Cyber Security Engineer

On behalf of FCDO we are looking for a Cyber Security Engineer (Inside IR35) for a 12 month contract. Hybrid working with travel to Milton Keynes or Glasgow as and when required.

The Foreign, Commonwealth & Development Office (FCDO) pursues our national interests and projects the UK as a force for good in the world. We promote the interests of British citizens, safeguard the UK's security, defend our values, reduce poverty, and tackle global challenges with our international partners.

We're looking for a skilled Cyber Security Engineer to join our security team. You will be responsible for designing, implementing, and maintaining the core infrastructure that supports our Enterprise Cybersecurity Operations function. This includes managing and optimising our SIEM, Log Collection & Storing, Data Pipelines, EDR (Endpoint Detection and Response) tools, and other security technologies. You will work closely with our security professionals to ensure the platforms are efficient, reliable, and scalable, enabling them to effectively detect, investigate, and respond to security threats.

As a Cyber Security Engineer your main responsibilities will be to:

. Design, deploy, and manage the security platforms, including the SIEM (eg, Splunk, Microsoft Sentinel & Opensource alternatives) and supporting infrastructure across hybrid cloud environments.
. Monitor platform performance, troubleshoot issues, and implement optimisation to ensure high availability and data integrity.
. Configure and maintain data pipelines for ingesting security logs from various sources (endpoints, cloud services, network devices), ensuring proper parsing and normalization.
. Integrate new security tools and technologies into the existing ecosystem.
. Utilise modern methods to improve outcomes both for Security Engineering but also the SOC community.
. Create and maintain comprehensive documentation and diagrams for all platforms, configurations, and procedures.

Essential:

. An active DV Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. (Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.)
. Proven experience in a similar role, specifically with hands-on experience in managing and operating security platforms.
. Strong knowledge of SIEM technologies (Splunk, Microsoft Sentinel, etc.).
. Experience with Scripting languages like Python or PowerShell for automation.
. Familiarity with cloud security platforms (AWS, Azure, GCP).
. Knowledge of network protocols, operating systems (Linux/Windows), and cybersecurity frameworks (NIST, MITRE ATT&CK, CAF).
. Experience with SOAR (Security Orchestration, Automation, and Response) platforms.
. Excellent problem-solving and analytical skills.
. Strong communication and collaboration abilities.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident

As a member of the Disability Confident Scheme, FCDO guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".