Security Assurance Contractor

Warminster
3 weeks ago
Create job alert

Active SC clearance required

Location: Warminster (50% Home working, 50% onsite)

Duration: 3 month initial contract (potential extension)

Inside IR35

Role details:

Our client, a notable entity within the Defence & Security sector, is seeking a seasoned Security Contractor to join their team on a contract basis. The client is located in Warminster and the role will be a split of 50% home working and 50% onsite.

This role supports the OMNIA Security Assurance Lead by carrying out a comprehensive Initial Security Risk Assessment for the MOD CTTP programme-analysing risks, threats, vulnerabilities, architectures and compliance requirements, and producing the formal assessment report. It also supports stakeholder engagement by participating in workshops, coordinating with delivery partners, and helping present the final assessment.

Key Responsibilities:

Working closely with the OMNIA Security Assurance Lead to conduct Initial Security Risk Assessment Report activities in alignment with MOD Secure by Design (ISN2023/09) assurance activities.
Attending workshops and meetings, both in-person and virtually, to review progress and agree on actions against deliverable timelines.
Liaising with OMNIA partner delivery stakeholders to understand the architecture and associated security risks, threats, vulnerabilities, and opportunities within the scope defined by the OMNIA Security Assurance Lead.
Conducting formal Initial Security Risk Assessments using the NIST 800-37 Risk Management Framework and associated guidelines.
Ensuring alignment of security risk assessments to UK Defence policies and standards, such as GovS 007: Security and DEFSTAN norms.
Performing threat modelling and assessment utilising STRIDE-LM and MITRE ATT&CK frameworks, integrating results into risk assessment reports.
Conducting Business Resilience and Single Point of Failure (SPoF) assessments across the supply chain, compiling results in the risk assessment report.
Compiling a comprehensive Initial Security Assessment Report and assisting the presentation to stakeholders.
Maintaining strict security integrity when processing and handling classified information.

Job Requirements:

Experience in conducting Security Risk Assessments for UK classified technical solutions, particularly in Information Security and Risk Management.
Proficiency in delivering against MOD policies and procedures specific to information security.
Experience with the NIST 800-37 Risk Management Framework and other NIST guidelines like 800-30 and 800-53.
Solid understanding and experience with UK Defence security frameworks and relevant policies.
Experience in conducting threat modelling and assessments using frameworks such as MITRE ATT&CK and STRIDE-LM.
Experience in reconciling information security risk against critical asset and service lists.
Ability to prioritise and plan complex work in a fast-paced environment.
Strong report writing skills with the ability to convey technical information to non-technical audiences.

Desirable skills:

A secondary knowledge of the Physical Security field/domain in relation to Information Security and GovS007: Security would be desirable.
Understanding/knowledge of the Cabinet Office Technology Code of Practice (TCoP)
Understanding/knowledge of Army Command Standing Orders (ACSO)
Understanding/knowledge of the Government Service Standards for ACT Services
Understanding of formulating, recording and managing security risk and applying risk methodologies via a security risk register.
Good understanding of a technical domain in addition to existing Information Security Risk Assessment e.g. Network, Cloud, Application, Infrastructure.
Able to insightfully derive security requirements from an established solution.
Experience of delivering MoD Secure by Design operational solutions.
Understanding/experience of waterfall and agile delivery methodologies.
Strong knowledge of system architectures. Able to understand and articulate the impact of vulnerabilities on existing and future designs, systems and how easy or difficult it will be to exploit these vulnerabilities.
If you are an experienced Security Contractor looking to make a significant impact within the Defence & Security sector, we invite you to apply now. Experience the unique challenges and rewards of ensuring security in one of the most dynamic fields

Related Jobs

View all jobs

BIM Manager

OT Architect - DV Cleared

CAFM & Information Manager

Security Assurance Consultant

Cyber Security Consultants - DV Cleared

Director of Operational Technology (OT) & Manufacturing Security

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

Jobs

SOC Analyst Jobs UK 2026: Salaries, Skills & How to Get Hired

Cyber security is one of the UK's fastest-growing career paths — and SOC analyst is where most people begin. It's in high demand, genuinely accessible, and you don't need a degree or years of experience to get started. But knowing what UK employers actually want in 2026 — what they pay, which certs matter, and how to stand out — is a different matter. This guide covers all of it.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.