UK Research and Innovation Salary: £45,272 to £56,844 per annum dependent on skills and experience (this may include allowances) Hours: Full time Contract Type: Open ended Location: Polaris House, Swindon or Keyworth, Nottingham (Hybrid working available) Closing Date: Monday 21st April 2025 Security As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. The level of clearance required is security check About us The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI's business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system. Purpose This post provides a rare opportunity for an experienced information security professional to step into a fast-paced security operations role in an organisation at the heart of research and innovation in the UK. Working as part of a team of technical specialists, and to the Cloud Information Security Risk Manager, your broad remit is to ensure the security and integrity of the organisation's IT infrastructure. This role involves working closely with development, operations, architecture and security teams to implement and maintain secure systems and protocols, monitor for security threats, respond to incidents, and continuously improve the security posture. Main outputs and activities Implement security controls for cloud infrastructures (AWS and Azure). Develop and engineer cloud security policies, ensuring proactive threat prevention, detection, and forensic analysis. Implement security solutions for containerised environments and microservices (e.g., Kubernetes, Docker). Build and maintain security at every point in the CI/CD pipeline. Build and integrate security solutions into DevSecOps pipelines, collaborating with UKRI teams. Perform cloud threat modelling and implement countermeasures. Assess third-party cloud and on-premises solutions for security risks and recommend mitigations. Design and enforce cloud security policies, standards, and best practices. Monitor security compliance and ensure adherence throughout the project lifecycle and in business as usual cloud services. Monitor and respond to security incidents and alerts. Shortlisting criteria (S) - Assessed at shortlisting (I) - Assessed at interview (S&I) - Assessed at both shortlisting and interview Applicants will be able to demonstrate skills in line with the monitoring and response lead roles using the Government Security Profession career framework. Essential: A professional certification (e.g., CISM, CISSP, CompTIA Security, CCSP or AWS certification) (S) Degree in a related subject or relevant comparable education.(S) Experience in major multi-cloud platforms, including AWS, and cloud security. (S&I) Integrating and maintaining security into CI/CD pipelines. (I) Hands on experience with container security (Kubernetes, ECS, Docker). (S&I) Working with Linux and/or Windows operating systems. (S) Experience working in a blue-team type environment or role. (S) Experience of cloud security posture management tools. (S) Performing comprehensive security audits and risk assessments (S&I) Desirable: (optional) Experience of working in a Public Sector Organisation. (S) Experience with a wide range of security technologies in a complex R&D environment. (S&I) Programming and scripting in PowerShell, Python and other languages. (S&I) Ability to assess and mitigate security risks. (I) Excellent communication skills to collaborate with other teams and stakeholders. (I) Strong analytical and problem-solving skills. (I) Behaviours We'll assess you against these behaviours during the selection process at Grade SEO: Managing a quality service Changing and improving Delivering at pace Seeing the Big Picture Selection process details We know different organisations use different processes, so we wanted you to know what to expect from us. Stage 0 - Pre-application If you would like to find out more about the role we encourage prospective applicants to get in touch with us to discuss the opportunity. Stage 1 - Written Submission Candidates will need to submit a written application which consists of 2 parts: A CV - this should contain your work experience and any skills, qualifications and accomplishments relevant to the jobs you have completed based on the shortlisting criteria. A personal statement (max. 1000 words) - this statement should be used to provide examples of how you meet the essential criteria listed in the shortlisting criteria. Applications will be reviewed for suitability and shortlisted against the criteria detailed in the shortlisting criteria section of the job description. Stage 2 - Interview Applicants who are successful at stage 1 will be invited to interview. The interview will generally be 1 hour in length. The interview will consist of competency-based questions. A presentation may be required, dependant on the role. Stage 3 - Outcome The panel outcome is decided and the successful candidate will be offered verbally first, followed by a formal offer letter. About UK Research and Innovation (UKRI) UKRI launched in April 2018, UKRI is a non-departmental public body sponsored by the Department for Science, Innovation and Technology (DSIT). Our organisation brings together the seven disciplinary research councils, Research England, which is responsible for supporting research and knowledge exchange at higher education institutions in England, and the UK's innovation agency, Innovate UK. Together we build an independent organisation with a strong voice and vision to ensure the UK maintains its world-leading position in research and innovation. More information can be found at www.ukri.org. Choosing to come to work at UKRI means that you will have access to a whole host of benefits from a defined benefit pension scheme, excellent holiday entitlement, access to employee shopping/travel discounts and salary sacrifice cycle to work scheme. For more details, visit Benefits of working for UK Research and Innovation (UKRI). The role holder will be required to have the appropriate level of security screening/vetting required for the role. UKRI reserves the right to run or re-run security clearance as required during the course of employment. How we support EDI in the workforce At UKRI, we believe that everyone has a right to be treated with dignity and respect, and to be provided with equal opportunities to thrive and succeed in an environment that enables them to do so. We also value diversity of thought and experience within inclusive groups, organisations and the wider community. For further information, please visit ' How we support EDI in the workforce '. Disability Confident Employer As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy/ies. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. How to apply Online applications only preferred for this role. Please submit a CV and covering letter which clearly outlines how you fulfil the criteria specified along with your motivation for UKRI and the role. Ensure that the job reference number is included in the filename description of each document uploaded. Note that failure to address the above criteria or submit an application without a covering letter may result in the application not being considered. Assessment will only be based upon the content of your submitted covering letter and CV and not the 'experience' section of the application. UKRI seeks to ensure it creates and maintains a system of openness, fairness and inclusion - a collaborative, trusted environment, which is attractive to and accessible to everyone who is interested in developing their career with us. Additional Information Organisation: UKRI - Digital Data and Technology Contract Type: Open Ended External Closing Date: Apr 21, 2025 Minimum Salary: Pound Sterling (GBP) 45,272 Hours: Full-time