Security Assurance Engineer

We’re looking for a Security Assurance Engineer with the ability to see the whole security picture—technology, people, and process. You’ll join a team of experienced cyber specialists, but your role is to step back from the individual technical outputs and assess what they mean for the overall security posture of the service.

Review and analyse security artefacts, test results, assessments, and technical outputs from the cyber teams. Translate that information into clear, evidence-based Security Assurance Reports. Develop, maintain, and communicate security arguments that demonstrate how risks are mitigated and how the service meets required security outcomes. Look beyond technical controls and assess people, process, and governance aspects that contribute to end‑to‑end security. Provide a holistic view of how all elements—technical and non‑technical—impact the security of implemented services. Engage with stakeholders across engineering, delivery, and governance to ensure security assurance is understood and integrated.

• SC Clearance is essential and must have been active within the last 12 months.
• Experience producing structured security assurance documentation, security cases, or security arguments (e.g., using GSN, safety/security case approaches, or similar).
• The ability to interpret diverse security inputs—pen test results, architectural designs, risk assessments, compliance outputs—and turn them into coherent assurance narratives.
• A strong understanding of how organisational processes, behaviours, and controls influence security.
• Excellent written communication skills, with the ability to present complex security information clearly and persuasively.
• Experience in large or complex projects where security needed to be managed holistically (not just at a technical-control level).
• Knowledge of relevant security standards or frameworks (e.g., NCSC, ISO 27001, NIST, etc.) is a plus.