- Familiarity with structured threat modelling approaches — STRIDE, MITRE ATT&CK, attack trees — and experience embedding these into agile delivery ceremonies
Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you don't yet hold the listed credentials but are actively working toward them, or can demonstrate equivalent capability through your experience, we'd still welcome your application.
Job Benefits
We are always listening to our growing teams and evolving the benefits available to our people. As we scale, as do our benefits and we are scaling quickly. We've recently introduced a flexible benefit platform which includes a Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. We're also big on connection and have an optional social and wellbeing calendar of events for all employees to join should they choose to.
Here are some of our most popular benefits listed below:
30 days Holiday
- we offer 30 days of paid annual leave
Flexible Working Hours
- we are flexible with what hours you work
Flexible Parental Leave
- we offer flexible parental leave options
Remote Working
- we offer part time remote working for all our staff
Paid counselling
- we offer paid counselling as well as financial and legal advice
At this point, we hope you're feeling excited about Made Tech and the job opportunity. Get in touch with our
talent team
if you'd like an informal chat about the role and your suitability before applying. We are hiring for this role directly, so will not respond to any CVs sent via external recruitment agencies.
SC Eligibility An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. As a result, we're looking for all successful candidates for this role to have eligibility.
Eligibility for SC requires 5 years' UK residency and 5 year' employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC, we won't be able to progress your application and we will contact you to let you know why.
Support in applying
If you need this job description in another format, or other support in applying, please email
.
We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. We're collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us.
When you apply, we'll put you in touch with a member of our talent team who can help with any needs or adjustments we may need to make to help with your application. We've put together
this blog
as a resource to share more about reasonable adjustments and some examples of what this could include. xxuwjjq We also welcome any feedback on how we can improve the experience for future candidates.