Senior Cyber Security Engineer
| Posting date: | 07 May 2026 |
|---|---|
| Salary: | £49,401 to £59,152 per year |
| Additional salary information: | plus a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly |
| Hours: | Full time |
| Closing date: | 28 May 2026 |
| Location: | Glasgow, Dundee |
| Remote working: | Hybrid - work remotely up to 3 days per week |
| Company: | Scottish Government |
| Job type: | Permanent |
| Job reference: | 3861 |
Summary
Salary - £49,401 - £59,152 (plus a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly)
Location - Dundee or Glasgow
Hours - 35 hours per week
Closing Date - 28th May 2026 at 23:55
Reference - 3861
Employment Type - Permanent
Overview:
Social Security Scotland is seeking a Senior Cyber Security Engineer to help secure the cloud platforms that deliver vital public services. This is a key role in a cloud‑first organisation, working to ensure solutions are secure by design, resilient, and compliant.
The Senior Cyber Security Engineer leads the design, implementation, and assurance of cyber security controls across cloud platforms, applications, and infrastructure. You will translate security policy and risk into practical cloud security solutions, working closely with Architecture, Cloud Engineering, DevOps, and Product teams.
Acting as a technical authority, you will provide hands-on expertise, assurance, and risk-based guidance, embedding security throughout the delivery lifecycle.
GDD Pay Supplement:
This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.
Responsibilities:
The Cyber Security Engineer builds, develops, and configures tooling and processes to be secure. They build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production.
They have experience of operating systems, Networking, PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code.
• Identify, design and develop cyber security solutions across a wide variety of applications and infrastructure
• Lead the implementation of cyber security policy and standards
• Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects
• Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes
• Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards and solutions.
Main Duties:
• Design and deliver secure cloud architectures across IaaS, PaaS, and SaaS environments, embedding security controls aligned to organisational policy and industry best practice.
• Lead the implementation of cyber security standards and controls across cloud platforms, influencing delivery teams and ensuring security is built in from the outset.
• Provide senior cyber security consultancy, including cloud risk assessments, threat modelling, architecture reviews, audits, and contribution to cyber strategy.
• Work closely with Architecture teams to shape secure target architectures and ensure security requirements are reflected in technical designs.
• Lead and enhance cloud security operations, including but not limited to identity and access management, vulnerability management, logging, monitoring, and incident response.
• Design and implement automated security controls and assurance, including policy as code, secure configuration baselines, and continuous compliance.
• Translate security requirements into engineering level guidance, supporting developers and engineers to remediate issues and adopt secure coding and deployment practices.
• Engage with internal and external stakeholders, providing security assurance, clear risk articulation, and support for change associated with security improvements.
• Act as a technical mentor, championing cloud security best practice and supporting the development of engineers and security practitioners.
• Design, review, and implement secure cloud infrastructure using Infrastructure as Code (IaC) tooling, embedding security controls, configuration standards, and policy as code into automated deployment pipelines (e.g. Terraform, CloudFormation), and providing assurance that environments are secure, consistent, and resilient.
Location - Dundee or Glasgow
Hours - 35 hours per week
Closing Date - 28th May 2026 at 23:55
Reference - 3861
Employment Type - Permanent
Overview:
Social Security Scotland is seeking a Senior Cyber Security Engineer to help secure the cloud platforms that deliver vital public services. This is a key role in a cloud‑first organisation, working to ensure solutions are secure by design, resilient, and compliant.
The Senior Cyber Security Engineer leads the design, implementation, and assurance of cyber security controls across cloud platforms, applications, and infrastructure. You will translate security policy and risk into practical cloud security solutions, working closely with Architecture, Cloud Engineering, DevOps, and Product teams.
Acting as a technical authority, you will provide hands-on expertise, assurance, and risk-based guidance, embedding security throughout the delivery lifecycle.
GDD Pay Supplement:
This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.
Responsibilities:
The Cyber Security Engineer builds, develops, and configures tooling and processes to be secure. They build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production.
They have experience of operating systems, Networking, PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code.
• Identify, design and develop cyber security solutions across a wide variety of applications and infrastructure
• Lead the implementation of cyber security policy and standards
• Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects
• Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes
• Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards and solutions.
Main Duties:
• Design and deliver secure cloud architectures across IaaS, PaaS, and SaaS environments, embedding security controls aligned to organisational policy and industry best practice.
• Lead the implementation of cyber security standards and controls across cloud platforms, influencing delivery teams and ensuring security is built in from the outset.
• Provide senior cyber security consultancy, including cloud risk assessments, threat modelling, architecture reviews, audits, and contribution to cyber strategy.
• Work closely with Architecture teams to shape secure target architectures and ensure security requirements are reflected in technical designs.
• Lead and enhance cloud security operations, including but not limited to identity and access management, vulnerability management, logging, monitoring, and incident response.
• Design and implement automated security controls and assurance, including policy as code, secure configuration baselines, and continuous compliance.
• Translate security requirements into engineering level guidance, supporting developers and engineers to remediate issues and adopt secure coding and deployment practices.
• Engage with internal and external stakeholders, providing security assurance, clear risk articulation, and support for change associated with security improvements.
• Act as a technical mentor, championing cloud security best practice and supporting the development of engineers and security practitioners.
• Design, review, and implement secure cloud infrastructure using Infrastructure as Code (IaC) tooling, embedding security controls, configuration standards, and policy as code into automated deployment pipelines (e.g. Terraform, CloudFormation), and providing assurance that environments are secure, consistent, and resilient.