technology, enterprise risk or compliance field to join our cybersecurity team. This role provides strategic coordination across information security functions, ensuring strong inter-team collaboration, operational efficiency, and risk management for diverse national security programs. The ISSO will work with a small team to solve problems and explore new technologies to support client needs onsite. The ISSO will advise … s responsibilities include, but are not limited to: Implement and maintain a Continuous Monitoring program aligned with RMF and NIST SP 800-137 guidelines. Conduct regular security assessments and vulnerability scans of information systems. Monitor security controls and their effectiveness in real-time . Analyze security-related information to identify trends and potential threats. Prepare and maintain documentation for … verbal communication skills. Ability to work effectively in a team environment and collaborate with various stakeholders. Experience with Splunk. Strong understanding of network security principles, system hardening techniques, and vulnerability management. Experience with vulnerability scanning tools and security logging/monitoring. Preferred Qualifications: CISSP certification. An Active DoD Top Secret Clearance. Familiarity with Federal information security regulations and More ❯
compute and storage infrastructures, delivering efficiency through automation, and ensuring scalability, flexibility, and compliance. Responsibilities • System administration tasks for Windows Server 2022 and RHEL 8 including regular platform upgrades, vulnerabilitymanagement, troubleshooting, automation with native scripting languages, performance management, application inventory and administration, and compliance to regulatory baselines. • Development and execution of deployments using infrastructure-as-code … of SSL certificates and associated infrastructure and domains. • Manage and test data backups and disaster recovery policies. • Active Directory • Manage human and system identity lifecycles including onboarding, offboarding, role management, just-in-time privilege escalation, and regular access reviews. • Implement, update, and regulate group policy and identities in Active Directory and Azure EntraID in conjunction with the Enterprise Access More ❯
resource management. Review Azure Monitor analytics and Azure portal logs to identify and remediate subscription and resource issues. Manage containerized workloads using Docker and Azure Container Registries for image management and deployment. Implement automated monitoring, logging, and alerting systems using Azure Monitor, Log Analytics, and Application Insights. Collaborate with development and engineering teams to ensure seamless integration of applications … administering DevSecOps tools, including GitHub Advanced Security (CodeQL, Dependabot, SBOM), GitHub Workflows, and Visual Studio Code/Enterprise. Experience with security tools such as Trellix, Invicti, and Anchore for vulnerabilitymanagement and compliance. Strong Windows Server administration skills, including troubleshooting SCCM issues and client-side domain joins. Familiarity with Linux (Ubuntu) administration for server and appliance management. Proficiency … of SQL integration in Azure environments. Familiarity with Infrastructure-as-Code tools (e.g., Terraform, Bicep) and configuration management. Experience with helpdesk support, including ticket ownership, problem resolution, and incident management using Remedy or similar ticketing systems. Knowledge of cloud security principles, including identity management, network security, and compliance frameworks (e.g., NIST 800-53, DoD STIGs). Understanding of More ❯
supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking. Job information: Functional title - VP, IT Security Risk Department - Security Governance and Risk Management Corporate level - Vice President Report to - Director of Security Location - London, onsite 2 days per week About the role The individual will be part of the security function that … provide evaluation and treatment options, consultation on remediation approaches to address gaps and continue ongoing monitoring of remediation, re-assess until reduced to an acceptable level. Supporting Cybersecurity Risk Management strategies based on security findings and observations. Including informing improvements to organizational cybersecurity risk management processes, procedures and activities are identified across all security functions Profile and assign … to mitigate risks. Excellent verbal and written communication skills to convey complex technical information clearly and effectively. Presenting data insights to non-technical stakeholders Strong understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Knowledge of vulnerabilitymanagement and incident management practices. Experience with GRC tools and best practices. RSA More ❯
CISSP, CISM, CISA, CRISC, or CGEIT. Proven experience in leading IT cyber security teams, with a strong emphasis on operational security and incident response. Extensive knowledge of IT risk management, threat intelligence, IAM and vulnerability management. Familiarity with key regulatory and compliance frameworks, including ISO 27001, GDPR, NIST, and CyberEssentials. Ability to articulate complex technical risks in clear More ❯
CISSP, CISM, CISA, CRISC, or CGEIT. Proven experience in leading IT cyber security teams, with a strong emphasis on operational security and incident response. Extensive knowledge of IT risk management, threat intelligence, IAM and vulnerability management. Familiarity with key regulatory and compliance frameworks, including ISO 27001, GDPR, NIST, and CyberEssentials. Ability to articulate complex technical risks in clear More ❯
Yorkshire and the Humber, United Kingdom Hybrid / WFH Options
Harvey Nash
CISSP, CISM, CISA, CRISC, or CGEIT. Proven experience in leading IT cyber security teams, with a strong emphasis on operational security and incident response. Extensive knowledge of IT risk management, threat intelligence, IAM and vulnerability management. Familiarity with key regulatory and compliance frameworks, including ISO 27001, GDPR, NIST, and CyberEssentials. Ability to articulate complex technical risks in clear More ❯
Security related incidents and events investigation and response as required. Work with cross-functional teams to respond to incidents - be they an escalated security event or remediating a critical vulnerability - when the need arises Contribute effectively to the establishment and maintenance of the IT Security knowledge base, documenting clear instructions and known fixes. Work on IT security projects as … SC-200, AZ-500, SC-900. Cloud native security solutions such as GuardDuty and the Microsoft Defender suite of products Content Delivery Networks and Web Application Firewalls. Experience with vulnerabilitymanagement A broad technical knowledge of server, endpoint, and networking hardware and related security configurations. Experience with EDR/EPP software, deployment, and configuration A strong technical knowledge More ❯
external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices. VulnerabilityManagement: Proactively identify, assess, and remediate security vulnerabilities to maintain the integrity and confidentiality of our customer data. Security Automation: Automate security processes and procedures to enhance efficiency … practices. Secure Design: Collaborate with development teams to ensure that web and mobile front-ends, as well as microservice architectures, are designed with robust security measures in mind. Risk Management and Compliance: Assist teams in ensuring that products and services are secure by design, align with the organisation's risk appetite, and comply with all relevant group standards, policies … knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption, signing and digital certificates, Principles of securing mobile applications and More ❯
requirements, such as: Working with AWS Cloud Infrastructure team to secure our cloud infrastructure Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions … CompTIA Network+ ISO 27001 Foundation or Practitioner AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerabilitymanagement practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with More ❯
incidents, conducting thorough investigations and mitigating threats; produce comprehensive incident reports, including root cause analysis and recommendations for future prevention; work closely with other cybersecurity teams, including threat intelligence, vulnerabilitymanagement, and risk assessment. Minimum Qualifications: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience) or 8570 compliant certifications 1+ year More ❯
improvement for ISO-27001 and Cyber Essentials compliance. Ensure adherence to security standards, policies, and procedures, including external audits. Key Technologies: Strong knowledge of M365 security tools (Defender, Azure) VulnerabilityManagement, Web Filtering, DLP, Cloudflare, Firewalls, VPN, PKI, DNS, Email Gateways, Security Audits, ISO27001, Azure DevOps, Mitre Attack Framework, ITIL, Microsoft OS, Exchange Online To succeed, you should More ❯
Evolver Federal is seeking a Cybersecurity Risk Management Analyst - Component Level to support its Federal client in Springfield, VA in managing all aspects of cybersecurity risk and compliance including, but not limited to developing and maintaining processes and tools, being the primary point person in stakeholder engagement and communication, developing and facilitating FISMA metrics and reporting, and supporting all … aspects of the client's security authorization and compliance processes. The successful candidate will have previous experience leveraging their in-depth working knowledge of NIST 800-37 (Risk Management Framework (RMF) and NIST 800-53 Rev 5, as well as previous experience developing and maintaining cybersecurity policies and procedures and reporting on FISMA metrics. Responsibilities Prepare and maintain security … recommendations for enhancing Cybersecurity Policies, Coordinate, schedule, develop agendas, and facilitate meetings with all levels of government and contractor stakeholders. Ensure testing of common controls aligns with the Risk Management Framework (RMF) and DHS 4300 policy. Recommend updates to DHS 4300 policies, attachments, memos, and cybersecurity directives. Develop and manage RMF-related processes, procedures, and documentation templates. Prepare executive More ❯
Basingstoke, Hampshire, South East, United Kingdom Hybrid / WFH Options
Southern Communications Ltd
days in the office and 2 days from home) Key Tasks: Security assessments:?Create and perform security assessments and threat models Security standards:?Develop,implement&maintainsecurity standards and plans VulnerabilityManagement:?Research weaknesses and find ways to counter them Security incident response:?Respond to attack vectors and security incidents, and coordinate incident response across teams Security software testing:?Test company software … improvements on a continuous basis? Help develop platforms and tools to automate and improve security posture across the group Skills and Competencies Required: Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, EDR/XDR, mail filtering and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation … rules, and administration of SIEMpreferred Should haveexpertiseon TCP/IP network traffic and event log analysis Network Troubleshooting skillsrequired. Knowledge and hands-on experience in penetration testing/vulnerability scanning, security tools like tenable Nessus, kaliLinux Knowledge of ITIL disciplines such as Incident, Problem and Change Management Experience of infrastructure design and management in mission critical environments More ❯
Operate within a global team that takes responsibility for the security monitoring of key technologies and tools across the estate Lead and manage a team of Security Analysts & the Vulnerabilitymanagement team Comfortable operating in a technical capacity performing hands-on incident response and supporting/managing SOC analysts Act as a SME in matters related threat and … vulnerabilitymanagement incl incident response Understand security incidents and the likely impact these will have on the business Define and report on KPIs with recommendations for improvement Identify security risks, threats and vulnerabilities of the company's network, systems, applications and new technology initiatives Implement and maintain operating run books, operating processes and procedures Help to develop and … configure use cases, and alerting rules within SIEM technologies Mange the vulnerabilitymanagement programme that includes vulnerability scanning, security testing, threat monitoring and data loss and leakage prevention Direct on-going threat intelligence activities Mentor and develop security analysts Skills: Prior experience working/managing a SOC Demonstrable experience and operational knowledge of SIEM, firewalls, intrusion detection More ❯
Rate: Negotiated during the final interview Position Description: We are seeking a highly skilled Information Systems Security Engineer (ISSE) to provide cybersecurity support as a member of a Risk Management Framework (RMF) Team. The candidate should possess an expert knowledge of RMF/Authority to Operate (ATO) package requirements and eMASS. The ISSE will support the Information System Security … and maintain RMF ATO requirements within the customer's complex network infrastructure, spanning multiple platforms, networks and security enclaves. Job requirements (minimum): RMF and A&A Support: Provide Risk Management Framework (RMF) and Assessment and Authorization (A&A) support, including developing and maintaining systems' Authority to Operate (ATO) package documentation. ATO documentation includes but is not limited to Hardware … to effectively determine risk. POA&M Development and Maintenance: Develop and maintain approved Plan of Action and Milestone (POA&M) items via eMASS and ensure alignment with organizational requirements. VulnerabilityManagement: Ensure traceability of all vulnerabilities from raw assessment results to approved POA&M items. Additionally, the candidate must possess the ability to review all technical and procedural More ❯
Bethesda, Maryland, United States Hybrid / WFH Options
Leidos
technologies and industry best practices to ensure that security is integrated into system design, development, testing, and deployment and that all security requirements are compliant with the DoD Risk Management Framework. This exciting and challenging work will help you expand your capabilities in security and will provide you with the skills and experience you need to achieve additional levels … and database scanning infrastructure (application/product updates, database maintenance, benchmark/audit files, application/server builds, rule pack/content updates, scanner, or agent deployment etc.) Analyze vulnerability scans and ensure timely mitigation or acceptance of risks based on DoD policies. Provide technical input to support and maintain system authorization. Participate in system reviews, architecture assessments, and … Associate is not acceptable Developer experience is preferred in a least one scripting/programming language. Experience with reviewing cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified systems, network, application and database vulnerabilities Ability to architect, design, troubleshoot, maintain, and deploy vulnerability scanning solutions such as (OWASP, Fortify, Sonarqube More ❯
Liverpool, Lancashire, United Kingdom Hybrid / WFH Options
B&M Retail Limited
of operational resilience. About the role: Reporting to the Head of Information Security Risk & Assurance, the ISBP plays a central role in embedding information security, business continuity, and risk management across our organisation.You'll support a broad range of stakeholders across the following business units:Retail Operations -Supply Chain & Logistics -Support Centre. Your responsibilities will include: Business continuity & incident … security risk & assurance Promoting security governance across business units Managing risk registers and facilitating quarterly risk reviews Coordinating audits, assessments, and compliance checks Supporting third-party due diligence and vulnerability remediation You'll work closely with internal teams including Operations, IT, Legal, Risk, Audit, Procurement, and Compliance - helping to ensure that security is embedded in our processes and partnerships. … continuity and disaster recovery Hands-on experience with security risk assessments, audits, and incident response Familiarity with key standards and regulations (e.g. ISO 27001, PCI DSS, GDPR) Excellent stakeholder management and communication skills And desirable would be: Certifications such as CISSP, CISM, CRISC, CBCI, or ISO 27001 Lead Auditor Experience in the retail, e-commerce, or supply chain sector More ❯
London, Tower, United Kingdom Hybrid / WFH Options
Skillcast
security operations, drive compliance efforts, and strengthen our cloud and infrastructure defenses. As a Cyber Security Manager you will play a key role in managing security incidents, audits, and vulnerability programs, while mentoring junior team members and helping shape the future of cybersecurity at Skillcast. Key Responsibilities: - Coordinate SOC 2, ISO 27001, and Cyber Essentials audits – including documentation, evidence … management, gap analysis, and communication with auditors - Administer and enhance Azure Sentinel SIEM – including data source configuration, detection rule creation, incident triage, and reporting - Oversee vulnerability scanning, prioritisation, stakeholder coordination, and remediation tracking - Implement and manage security controls across Azure and Kubernetes environments, ensuring scalable and secure architecture - Work closely with DevOps to embed security in CI/… experience in cybersecurity and IT infrastructure roles - Hands-on experience with Azure, Kubernetes/Docker, and CI/CD security practices - Proficient in SIEM platforms (especially Azure Sentinel) and vulnerabilitymanagement tools - Strong knowledge of incident response, infrastructure hardening, and cloud security controls - Familiarity with SOC 2, ISO 27001, Cyber Essentials, and NIST frameworks - Experience with core security More ❯
City of London, London, England, United Kingdom Hybrid / WFH Options
Skillcast
security operations, drive compliance efforts, and strengthen our cloud and infrastructure defenses. As a Cyber Security Manager you will play a key role in managing security incidents, audits, and vulnerability programs, while mentoring junior team members and helping shape the future of cybersecurity at Skillcast. Key Responsibilities: - Coordinate SOC 2, ISO 27001, and Cyber Essentials audits – including documentation, evidence … management, gap analysis, and communication with auditors - Administer and enhance Azure Sentinel SIEM – including data source configuration, detection rule creation, incident triage, and reporting - Oversee vulnerability scanning, prioritisation, stakeholder coordination, and remediation tracking - Implement and manage security controls across Azure and Kubernetes environments, ensuring scalable and secure architecture - Work closely with DevOps to embed security in CI/… experience in cybersecurity and IT infrastructure roles - Hands-on experience with Azure, Kubernetes/Docker, and CI/CD security practices - Proficient in SIEM platforms (especially Azure Sentinel) and vulnerabilitymanagement tools - Strong knowledge of incident response, infrastructure hardening, and cloud security controls - Familiarity with SOC 2, ISO 27001, Cyber Essentials, and NIST frameworks - Experience with core security More ❯
CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerabilitymanagement, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and More ❯
CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerabilitymanagement, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and More ❯
CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerabilitymanagement, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and More ❯
CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerabilitymanagement, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and More ❯
CISSP, CISM, CISA or an MSc in cyber security or a related discipline. Practical experience across various areas of cyber security, such as cyber architecture, cyber GRC, cyber threat management, vulnerabilitymanagement, cyber security reviews. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and More ❯