Cyber Security Engineer

Job Title: Cyber Security Engineer

Location: Trim Co. Meath Ireland

Start Date: 01/06/2026

Contract Duration: Initial term of 12 months with the possibility of successive 12-month extensions allowing for a total duration of up to 5 years.

Hybrid Model: Weekly 3 days Onsite 2 days Remote (Hybrid)

Client Overview

The Client is an independent statutory body established to improve the delivery of education services to persons with special educational needs with a particular emphasis on children. The CLIENT delivers services through its national network of Special Educational Needs Organisers who interact with parents schools and the HSE to coordinate resources and supports.

CLIENTs remit includes:

Providing advice and information on special education to parents and schools

Allocating supports and coordinating local service delivery

Conducting research into special education and

Advising the Minister for Education on special education policy.

Role Overview

CLIENT seeks a qualified Cyber Security Engineer to strengthen cyber resilience meet EU regulatory obligations and support secure delivery of ICT services across on-premises and cloud environments. The engagement must align with the NIS2 Directive risk-management measures (including incident reporting and supply-chain security) applicable to public administration and other regulated sectors.

Mandatory Requirements (Pass / Fail): Candidates MUST meet ALL of the following:

Experience

Require the equivalent of 7 years of relevant experience

Availability

Must be available to start from 01/06/26

English Language Proficiency (MANDATORY):

Native English speaker OR

CEFR C2 Proficiency/Mastery (or equivalent)

If there is no certificate fluency will be assessed at presentation stage

Key Deliverable:

The following non-exhaustive list of Key Deliverables are applicable to this Role.

Background & Objectives

CLIENT seeks a qualified Cyber Security Engineer to strengthen cyber resilience meet EU regulatory obligations and support secure delivery of ICT services across on-premises and cloud environments. The engagement must align with the NIS2 Directive risk-management measures (including incident reporting and supply-chain security) applicable to public administration and other regulated sectors.

Primary objective: design implement and operate technical and organizational security controls that satisfy ISO/IEC 27001:2022 (Annex A controls) the security of processing requirements in GDPR Article 32 and provide traceable mapping to recognized control catalogues (e.g. NIST SP 800-53 Rev. 5).

Develop a Cyber Security Policy for CLIENT.

Complete a full cyber security evaluation of all CLIENT systems and provide comprehensive recommendations.

Scope of Services

Security Engineering & Architecture

Engineer and maintain controls across IAM endpoint protection network segmentation/zero trust vulnerability & patch management logging/monitoring backup/restore and secure configurationmapped to ISO/IEC 27001:2022 Annex A (93 controls) and NIST SP 800-53 Rev. 5 families.

Implement the new ISO 27001:2022 controls where applicable (e.g. threat intelligence cloud use ICT continuity readiness configuration management data deletion/masking DLP monitoring activities web filtering secure coding).

Apply architecture and operational safeguards to meet GDPR Art. 32encryption/pseudonymisation CIA resilience timely restoration and periodic effectiveness testing.

Detection Incident Response & Reporting

Establish and operate incident response procedures consistent with NIS2 (cooperation with national CSIRTs/competent authorities statutory reporting of significant incidents) and supported by control families in NIST SP 800-53 (IR AU SI).

Vulnerability & Patch Management

Run continuous vulnerability identification risk-based prioritization and remediation across OS applications and cloud/infrastructure; integrate with configuration/change management (ISO A.8.9; NIST CM/SI families).

Supply-Chain Security

Ø Conduct cybersecurity due diligence on direct suppliers/MSPs enforce minimum control baselines in contracts (including incident cooperation and audit rights) and manage supplier risksreflecting NIS2 emphasis on supply-chain security.

Cloud & Data Protection

Ø Secure the use of cloud services per ISO 27001:2022 A.5.23 and implement GDPR Art. 32 safeguards for personal data (encryption at rest/in transit key management tested backup/restore resilience).

Documentation & Assurance

Ø Maintain Statement of Applicability (SoA) risk register system security plans runbooks architectures test evidence metrics and audit trails mapped to ISO 27001:2022 and NIST SP 800-53; support internal/external audits and regulatory reviews.

Deliverables

1. Security Architecture & Control Catalogue

Target-state designs and control mappings to ISO/IEC 27001:2022 Annex A (93) and NIST SP 800-53; data flows trust boundaries baselines and exceptions.

2. Operational Playbooks

Incident response vulnerability/patch change & configuration access reviews backup/restore monitoring & alerting supplier due diligence and cloud security playbooks aligned to NIS2 expectations.

3. Compliance Pack

Updated SoA; evidence for GDPR Art. 32 safeguards; NIS2 readiness overview (risk-management measures incident procedures supplier controls.

4. Security Metrics & Reports (Monthly/Quarterly)

KPIs: MTTR patch SLA conformance vulnerabilities by severity/age phishing/testing outcomes control effectiveness supplier findings incident metrics.

5. Training & Awareness

Role-based technical training aligned to the European Cybersecurity Skills Framework (ECSF) and/or NICE (for well-defined work roles tasks knowledge skills).

Requirements

Key Experience/Competencies/Skillsets:

The following Experience/Competencies/Skillsets are applicable to this Role.

Technical Experience

Tenderers must demonstrate that the named Cloud Developer has:

Ø Standards & Frameworks:

NIS2 Directive: implement applicable risk-management measures (governance incident reporting supply-chain security business continuity) and cooperate with national CSIRTs/competent authorities.

ISO/IEC 27001:2022: ISMS Clauses 410 and Annex A control implementation/evidence. GDPR Article 32: risk-appropriate technical and organizational measures for security of processing.

NIST SP 800-53 Rev. 5: use as a reference catalogue for control design mapping and assurance (where helpful for auditability).

ECSF: use for role/competency alignment and skills development tracking

Additionally the following are required:

Hands-on security engineering/operations in public sector or regulated EU environments with ISO/IEC 27001:2022 control implementation and GDPR Art. 32 safeguards. 5 years of experience is desirable here.

Demonstrable experience producing mappings to NIS2 risk-management measures and NIST SP 800-53 controls.