Cyber Security Engineer- 6 Month Contract- Inside IR35- Hybrid in London

Cyber Security Engineer - 6 Month Contract- Inside IR35- Hybrid in London

Rate: £500 per day Inside IR35
Location: Hybrid in London

Role Overview:

We are looking for a Cyber Security Engineer to join on a contract basis, operating as the senior hands-on secure engineer and principal authority on threat modelling, control validation, and security evidence across a CIS Controls v8.1 IG3 programme. The role combines senior cyber architect and SME responsibilities, validating every delivery activity from requirements capture through architecture, build, testing, live validation, and operational handover to BAU.

Key Responsibilities:

• Operate as senior cyber engineer across the full programme life cycle, authoring threat models, control intent statements, and security architecture - chairing Security Council reviews at architecture stage gates and approving detailed security designs before build commences
• Break down every programme activity through a cyber security lens, defining and evidencing Definition-of-Done acceptance criteria at every stage gate from requirements through to BAU handover
• Lead security testing, penetration testing, control validation, and evidence pack creation at the test stage gate, revalidating the threat model and signing off that security architecture is proven by test evidence
• Configure and validate operational controls, manage monitoring tuning, alert calibration, and IR playbook readiness at deployment and hyper-care stages, establishing KRI baselines
• Liaise directly with external assurance providers on threat-model defensibility, control effectiveness, and evidence chain across the full CIS Controls v8.1 IG3 scope

What You Will Ideally Bring:

• 12+ years cyber engineering and security architecture experience at enterprise scale, with 5+ years hands-on security design and validation - operating as both design authority and hands-on implementer
• Expert threat modelling at scale using STRIDE, MITRE ATT&CK, and OWASP, with direct experience across CIS Controls v8.1, NIST CSF, and ISO 27001/27002 frameworks
• Hands-on penetration testing and security testing track record, with proficiency across the full tech stack including CrowdStrike, Microsoft Sentinel, Qualys, Semgrep, Snyk, Burp Suite, and Akamai WAF
• Proven DevSecOps practice with security gates Embedded in CI/CD, end-to-end Agile delivery, and executive-grade stakeholder engagement including CISO, Security Council, and external assurance bodies
• Essential certifications: CISSP plus one of CISM/CISA/CCSP/SABSA/CRISC, and one penetration testing certification (OSCP, GIAC GPEN, or CEH)