Security Operation Engineer (SC & NPPV3 Cleared) - Outside IR35 - Croydon/Solihull

About the Role:

As a Security Operations (SecOps) Engineer, you will play a critical role in supporting one of the UK's most technically complex and secure government cloud services programmes. Reporting to the SecOps Lead, you will ensure that security procedures, controls, and operational practices remain compliant with the Government Security Classifications framework and Home Office security policies.

You will contribute to the continuous improvement of security processes, support secure delivery across cloud and digital services, and help maintain a strong security culture across the programme. This role is ideal for an experienced security professional seeking to work in a high-assurance, public-sector environment with significant technical depth and operational responsibility.

Key Responsibilities:

• Maintain and update Security Operating Procedures (SyOps) and information security management policies.
• Review solution designs, technical documentation, and implementation plans to ensure compliance with security standards and Home Office requirements.
• Conduct threat modelling activities to identify risks and inform secure design decisions.
• Provide assurance over patching operations, release notes, and change activities.
• Perform and review vulnerability scans for releases, contributing to vulnerability risk assessments and remediation planning.
• Assess external threat intelligence feeds and provide recommendations to mitigate emerging risks.
• Conduct security incident investigations, ensuring accurate reporting and follow-up actions.
• Create and review ITHC (IT Health Check) Remediation Action Plans and track progress to closure.
• Support certificate management ceremonies and cryptographic control processes.
• Review digital access requests and support Joiner/Mover/Leaver processes to maintain secure access controls.
• Create and maintain ITHC change management and delivery Kanban board tickets.
• Contribute to the development and maintenance of a strong security awareness culture across the programme

Essential Skills and Experience:

• 5+ years of experience in a similar SecOps, Security Consultant, or Information Security role
• British citizen with the ability to obtain all relevant UK Government security clearances (SC, NPPV3).
• Strong understanding of Home Office security processes, policies, and governance requirements.
• Experience supporting secure government cloud migration or transformation programmes.
• Proven experience developing, maintaining, and monitoring security policies and procedures to ensure proactive compliance with security guidelines and legislation.
• Hands-on experience investigating security incidents and breaches.
• Experience delivering security training and awareness initiatives.
• Flexibility to travel within the UK, particularly to Croydon and Birmingham.
• Strong written and verbal communication skills with the ability to articulate complex security issues clearly

What We Are Looking For:

• Knowledge of Home Office clients, standards, and security frameworks.
• Relevant security certifications (eg, CISSP, CISM, CCSP, ISO 27001 Lead Auditor/Implementer).
• Understanding of legislative compliance requirements such as GDPR.
• Experience designing security controls for new projects, applications, or cloud services.
• Experience working on Critical National Infrastructure (CNI) programmes.
• Awareness of public cloud security controls, accreditation processes, and secure cloud architectures.
• Experience using Agile delivery toolsets such as Jira, Confluence, and ServiceNow.
• Experience supporting presales activities, including drafting security responses for UK Government bids.