Rodeo
ResourcesPartnersSign in

Made Tech

Lead Security Engineer

Bristol
£75k – £90k/yr
Posted 1 day ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Lead Security Engineer

Made Tech helps UK government and public sector organisations build better digital services — and security is central to that mission. As a Lead Security Assurance Engineer in our Cyber practice, you'll be the most senior security assurance voice on client engagements, setting the technical direction for how organisations identify, assess, and respond to security risk. You'll work across complex government programmes where the stakes are real: services that affect citizens, systems that hold sensitive data, and teams that need to move quickly without cutting corners.

This isn't a role where you sit at the edge of delivery reviewing outputs. You'll be embedded in multidisciplinary teams, shaping how security assurance is woven into everyday engineering work — from threat modelling at design time to control testing in production. You'll build trusted relationships with client security teams, senior stakeholders, and government security communities, translating between technical findings and the risk decisions that senior leaders need to make. You'll bring the judgement to know when a full ISO 27001 governance programme is appropriate and when a lighter-weight approach serves the engagement better.

At Lead level, your impact extends beyond the immediate team. You'll establish assurance frameworks and standards across engagements, grow the security capability of the people around you — colleagues and client staff alike — and contribute to how Made Tech's Cyber practice develops as a community. If you're someone who builds capability rather than gatekeeping decisions, who treats security as an engineering concern rather than a compliance exercise, and who cares about leaving client teams genuinely stronger than you found them, this role is for you.

Key responsibilities

  • Own end-to-end assurance across engagements. Establish risk-based assurance frameworks, coordinate audit programmes, and maintain living evidence of control effectiveness — feeding findings into vulnerability management backlogs and governance reporting rather than treating audits as point-in-time events.
  • Lead vulnerability management as a programme, not a process. Define the prioritisation framework — drawing on EPSS, KEV, CVSS, and asset criticality — set remediation SLAs, own the risk-acceptance register, negotiate remediation plans with IT operations and product teams, and report programme KPIs (MTTR by severity, backlog age, coverage, recurrence rate) to senior stakeholders.
  • Drive security into the team's normal rhythm. Embed threat modelling, secure code review, SAST, SCA, dependency policy, and container scanning into design and delivery cycles — making security a shared engineering responsibility rather than a specialist handover at the end of a sprint.
  • Navigate UK government security standards with confidence. Apply the NCSC Cyber Assessment Framework, GovAssure, Cyber Essentials, HMG Security Policy Framework, and relevant legislation (UK GDPR, NIS Regulations) proportionately across engagements — framing standards as guardrails that enable safe delivery, not barriers to it. Engage with government security communities and coordinate with departmental security teams.
  • Communicate security risk in terms that drive decisions. Report security posture, audit findings, and vulnerability programme performance to senior client stakeholders — tailoring the frame for the audience, showing trends over time, and structuring reports around the decisions the reader needs to make, not just the findings.
  • Set the standard for incident response and detection readiness. Drive adoption of incident response practices across engagements, own the IR-to-vulnerability-management feedback loop, and coordinate cross-team exercises including known-exploited-vulnerability scramble drills.
  • Grow the people around you. Mentor colleagues across the practice and at client organisations, pair on complex or unfamiliar assurance work, and create structured development opportunities — including for client engineers who may not yet have strong security habits.
  • Contribute to Made Tech's Cyber practice beyond delivery. Shape practice standards, contribute to hiring and calibration, build and share expertise externally, and help grow a security assurance community that raises capability across the organisation.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Skills, knowledge and expertise

Essential

  • Hold one of the following — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) — or an equivalent senior audit and assurance credential.

Desirable

  • Certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), NCSC Certified Cyber Professional (CCP)
  • Capabilities and experience
    • Experience establishing and operating vulnerability management programmes at organisational scale — including risk-based prioritisation using EPSS, KEV, and asset criticality, and managing remediation across multiple delivery teams
    • Evidence of leading compliance programmes against UK government frameworks — GovAssure, CAF, Cyber Essentials, HMG Security Policy Framework — in a complex multi-supplier or multi-team environment
    • Experience conducting or coordinating security audits in UK public sector contexts, including producing formal findings and briefings for senior government stakeholders
    • Working knowledge of exposure management beyond CVE-only approaches — incorporating misconfiguration, identity exposure, and attack-path analysis using cloud-native tooling (AWS Inspector, GuardDuty, Security Hub, or equivalents)
    • Experience assessing and assuring supply chain security — including third-party and vendor risk — and integrating supplier risk into wider assurance and governance programmes
    • Experience building or shaping security assurance capability within a consultancy, programme delivery, or multi-client environment — including growing technical security skills in colleagues and client teams
    • Evidence of acting as a trusted adviser to senior client stakeholders — anchoring security recommendations on client outcomes, challenging briefs constructively, and making security value visible rather than reporting activity
    • Experience setting team ways of working in iterative delivery environments — establishing retrospective cadences, collaborative problem-solving norms, and pairing practices that spread security knowledge across the team
    • Tooling and practice familiarity: Familiarity with structured threat modelling approaches — STRIDE, MITRE ATT&CK, attack trees — and experience embedding these into agile delivery ceremonies; Experience integrating SAST, SCA, dependency scanning, and container security tooling into CI/CD pipelines as part of a shift-left security approach

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you don't yet hold the listed credentials but are actively working toward them, or can demonstrate equivalent capability through your experience, we'd still welcome your application.

Job benefits

We are always listening to our growing teams and evolving the benefits available to our people. As we scale, as do our benefits and we are scaling quickly. We've recently introduced a flexible benefit platform which includes a Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. We’re also big on connection and have an optional social and wellbeing calendar of events for all employees to join should they choose to.

Here are some of our most popular benefits listed below:

  • 30 days Holiday - we offer 30 days of paid annual leave
  • Flexible Working Hours - we are flexible with what hours you work
  • Flexible Parental Leave - we offer flexible parental leave options
  • Remote Working - we offer part time remote working for all our staff
  • Paid counselling - we offer paid counselling as well as financial and legal advice

At this point, we hope you're feeling excited about Made Tech and the job opportunity. Get in touch with our talent team if you’d like an informal chat about the role and your suitability before applying. We are hiring for this role directly, so will not respond to any CVs sent via external recruitment agencies.

SC Eligibility

An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. As a result, we're looking for all successful candidates for this role to have eligibility.

Eligibility for SC requires 5 years' UK residency and 5 year' employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC, we won't be able to progress your application and we will contact you to let you know why.

Support in applying

If you need this job description in another format, or other support in applying, please email talent@madetech.com.

We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. We’re collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us.

When you apply, we’ll put you in touch with a member of our talent team who can help with any needs or adjustments we may need to make to help with your application. We’ve put together this blog as a resource to share more about reasonable adjustments and some examples of what this could include. We also welcome any feedback on how we can improve the experience for future candidates.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Assurance
Vulnerability Management
Risk Assessment
Incident Response
Threat Modelling
Compliance
Audit
Governance
Mentoring
Stakeholder Engagement
Cyber Security
ISO 27001
Cloud Security
Agile Delivery
Technical Direction
Security Frameworks

Location

Bristol, England, United Kingdom

Sign up to applySee more jobs like this