151 to 175 of 179 NCSC Jobs in the UK

aligning security controls to ISO 27001, NIST CSF, ONR, and UK Gov standards Gap Analysis and Compliance: Produce audit-ready evidence, manage ONR requirements, and ensure ongoing alignment with NCSC and NPSA guidance Cloud Security Architecture: Secure and optimise Azure and M365 environments across IaaS, PaaS, and SaaS services Microsoft Security Stack: Deliver and support enterprise use of Defender, Purview … alliances), providing clear reporting and advice to senior management and regulatory bodies Health Checks and Testing: Scope and coordinate ITHC (IT Health Checks) and vulnerability management programmes to meet NCSC and regulatory expectations Policy and Documentation: Author and maintain security policies, standards, and Integrated Management System (IMS) documentation Knowledge, Skills and Experience - Essential - Established cyber security credentials with demonstrable experience More ❯

system architectures for MOD platforms, applications, and networks Ensure alignment with relevant standards and frameworks including; NIST SP 800-53, ISO 27001, JSP 440, DEF STAN 05-138, and NCSC guidance Produce and maintain security documentation including; Security Architecture Documents, Security Risk Assessments, and Security Management Plans Lead and support secure design reviews and contribute to engineering assurance gates Liaise … with security stakeholders (MOD, NCSC etc.), Information Assurance teams, and other stakeholders to support security assurance processes Collaborate with engineering and development teams to ensure security requirements are met from the outset Keep up to date of evolving threat landscapes and propose mitigations aligned with system requirements Your skillset may include: Proven experience in cyber security architecture within a defence More ❯

system architectures for MOD platforms, applications, and networks Ensure alignment with relevant standards and frameworks including; NIST SP 800-53, ISO 27001, JSP 440, DEF STAN 05-138, and NCSC guidance Produce and maintain security documentation including; Security Architecture Documents, Security Risk Assessments, and Security Management Plans Lead and support secure design reviews and contribute to engineering assurance gates Liaise … with security stakeholders (MOD, NCSC etc.), Information Assurance teams, and other stakeholders to support security assurance processes Collaborate with engineering and development teams to ensure security requirements are met from the outset Keep up to date of evolving threat landscapes and propose mitigations aligned with system requirements Your skillset may include: Proven experience in cyber security architecture within a defence More ❯

the Synoptix Cyber security capability. Skills Required: Essential: Knowledge of Secure by Design principles Experience in system security engineering, ideally in defence, space, or critical infrastructure Familiarity with MOD, NCSC, and ISO standards (e.g. ISO 27001/2, NIST 800-series, JSP 604) Competence in requirements engineering and systems thinking Practical experience with security in software and/or system … development environments Effective communication and report-writing skills Ability to work independently as well as collaboratively within multidisciplinary teams Desirable: CISSP, CISM, or relevant NCSC-certified qualifications Experience with model-based systems engineering (MBSE) Experience supporting formal security assurance processes Understanding of space system architectures or satellite communications DevSecOps awareness or experience with security automation Benefits: Annual Company Bonus More ❯

an understanding of Government Functional Standards e.g. GovS 007. • Knowledge of security control (and maturity) frameworks e.g. NIST (e.g. CSMA, CSF), CIS, ISO 27000 series, CSA Cloud Controls Matrix, NCSC CAF, and an understanding of the types and functions of security controls. • An understanding of hypothetical attack paths, familiarity with NIST CSF tools and able to use it for gap … analysis. • Understands Data Flow Diagrams (DFD) and trust boundaries and is able to create one using information provided about an environment. • Familiar with the functions of relevant authorities e.g. NCSC, NPSA. • An understanding of Vulnerability Management, Red Teaming, and Breach and Attack Simulation or experience of working within an Active Defence discipline. Experience looking for: • All internal based projects. Backlog More ❯

Edge DNS, App & API Protector) to protect classified infrastructure. Using your expertise in compliance and cloud security, you will ensure alignment with their Digital Strategy, JSP 440/604, NCSC, ISO27001, and NIS2 standards to safeguard mission-critical operations. This is a pivotal opportunity to secure advanced defence systems and drive compliance for national security priorities. Key Responsibilities Design and … and API protection. Secure cloud-based HPC workloads (e.g., AWS Nitro Enclaves, Azure Confidential Computing) and related systems in classified/STRAP-level environments. Drive cyber security certifications (e.g., NCSC Cyber Essentials Plus, ISO27001, NIS2) to meet MOD compliance and operational requirements. Conduct risk assessments and audits for HPC and system infrastructure, implementing zero-trust models, encryption, and access controls. … and optimise Akamai Edge tools (e.g., EdgeWorkers, Bot Manager) to protect defence APIs and data flows. Provide technical briefings to senior defence stakeholders on HPC security and compliance. Leverage NCSC and UKIC intelligence to mitigate emerging cyber threats to HPC and defence systems. Mentor technical teams to embed secure practices in HPC and system operations. What We are Looking For More ❯

Expert on AWS Cloud across the project Portfolio. This role ensures that all Law Enforcement cloud-based services are designed, implemented, and managed in alignment with industry best practices, NCSC security principles, and government security requirements. Key Responsibilities . Define and implement security capabilities and governance across the platform. . Ensure compliance with the National Law Enforcement Data Portfolio Integrated … Team Security Guardians, driving continuous security improvement. . Prioritize and direct responses to Security Hub findings, vulnerabilities, and risks. . Assess and monitor systems for compliance with ISO27001, BS10008, NCSC CAF, and other mandated frameworks. . Identify and address security control weaknesses and risks, contributing to technical security innovation. . Run forums to review technical security proposals with Product Teams. … With a track record and proven skills in Amazon Web Services Public Cloud Platform. . Experience implementing Secure by Design strategies in cloud environments. . Familiarity with ISO27001, BS10008, NCSC CAF, and related security standards. . Proven ability to lead security design reviews and provide technical security guidance. . Excellent communication and stakeholder management skills. Desirable Skills . Experience in More ❯

attacks and espionage. At GCHQ you'll do varied and fascinating work in a supportive and inclusive environment that puts the emphasis on teamwork. The National Cyber Security Centre (NCSC), part of GCHQ, is the UK Government's lead authority on cyber security. The organisation is at the heart of the Government's cyber security strategy and has the aim … of making the UK the safest place to live and work online. The NCSC collaborates with partners across defence, industry and the broader intelligence community to support our work. We're currently looking for Lead and Senior Cyber Security Experts to join our team at the NCSC. In this role, you'll work alongside technical specialists who explore the core … meaningful outcomes. Understanding how technical decisions affect both individuals and organisations is central to the way we approach problem-solving. GCHQ competencies As part of the selection process, the NCSC will assess you using competencies aligned with those used across the UK Intelligence Community. These are closely based on the Civil Service Behaviours, so if you're familiar with those More ❯

an understanding of Government Functional Standards e.g. GovS 007. Knowledge of security control (and maturity) frameworks e.g. NIST (e.g. CSMA, CSF), CIS, ISO 27000 series, CSA Cloud Controls Matrix, NCSC CAF, and an understanding of the types and functions of security controls. An understanding of hypothetical attack paths, familiarity with NIST CSF tools and able to use it for gap … analysis. Understands Data Flow Diagrams (DFD) and trust boundaries and is able to create one using information provided about an environment. Familiar with the functions of relevant authorities e.g. NCSC, NPSA. An understanding of Vulnerability Management, Red Teaming, and Breach and Attack Simulation or experience of working within an Active Defence discipline. Security Requirements: SC This role will require you More ❯

an understanding of Government Functional Standards e.g. GovS 007. Knowledge of security control (and maturity) frameworks e.g. NIST (e.g. CSMA, CSF), CIS, ISO 27000 series, CSA Cloud Controls Matrix, NCSC CAF, and an understanding of the types and functions of security controls. An understanding of hypothetical attack paths, familiarity with NIST CSF tools and able to use it for gap … analysis. Understands Data Flow Diagrams (DFD) and trust boundaries and is able to create one using information provided about an environment. Familiar with the functions of relevant authorities e.g. NCSC, NPSA. An understanding of Vulnerability Management, Red Teaming, and Breach and Attack Simulation or experience of working within an Active Defence discipline. Security Requirements: SC This role will require you More ❯

driving innovation and resilience in highly sensitive, classified environments. Key Responsibilities Develop and lead a comprehensive enterprise architecture strategy aligned with MOD's Digital Strategy, Defence Digital objectives, and NCSC guidelines. Design secure, scalable architectures for classified systems, including STRAP-level environments, adhering to JSP 440/604 policies. Oversee the integration of emerging technologies (e.g., AI/ML, secure … Forces Command, Defence Digital) on architecture roadmaps and solutions. Mentor and build high-performing architecture teams to support long-term MOD objectives. Stay ahead of global tech trends, leveraging NCSC and GCHQ insights to future-proof MOD architectures. What We are Looking For Active DV or eDV clearance (essential; must be current and verifiable). 10+ years in senior IT … or equivalent). Deep expertise in secure cloud platforms (AWS, Azure, GovCloud), zero-trust architecture, AI integration, and DevSecOps. Strong knowledge of MOD frameworks (e.g., JSP 440/604, NCSC guidelines, MODAF, TOGAF). Professional certifications (e.g., TOGAF 9.2, CISSP, AWS Solutions Architect, ITIL) highly desirable. Exceptional strategic thinking and stakeholder engagement skills, with experience briefing military leadership and senior More ❯

driving innovation and resilience in highly sensitive, classified environments. Key Responsibilities Develop and lead a comprehensive enterprise architecture strategy aligned with MOD's Digital Strategy, Defence Digital objectives, and NCSC guidelines. Design secure, scalable architectures for classified systems, including STRAP-level environments, adhering to JSP 440/604 policies. Oversee the integration of emerging technologies (e.g., AI/ML, secure … Forces Command, Defence Digital) on architecture roadmaps and solutions. Mentor and build high-performing architecture teams to support long-term MOD objectives. Stay ahead of global tech trends, leveraging NCSC and GCHQ insights to future-proof MOD architectures. What We are Looking For Active DV or eDV clearance (essential; must be current and verifiable). 10+ years in senior IT … or equivalent). Deep expertise in secure cloud platforms (AWS, Azure, GovCloud), zero-trust architecture, AI integration, and DevSecOps. Strong knowledge of MOD frameworks (e.g., JSP 440/604, NCSC guidelines, MODAF, TOGAF). Professional certifications (e.g., TOGAF 9.2, CISSP, AWS Solutions Architect, ITIL) highly desirable. Exceptional strategic thinking and stakeholder engagement skills, with experience briefing military leadership and senior More ❯

Microsoft 365 security—leveraging Purview, Conditional Access, MFA—to safeguard modern workplaces. Ensure compliance with GDPR (DPA 2018), Cyber Essentials (Basic & Plus), and ISO 27001, supported by frameworks like NCSC and NIST. Operate around cybersecurity fundamentals: CIA (Confidentiality, Integrity, Availability), proactive threat prevention, and rapid incident response About You You’re naturally aligned with MSP-style work, deeply familiar with … designing and delivering compliance aligned services across GDPR, Cyber Essentials, ISO 27001. Proficient in using Microsoft 365 security stack: Purview, Defender, Conditional Access, MFA. Fluent in cybersecurity frameworks (CIA, NCSC, NIST) and modern threat prevention approaches. Why Curveball Make a real impact: You’ll lead the cybersecurity footprint across clients and services. True partnership: We treat clients like collaborators, not More ❯

value. Enhance Microsoft 365 securityleveraging Purview, Conditional Access, MFAto safeguard modern workplaces. Ensure compliance with GDPR (DPA 2018), Cyber Essentials (Basic & Plus), and ISO 27001, supported by frameworks like NCSC and NIST. Operate around cybersecurity fundamentals: CIA (Confidentiality, Integrity, Availability), proactive threat prevention, and rapid incident response About You You're naturally aligned with MSP-style work, deeply familiar with … designing and delivering compliance aligned services across GDPR, Cyber Essentials, ISO 27001. Proficient in using Microsoft 365 security stack: Purview, Defender, Conditional Access, MFA. Fluent in cybersecurity frameworks (CIA, NCSC, NIST) and modern threat prevention approaches. Why Curveball Make a real impact : You'll lead the cybersecurity footprint across clients and services. True partnership : We treat clients like collaborators, not More ❯

the platform. Embed security requirements and stage gates within the Programme Governance cycle. Lead security design consultations for existing and new systems to ensure alignment with industry standards and NCSC principles. Provide security guidance and approvals in Technical Working Groups and change forums. Act as Technical Security Lead for Product Team Security Guardians, driving continuous security improvement. Prioritise and direct … responses to Security Hub findings, vulnerabilities, and risks. Assess and monitor systems for compliance with ISO27001, BS10008, NCSC CAF, and other mandated frameworks. Identify and address security control weaknesses and risks, contributing to technical security innovation. Run forums to review technical security proposals with Product Teams. Attend Security Working Groups and Tenant Forums to provide and lead on ongoing technical … best practices. With a track record and proven skills in Amazon Web Services Public Cloud Platform. Experience implementing Secure by Design strategies in cloud environments. Familiarity with ISO27001, BS10008, NCSC CAF, and related security standards. Proven ability to lead security design reviews and provide technical security guidance. Excellent communication and stakeholder management skills. Desirable: Experience in government or policing environments. More ❯

IR35 paying £575 per day, remote working. Key Responsibilities Embed security requirements and stage gates within the Programme Governance cycle. Assess and monitor systems for compliance with ISO27001, BS10008, NCSC CAF, and other mandated frameworks. Essential Skills & Experience Strong knowledge of cloud security principles, frameworks, and best practices. With a track record and proven skills in Amazon Web Services Public … Cloud Platform. Experience implementing Secure by Design strategies in cloud environments. Familiarity with ISO27001, BS10008, NCSC CAF, and related security standards. Proven ability to lead security design reviews and provide technical security guidance. Excellent communication and stakeholder management skills. If you have the above experience and are looking for a new contract role please send your CV for immediate consideration More ❯

day, remote working. Must be SC cleared Key Responsibilities Embed security requirements and stage gates within the Programme Governance cycle. Assess and monitor systems for compliance with ISO27001, BS10008, NCSC CAF, and other mandated frameworks. Essential Skills & Experience Strong knowledge of cloud security principles, frameworks, and best practices. With a track record and proven skills in Amazon Web Services Public … Cloud Platform. Experience implementing Secure by Design strategies in cloud environments. Familiarity with ISO27001, BS10008, NCSC CAF, and related security standards. Proven ability to lead security design reviews and provide technical security guidance. Excellent communication and stakeholder management skills. If you have the above experience and are looking for a new contract role please send your CV for immediate consideration More ❯

operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit: Contribute to security audits (e.g. SOC Type II, NCSC CAF, ISO 27001) and ensure compliance with regulations and standards. Continuous Improvement: Automate event monitoring, detection, and response. Enhance alert use cases and log correlation processes to adapt to evolving … CISSP, AZ-500, GIAC/GCIA/GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO/IEC 27001/27002, GDPR, CIS, NIST). Practical knowledge of SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, web/email filtering, behavioural analytics More ❯

operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit: Contribute to security audits (e.g. SOC Type II, NCSC CAF, ISO 27001) and ensure compliance with regulations and standards. Continuous Improvement: Automate event monitoring, detection, and response. Enhance alert use cases and log correlation processes to adapt to evolving … CISSP, AZ-500, GIAC/GCIA/GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO/IEC 27001/27002, GDPR, CIS, NIST). Practical knowledge of SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, web/email filtering, behavioural analytics More ❯

operations. Security Tools Support: Support the implementation, maintenance, and configuration of security tools and systems for prevention, detection, and response. Audit: Contribute to security audits (e.g. SOC Type II, NCSC CAF, ISO 27001) and ensure compliance with regulations and standards. Continuous Improvement: Automate event monitoring, detection, and response. Enhance alert use cases and log correlation processes to adapt to evolving … CISSP, AZ-500, GIAC/GCIA/GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO/IEC 27001/27002, GDPR, CIS, NIST). Practical knowledge of SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, web/email filtering, behavioural analytics More ❯

security assurance frameworks. Experience engaging with customers during audits and RFP/RFI processes, showcasing security-driven solutions. Familiarity with regulatory frameworks such as NIST CSF, GDPR, and UK NCSC guidance. Experience liaising with external auditors and certification bodies. Skills: Exceptional documentation and evidence collection capabilities. Strong communication skills to articulate technical assurance challenges to leadership and customers. Analytical and … maintaincertifications such as ISO/IEC 27001, SOC 2 Type II, Cyber Essentials Plus, and CREST accreditation. Manage sector-specific frameworks, like PCI DSS for payment card data and NCSC CIR/CHECK for secure operations. Proactively identify compliance gaps and ensure certifications are renewed on schedule. Assurance for SOC Operations: Embed certification requirements into SOC processes and everyday governance. More ❯

system for complex products and high integrity electronic systems in accordance with customer, regulatory and legislative expectations. Familiarity with current Legislation - eg IPA, DPA, Official Secrets Act. Registration with NCSC Certified Professional at lead level, or equivalent NCSC recognised qualification. Knowledge of UK/NATO Information Assurance standards, procedures & systems, including HMG Security Policy Framework, ISO security standards, DO326A. Familiarity … with incident investigation processes and knowledge of how to implement an investigation process. Practical experience of NCSC and Common Criteria security evaluation techniques and requirements up to High Grade. Knowledge of current Crypto technologies, Key Management Systems & practical COMSEC implementations. Ideally a background in design implementation of high integrity complex electronics, such as Software design to DO178C, Complex Electronics hardware More ❯

an understanding of Government Functional Standards e.g. GovS 007 Knowledge of security control (and maturity) frameworks e.g. NIST (e.g. CSMA, CSF), CIS, ISO 27000 series, CSA Cloud Controls Matrix, NCSC CAF, and an understanding of the types and functions of security controls Familiar with the functions of relevant authorities e.g. NCSC, NPSA Relevant IT degree or industry recognised certification Relevant More ❯

Conditions are met. This will involve liaising and co-ordinating with security authorities including Ministry of Defence Police (MDP), the Defence Nuclear Organisation (DNO), the National Cyber Security Centre (NCSC) and the UK Security & Vetting provider (UKSV).The Security Director will identify, develop, implement and maintain security processes, practices, and policies throughout AWE to reduce risks, respond to incidents and More ❯

governance, processes, and operational practices Ensure continuous monitoring, evidence collection, and audit readiness for internal and external assessments Monitor developments in global cybersecurity regulations and frameworks (NIST CSF, UK NCSC guidance, EU NIS2, GDPR) Oversee sector-specific assurance requirements, including PCI DSS and NCSC CIR/CHECK, where applicable Provide expert advice to leadership on regulatory changes impacting SOC assurance … Strong understanding of SOC operations and security assurance frameworks Experience in customer-facing assurance activities, including audits, RFIs, and RFPs In-depth knowledge of NIST CSF, GDPR, and UK NCSC guidance Experience liaising with external auditors, regulators, and certification bodies Strong ability to develop and maintain compliance documentation and audit evidence Proven organisational skills managing multiple certifications and assurance projects More ❯