Cyber Security Specialist

UKAEA's mission is to lead the delivery of sustainable fusion energy and maximise scientific and economic impact. The Computing Division underpins this mission by delivering secure, scalable, and innovative digital solutions across scientific computing, modelling, simulation, software engineering, business systems, data acquisition, and core IT services.

Within the Computing Division, the Enterprise Infrastructure Solutions unit is responsible for the design, delivery, and management of centrally supported IT infrastructure and applications. This includes enterprise compute platforms, data networks, UNIX/Linux/Windows environments, cloud services, data centres, commercial software solutions, and end-user support across all UKAEA sites.

The Cyber Security Specialist plays a pivotal role in advancing UKAEA's hybrid digital estate, encompassing enterprise IT, operational technology (OT), and research platforms. This role sits within the Information & Cyber Security Group and provides subject matter expertise in security architecture, cyber risk governance, and assurance frameworks. This is a cross‑functional role with both advisory and hands‑on responsibilities, focusing on security assurance, risk management and supporting architecture reviews, vulnerability management, risk assessments, cyber defence posture, driving technical assurance, and embedding risk‑aligned security controls across IT and OT systems and secure‑by‑design practices. You will work across hybrid environments including cloud, infrastructure, applications, and OT systems. You will be responsible for designing and advising on security architecture patterns, reviewing and maintaining risk registers, leading assurance assessments, and embedding security controls across infrastructure and platforms. You will also guide teams in applying secure‑by‑design principles and support both internal audit and external compliance efforts including Gov Assure, CAF, ISO 27001, and Cyber Essentials (CE and CE+) while supporting the secure operation of core services. The role requires strong stakeholder engagement, technical depth, and a sound understanding of UK‑specific cyber risk frameworks. You will help shape and maintain a secure posture across UKAEA.

A degree in Cybersecurity, Information Technology, or a STEM subject (or equivalent experience).

• Security Assurance certifications such as CCP, SIRA
• Security certifications such as CISSP, SSCP, CISM, CRISC, CCSP, SABSA, or SANS GIAC (GSEC, GCCC, GCPM).
• Demonstrable experience in designing and implementing secure infrastructure or cloud architectures.
• Proven experience with risk assessment methodologies and maintaining enterprise risk registers.
• Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating).
• Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks.
• Experience conducting or supporting security audits and implementing remediation plans.
• Proficiency in assessing and securing platforms such as Entra ID (Azure AD), Microsoft 365 E5, Azure IaaS/PaaS, Windows/Linux/Unix.
• Strong knowledge of security tooling such as SIEM, endpoint detection (EDR/XDR), and vulnerability management platforms.
• Hands‑on experience with policy development, access control models (RBAC, ABAC), and logging standards.
• Experience supporting assurance activities or government‑mandated reviews (e.g. GovAssure, Secure by Design).
• Ability to interpret CVEs, CVSS scores, and threat intelligence feeds.
• Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non‑specialists.
• Excellent written and verbal communication skills with the ability to present to senior stakeholders.
• Eligible for national security vetting to SC level.

• Experience working in a regulated or government environment, particularly within research, energy, or national infrastructure.
• Knowledge of Incident Management, Vulnerability Assessments, SIEM & SOC Systems.
• Knowledge of OT / IC/ SCADA security principles and industrial control environments.
• Experience designing or reviewing secure software supply chain and CI/CD security.
• Practical experience in Zero Trust implementation and Cloud Security Posture Management (CSPM).
• Exposure to cloud and hybrid security frameworks, including Azure Defender, Entra ID, and Microsoft 365 compliance tools.

Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.