Senior Cyber Security Engineer

Social Security Scotland is seeking a Senior Cyber Security Engineer to help secure the cloud platforms that deliver vital public services. This is a key role in a cloudfirst organisation working to ensure solutions are secure by design resilient and compliant.

The Senior Cyber Security Engineer leads the design implementation and assurance of cyber security controls across cloud platforms applications and infrastructure. You will translate security policy and risk into practical cloud security solutions working closely with Architecture Cloud Engineering DevOps and Product teams.

Acting as a technical authority you will provide hands-on expertise assurance and risk-based guidance embedding security throughout the delivery lifecycle.

Responsibilities

The Cyber Security Engineer builds develops and configures tooling and processes to be secure. They build tooling to support pre-commit Continuous Integration Continuous Deployment through to production.

They have experience of operating systems Networking PKI and Cloud Security tools. They build Secure Configuration Management using Infrastructure as Code.

• Identify design and develop cyber security solutions across a wide variety of applications and infrastructure
• Lead the implementation of cyber security policy and standards
• Provide senior cyber security consultancy services (from risk assessments and audits to strategy development) across a variety of technology projects
• Engage with the Technology Architecture team and support the design of technology solutions and architecture for a variety of projects and programmes
• Engage with a broad range of internal and external stakeholders providing cyber security assurance and managing the change process for the implementation of cyber security strategy standards and solutions.

Main Duties

• Design and deliver secure cloud architectures across IaaS PaaS and SaaS environments embedding security controls aligned to organisational policy and industry best practice.
• Lead the implementation of cyber security standards and controls across cloud platforms influencing delivery teams and ensuring security is built in from the outset.
• Provide senior cyber security consultancy including cloud risk assessments threat modelling architecture reviews audits and contribution to cyber strategy.
• Work closely with Architecture teams to shape secure target architectures and ensure security requirements are reflected in technical designs.
• Lead and enhance cloud security operations including but not limited to identity and access management vulnerability management logging monitoring and incident response.
• Design and implement automated security controls and assurance including policy as code secure configuration baselines and continuous compliance.
• Translate security requirements into engineering level guidance supporting developers and engineers to remediate issues and adopt secure coding and deployment practices.
• Engage with internal and external stakeholders providing security assurance clear risk articulation and support for change associated with security improvements.
• Act as a technical mentor championing cloud security best practice and supporting the development of engineers and security practitioners.
• Design review and implement secure cloud infrastructure using Infrastructure as Code (IaC) tooling embedding security controls configuration standards and policy as code into automated deployment pipelines (e.g. Terraform CloudFormation) and providing assurance that environments are secure consistent and resilient.

Success Profiles
We use an assessment framework called Success Profiles which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here.

For this post the following Success Profile elements will be assessed:

Essential Experience

1. Experience implementing cloud native security controls such as IAM encryption key management logging and monitoring.

2. Experience embedding security across the full delivery lifecycle from early design through to live operations.
   
3. Experience creating or implementing automated security controls and assurance e.g. policy as code configuration compliance or security monitoring rules utilising IaC Tooling
   

Behaviours

• Leadership - Level 3
  

You can find out more about Success Profiles Behaviours here: Success Profiles - Civil Service Behaviours ()

Technical / Professional Skills:
This role is aligned to Senior Cyber Security Engineer withinthe Government Digital Data and Technology Profession.

These skills will be tested during the Technical Assessment if you are successful at sift stage. They will not be assessed at application stage. Please review the following to understand the skill expectations Cyber Security: Operations -

How to Apply
Apply online you must provide a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the experience and behaviours listed in the Success Profiles above.

Artificial Intelligence (AI) tools can be used to support your application but all statements and examples provided must be truthful factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others or generated by artificial intelligence and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.

Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment.

Should a large number of applications be received an initial sift may be conducted using the CV and Supporting Statement on the first Experience criteria.

Candidates who pass the initial sift will have their applications fully assessed.

Candidates who pass the sift will be invited to a competency based interview which will assess the Experience and Behaviours listed above and a Technical Assessment comprising of a short presentationwhich will assess various Technical Skills from within the Cyber Security framework.

Full details of the interview and assessment process will be shared with shortlisted candidates once the sift has been completed.

Please note: there may be a telephone interview prior to the final interview stage.

We aim to provide feedback on request. However if we receive a large number of applications it may not be possible for us to provide specific feedback on your application. We will provide feedback on request to candidates who attend an interview/assessment.

Expected Timeline (subject to change)
Sift week commencing 1st June 2026
Interview week commencing 15th June 2026
Location In Person in either Dundee or Glasgow

Reserve List
In the event that there are more successful candidates than posts available a reserve list will be kept for up to 12 months.

About Us
Social Security Scotland is an Executive Agency of the Scottish Government. Our benefits help people from all walks of life in Scotland. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. We are committed to recruiting a diverse workforce that is representative of the clients we serve. Find more about us here.

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.

As part of the UK Civil Service we uphold the Civil Service Nationality Rules.

Working Pattern
Our standard hours are 35 hours per week and we offer a range of flexible working options depending on the needs of the role. We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location which will be either Glasgow or you have specific questions about the role you are applying for please contact us.

Security Checks
Successful candidates must complete the Baseline Personnel Security Standard (BPSS) before they can be appointed. BPSS is comprised of four main pre-employment checks Identity Right to work Employment History and a Criminal Record check (unspent convictions).

This post also requires the successful candidate to clear additional National Security Vetting clearance (Security Check) before a start date can be offered.

You can find out more about National Security Vetting levels on the UK Government website or read about them in our Candidate Guide.

Equality Statement
Social Security Scotland are committed to equality and inclusion and we aim to recruit a diverse workforce that reflects the population of our nation.

Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process please contact us at .

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Right to Work in the UK
Social Security Scotland is an approved sponsor under the UK Visa and Immigration (UKVI) Skilled Worker route. Please note that UK immigration guidance including skill and salary thresholds and eligible occupations is reviewed regularly and subject to change. If you require visa sponsorship you should check the latest criteria to confirm whether this role meets current requirements before applying. You can find further advice on - Skilled Worker visa: Overview -

GDD Pay Supplement
This post is part of the Government Digital and Data (GDD) profession and currently attracts a 4000 annual GDD pay supplement which is paid monthly. Pay supplements are reviewed regularly.

Further Information
The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade.

Social Security Scotlands recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission

If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioners Recruitment Principles you can make a complaint by contacting Social Security Scotland at in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner.

Find out more about our organisation what we offer staff members and how to apply on our Careers Website.

Read our Candidate Guide for further information on our recruitment and application processes.

If you experience any difficulties accessing our website or completing the online application form please contact the Resourcing Team via .

Apply before 23:55 on 28th May 2026

Contact Name- Resourcing Team
Contact email