340 Information Security jobs in the United Kingdom

Product Security Architect

Permanent role

Based in Bristol

Offering circa 80,000

Do you have experience in Security Infrastructure?

Do you have experience in Secure by Design?

Do you want to work with an industry-leading company?

If your answers are yes to these, then this could be the role for you!

As the Product Security Architect, you will be working alongside a market-leading Defence and Aerospace company who are constantly growing and developing. They are always looking to bring on new talents such as yourself and further develop your skills to enable you to grow within the company and industry!

Some of what you will be involved in:

• Identify security requirements and ensure the integration of security controls during the product development lifecycle
• Develop and implement risk management strategies
• Perform security threat modelling and risk assessments applying security controls to mitigate any threats identified
• Collaborate with the development teams to ensure the adoption of Secure by Design principles
• Identify security risks that arise from potential solution architectures, advising and assuring alternate solutions or counter-measures to mitigate identified information risks.
• Collaborate with the product development teams to integrate security best practices ensuring Secure by Design
• Identify and mitigate security vulnerabilities and risks in products
• Develop and maintain security guidelines, documentation, and training materials
• Participate in incident response and remediation efforts for security breaches affecting products

Your skillset may include:

• Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139)
• An understanding of MOD ISN 23/09 Secure by Design
• Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP
• Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST 800-30, NIST 800-53)

If this all sounds like something you will be interested in then simply apply and we can discuss the opportunity further!

Product Security Architect

Permanent role

Based in Bristol

Offering circa 80,000

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.

Principal Cyber Security Incident Response Analyst

60,000 - 70,000

Full Time / Permanent

West Midlands / Hybrid (1-2 days a month in the office ideally)

The Role

I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands.

As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response.

We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average.

Responsibilities:

• Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development.
• Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators.
• Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds.
• Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities.
• Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making.

Experience required:

• Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity.
• Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises.
• Proven leadership in incident response within SOC settings.
• Deep understanding of the cyber threat landscape, attack vectors, and detection techniques.
• Proficient in cybersecurity tools, regulations, and compliance standards.
• Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences.

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Network Security Engineer (SEA – Security Engineering Authority, Firewall, Checkpoint, Juniper, F5)

6 Month Contract

West Midlands (Hybrid)

£(Apply online only)/day (Outside IR35)

SEA – Security Engineering Authority Senior Network Security Designer/ Lead Engineer needed with active SC Security Clearance Firewall Specialist .                            6 Month Contract based in Warwick (Hybrid). Start ASAP in September/October.

Network Security Lead Engineer / Security Engineering Authority SEA (Firewall Specialist – Checkpoint, Juniper, F5, Bluecoat)

The vast majority of work is expected to be remote. There may be occasional travel to customer sites to Data Centres in West/South England. Once or twice a month on average.

Working with a global IT Consultancy on large-scale network solutions projects for a Telecoms end client.

Key skills, experience + tasks will include:

• Technical Ownership of a Telecoms end client's Network Security Infrastructure estate, processes, documentation + lifecycle management .
li>Design of customer networks including input into High-Level and Low-Level design (HLD/LLD).
• Network Security Engineer / Security Engineering Authority SEA (Firewall Specialist – Checkpoint, Juniper, F5, Bluecoat)
< i>Acting as the technical point of contact for all Network Security related projects, changes and modifications, including firewall rules base.
• Point of escalation and link to vendor support for Network Security infrastructure incidents.
• Technical Environment: Strong experience Checkpoint, Juniper, Bluecoat, F5 , Cisco networking, Cisco IPT / QoS / 802.1x, switches, wireless, Inflobox DNS, SSL VPN, DMVPN, IPsec, WAN, routing protocols.
• Technical support, change management (physical/remote), customer inventory management, EOL, hardware, software.
• Ensures designs and implementations comply with enterprise security policies, standards, and regulatory requirements.
• SC Security Clearance is essential for this contract.

Senior Vulnerability Analyst

50,000 - 57,000 + bonus and extensive benefits

Full Time / Permanent

West Midlands / Hybrid - 1-2 days a month in the office on average

The Role and Company:

I am looking for a driven Senior Vulnerability Analyst to join a large nationally recognised brand head quartered in the West Midlands.

As a Senior Vulnerability Analyst you will be joining a highly skilled Cyber Defence team. As a key part if this team you will manage threats to the organisation and safeguard systems that enable the business to function safely and effectively.

We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average.

Responsibilities:

• Conducting regular vulnerability assessments using automated scanning tools, manual testing techniques, and security best practices to identify vulnerabilities in systems, networks, and applications
• Managing the lifecycle of vulnerabilities from discovery to remediation, including vulnerability triage, prioritisation, tracking, and reporting
• Analysing the impact and severity of identified vulnerabilities based on factors such as the likelihood of exploitation, potential impact on the organisation, and existing security controls
• Collaborating with system administrators, developers, and other stakeholders to develop and implement effective remediation plans to address identified vulnerabilities in a timely manner
• Working closely with IT teams to ensure that security patches and updates are applied promptly to mitigate known vulnerabilities and reduce the organisation's exposure to security risks
• Generating detailed vulnerability assessment reports, including findings, recommendations, and risk assessments, to communicate the status of vulnerabilities to management and stakeholders
• Providing guidance and training to employees on best practices for identifying and reporting security vulnerabilities, promoting a culture of security awareness within the organisation

Experience required:

• Previous experience in a similar Vulnerability Management role preferably with experience in Operational Technology (OT)
• Skilled in cyber security, physical security, and risk management principles
• Excellent analytical and investigative skills
• Strong knowledge of the hardware and software systems in use across both IT and OT domains and the architectural arrangements in place to support management and operation of systems
• Ability to adapt to evolving threat landscapes
• Effective communication, critical thinking and problem-solving skills
• Must either hold SC clearance already or be eligible to obtain this if successful

Please apply via the link or contact (url removed) for more information

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

The Information Security Analyst will play a critical role in safeguarding the organisation's systems and data, ensuring compliance with security policies and regulations. Based in Hatfield, this role is ideal for individuals passionate about the life science industry and technology.

Client Details

The hiring company is a medium-sized organisation operating within the life science industry, with a focus on innovation and excellence in its field. The company is known for its commitment to leveraging technology to drive forward its mission.

Description

• Implement and maintain ISMS aligning with ISO27001
• Ensure security controls are in-place based on ISO27001 and NIST
• As the regional security representative in the global Security / Technology project
• Lead / execute phishing campaign
• Conduct vulnerability assessments and implement measures to mitigate potential risks.
• Involve in global security operations process, analysis and escalate security alerts / tickets from global SOC team
• Maintain and update security policies, standards, and procedures in alignment with industry regulations.
• Collaborate with cross-functional teams to ensure secure system designs and implementations.
• Provide training and support to staff to enhance security awareness across the organisation.

Profile

• Practical experience and understanding of ISO27001
• Familiar with NIST and GDPR is preferred
• Solid experience in threat, risk and vulnerabilities management process
• Experience with security tools such as SIEM, intrusion detection systems, and endpoint protection.
• Strong analytical and problem-solving skills.
• Hold at least one security related professional certification is desirable

Job Offer

• 24 days of holiday leave
• Performance-based bonus of up to 10%.
• Pension scheme with contributions up to 10%.
• Private medical insurance, life assurance, dental cover
• Finance support on professional certifications / memberships

Cyber and Information Security Lead

Bath

75,000 - 85,000

Our client is looking for an ambitious Cyber and Information Security Lead to join their growing SaaS Business. They are seeking a conscientious, personable, and knowledgeable leader, ideally with commercial experience in the public sector. You may already be operating at the CISO level in a small company or have ambitions to reach the next level in your career.

Key Responsibilities:

• Strategy and Compliance: Design and implement a comprehensive security strategy and roadmap, ensuring our security posture meets the requirements of the NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, ISO 27001:2022, and other relevant frameworks.

• Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations.

• Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures.

• Incident Response: Develop, implement, and manage the security incident response plan.

• Leadership: Provide strong leadership and mentorship to the governance, risk, and compliance team.
  

Essential Requirements:

• Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment

• UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and NCSC CAF.

• ISO 27001:2022 implementation & maintenance: Hands-on experience with the successful implementation, certification, and ongoing maintenance of an ISO 27001 Information Security Management System (ISMS), ideally to the 2022 standard.

• Security architecture & Secure by Design: Strong understanding and experience of secure software development lifecycles (SDLC) and embedding security by design into product development processes, along with secure system architecture principles.

• Risk management: Demonstrated expertise in developing, implementing, and managing information security risk management frameworks, including risk assessment methodologies (eg OCTAVE, FAIR).

• Incident response: Proven track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England).

• Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures.

• Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act 2018), NIS Directive, and their practical application within a health tech context.

• Stakeholder management: Excellent communication, influencing, and negotiation skills with the ability to articulate complex security concepts to technical and non-technical stakeholders, including senior leadership, product teams, and external partners.

• Team leadership & mentoring: Proven ability to lead, mentor, and develop a high-performing governance, risk, and compliance (GRC) team.

• Vulnerability management: Experience scoping, overseeing and interpreting the results of vulnerability scanning, penetration testing, and security audits.

Please apply for more details

Information Security Manager

Location: London, Hybrid
Salary: Up to 75,000

Reports to: Head of Cyber Security

A well regarded Managed Service Provider is seeking an experienced Information Security Manager to join its team on a permanent basis. This role offers the opportunity to lead and deliver strategic security initiatives across a varied client base, with a strong focus on governance, risk, and compliance.

The successful candidate will have a proven background within an MSP or MSSP environment, hold CISSP certification, and demonstrate deep expertise in GRC frameworks, particularly ISO27001. Experience acting as a virtual Chief Information Security Officer (vCISO) is essential.

This business has made significant investment into its SOC-as-a-Service offering, positioning itself at the forefront of managed security solutions and enabling clients to benefit from cutting-edge threat detection and response capabilities.

Key Responsibilities:

• Serve as a vCISO for clients, providing strategic guidance on security posture and compliance
• Lead the development and implementation of security policies, procedures, and controls
• Manage ISO27001 compliance, including internal and external audits
• Conduct risk assessments and oversee incident response planning
• Collaborate with technical teams to ensure security is embedded across services
• Advise on regulatory requirements and emerging threats

Candidate Profile:

• Extensive experience in information security within an MSP or MSSP
• CISSP certified
• Strong working knowledge of GRC frameworks, including ISO27001
• Demonstrated experience in a vCISO capacity
• Excellent stakeholder engagement and communication skills
• Ability to lead complex security programmes across multiple environments

This role offers flexible working arrangements (hybrid), exposure to a wide range of industries and technologies, and the chance to join a collaborative team within a forward-thinking MSP committed to professional development.

Only candidates with the right to work in the UK will be considered .

London - Hybrid

Paying up to 75,000, depending on experience.

Incident Response Analyst

Permanent - 52k - 57k + strong benefits

Location: Hybrid - South Wales

Your new company

I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback.

Your new role

This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role:

• Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents.
• Investigate alerts and suspicious activity to determine if an incident has occurred.
• Contain affected systems and networks to prevent the incident from spreading.
• Implement temporary measures to mitigate the impact of the incident.
• Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
• Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
• Document and report incidents to the incident response team and other relevant stakeholders.
• Stay informed about emerging cyber threats and vulnerabilities.

What you'll need to succeed

• Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans.
• Proven experience operating in a SOC or a related cyber security role.
• In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Excellent communication and interpersonal skills.
• Ability to obtain UK Security Clearance

What you'll get in return

• Salary of between 52k-57k
• Hybrid working 2/3 days in South Wales per week
• Possible bonus
• 5% pension contribution from you, the company pays 10%
• Enhanced pay for parental leave
• And more!

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Information Security & Compliance Lead

Chesterfield

50,000 to 60,000+ Excellent Benefits

Your new company

Hays Technology are recruiting for an Information Security & Compliance Lead to join a large public sector organisation based in the Chesterfield area. You will be reporting to the Head of Digital, Data & Technology. This is a new role to establish and make your own.

Your new role

In your new role, you will be responsible for ensuring the security and protection of the organisation's information systems, networks, and data, whilst playing a critical role in developing and implementing information security strategies, policies, and procedures to safeguard the organisation's digital assets and mitigating potential risks.
You will oversee information security, compliance, and risk management practices based on industry-accepted information security and risk management frameworks, whilst establishing and maintaining an incident response plan, including incident detection, response, investigation, and resolution, to minimise the impact of security incidents.

What you'll need to succeed

• Demonstrable experience of implementing and maintaining information security frameworks e.g. ISO27001 within a medium/large sized public sector organisation
• Solid stakeholder management and mentoring skills
• Information Security,Cyber Security, Assurance and vulnerability management would be ideal
• Comprehensive knowledge of Information Security Management Systems with the ability to scope, design, and implement such systems
• Strong ICT infrastructure, application, and cloud technical skills would be advantageous
• Evidenced knowledge and understanding of ISO(phone number removed), ITIL, and Prince 2 management practices
• Ability to lead the workforce, increasing their skills and knowledge in relation to information security

What you'll get in return

This exciting position is paying between 50,000 and 60,000 and offers an excellent work life balance including: generous annual leave, hybrid working, a public sector employer contribution pension scheme, flexibility, training, and development opportunities.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)