Cyber Security Consultant - #2079126

Senior Cybersecurity SME / Consultant

Location: Sheffield (3 days per week onsite)

Contract: Long-Term Contract

IR35 Status: Inside IR35

Start Date: ASAP

Overview

We are seeking an experienced Senior Cybersecurity SME / Consultant to join a global Engineering Excellence and Enablement function. This role will focus on assessing, improving, and driving cybersecurity maturity across engineering platforms, ensuring build systems, developer tooling, CI/CD pipelines, and runtime environments are secure by design.

Working closely with engineering leaders, platform owners, and cybersecurity stakeholders, you will define security standards, conduct maturity assessments, develop strategic roadmaps, and embed security best practices across a large-scale enterprise environment.

This is a highly visible role requiring a blend of technical depth, consulting capability, stakeholder management, and strategic influence.

Key Responsibilities

Security Frameworks & Assessments

• Develop and maintain cybersecurity maturity frameworks for engineering platforms.
• Conduct comprehensive security assessments across build systems, CI/CD pipelines, runtime infrastructure, and developer tooling.
• Perform threat modelling, risk assessments, and gap analysis to identify vulnerabilities and systemic risks.
• Benchmark platform security maturity and provide recommendations for continuous improvement.

Engineering Platform Security

• Define and implement secure engineering patterns and reference architectures.
• Establish security baselines and controls through policy-as-code and automation.
• Partner with engineering and platform teams to improve access controls, configuration management, and artifact security.
• Drive adoption of secure software supply chain practices including SBOM, provenance, code signing, and artifact integrity controls.
• Support integration of security tooling and controls throughout the software development lifecycle.

Roadmap Development & Security Enablement

• Prioritise security improvements based on business risk, regulatory requirements, and operational impact.
• Build actionable security roadmaps with platform owners and engineering leaders.
• Support implementation of scalable security solutions and best practices across engineering platforms.
• Drive secure-by-design principles throughout engineering delivery processes.

Stakeholder Engagement & Governance

• Act as a trusted advisor to senior technology and cybersecurity stakeholders.
• Present security maturity findings, risk posture updates, and remediation strategies to governance forums.
• Influence engineering teams and platform owners to adopt consistent security standards and controls.
• Translate technical security risks into meaningful business outcomes and recommendations.

Continuous Improvement

• Measure and report platform maturity improvements through defined metrics and KPIs.
• Continuously evolve frameworks and controls in response to emerging threats and regulatory expectations.
• Promote a culture of security awareness, collaboration, and engineering excellence.

Required Skills & Experience

• Extensive experience in Cybersecurity, Security Architecture, DevSecOps, or Platform Security within large-scale enterprise environments.
• Strong understanding of engineering platforms including CI/CD systems, build tooling, artifact repositories, runtime infrastructure, and developer environments.
• Proven experience implementing DevSecOps practices and integrating security controls into software delivery pipelines.
• Deep knowledge of:
• Application Security
• Supply Chain Security
• Service Mesh Technologies
• Cryptography
• Network Security
• Vulnerability Management
• Risk Management
• Hands-on experience conducting threat modelling, security assessments, and security maturity reviews.
• Experience designing and implementing cybersecurity frameworks, maturity models, and transformation roadmaps.
• Strong stakeholder management and consulting skills with the ability to influence senior technical and business leaders.
• Excellent communication and presentation skills.

Desirable Skills

• CISSP, CISM, CCSP, CCSK, or equivalent security certifications.
• Experience with AWS, Azure, and/or GCP security.
• Knowledge of Kubernetes, container security, and cloud-native platforms.
• Experience within Financial Services or other highly regulated industries.
• Familiarity with:
• SLSA
• Software Supply Chain Security
• SBOM
• Secure Developer Platforms
• Engineering Excellence initiatives

What You'll Bring

• Strong consulting and advisory capability.
• Ability to balance strategic security objectives with practical implementation.
• Experience operating within complex, global technology organisations.
• A collaborative approach to driving security improvements across distributed engineering teams.
• Passion for secure-by-design engineering and continuous improvement.