Infrastructure Security Engineer

We are looking for an Infrastructure Security Engineer to join our growing team. You will be embedded within client programmes, taking ownership of cyber security risk management across secure, multi-site platform environments.

This is a hands-on security role where you will be the go-to person for establishing security controls, driving continuous assurance, and ensuring compliance with Defence cyber standards. You will work closely with programme security leadership, engineering teams, and wider defence stakeholders to ensure that security is embedded from design through to operation.

As a permanent member of the Consortium X team, you will develop deep expertise across our defence portfolio and may be deployed across multiple client engagements over time.

What You'll Be Doing

Risk Management

• Acting as the security subject matter expert across assigned programmes, providing advice and guidance on all aspects of cyber risk.
• Establishing and maintaining continuous risk management approaches within defined risk appetites, aligned with programme and organisational policy.
• Identifying and communicating current and emerging security threats, including responding to MODCERTs in line with reporting requirements.

Governance and Compliance

• Advising on, approving, and monitoring security controls across systems, including assessments for architectural and design changes.
• Creating and maintaining security artefacts aligned with Defence cyber assurance processes, including the NIST RMF, CSF, and Secure-by-Design frameworks.
• Managing physical, procedural, and personnel security aspects related to system development and operation.
• Representing Consortium X at working groups and CISO stand-ups.
• Balancing business requirements with information and cyber security needs to deliver practical, compliant solutions.

Stakeholder Engagement

• Building and managing relationships with programme teams, Defence Digital, CyDR, and wider assurance stakeholders.
• Translating cyber risks into clear business impacts for non-technical audiences.

Continuous Assurance

• Owning continuous assurance reporting in line with Secure by Design standards.
• Managing system assurance activities, including CHECK IT health checks, 2nd Line Assurance, Cyber Compliance Framework Audits, and driving remediation where required.

Do you have experience in Waterfall?, * Demonstrable experience in a security risk role or working within a Cyber Security Framework such as NIST RMF or CSF.

• Strong knowledge of defence policy and standards, particularly JSP 440, JSP 453, and overarching MOD policy.
• Experience producing Security Management Plans, Security Instructions, and related security documentation.
• Knowledge of Incident Response, Vulnerability Management, and Patch Management processes.
• Experience delivering Risk Assessments, Risk Treatment Plans, and scoping and managing IT health checks and remediation.
• Proven stakeholder management and communication skills, particularly within the MOD or wider Government.
• Strong written and verbal communication skills.
• Strong analytical and critical thinking ability.
• Active SC clearance.
• Competent with the Microsoft Office suite.

Desirable

• Professional registration such as Chartered IT Professional, Chartered Engineer, or Chartered Cyber Security Professional.
• Relevant certification such as CISSP, CGRC, CISM, or CRISC.
• Experience delivering within UK public sector or government environments.
• Familiarity with Agile and Waterfall delivery methodologies.
• Working knowledge of Jira and Confluence.
• Degree in Cyber Security, Computer Science, or a related discipline.
• Exposure to infrastructure virtualisation platforms (e.g., VMware) within secure environments.

Consortium X, is a veteran-founded engineering consultancy delivering assured engineering solutions to critical programmes. We work at the heart of secure infrastructure delivery, partnering with major private and public sector organisations.