Cyber Security Engineer

Cyber Security Engineer

NCC

Bristol based with hybrid working (3-4 days per week in office)

Salary: £45,084 to £63,751 per annum experience dependent, plus 12.5% employer pension, private medical insurance and additional benefits package. 

Government Security Clearance: to the nature of our business, all employment is subject to satisfactory references being obtained alongside a level of government security clearance.

Closing Date: 4th January 2026– We reserve the right to withdraw adverts earlier if required.

Summary: 

The NCC is a not-for-profit organisation supporting manufacturing innovation across 16 sectors in the UK. 

We're looking for a Cyber Security Engineer to join our expanding team as new member of the IT department providing guidance and hands on Cyber Security support.  You'll work within a small, skilled & friendly team who work closely together to help protect NCC from cyber security threats.

Primarily working on IT projects & programmes across IT Defence Portfolio, you will take a consultative and hands-on role in the design, implementation, and ongoing maintenance of security controls across both hybrid and on-premises IT environments. Primarily working with Microsoft technologies and integrated toolsets, your key responsibility will be to ensure that infrastructure platforms and services are secure, resilient, and compliant with internal policies and relevant external regulations.

Example of key responsibilities would include:

• Maintains and optimises operational security processes.
• Provides advice on implementing and managing physical, procedural and technical security encompassing both physical and digital assets.
• Collates, defines, and enforces secure configuration baselines and hardening standards in alignment with organisational security obligations and recognised industry frameworks (e.g., CIS Benchmarks, Microsoft Security Baselines).
• Conducts threat modelling and risk assessments to identify vulnerabilities or compliance gaps.
• Maintains and manages Software Bills of Materials (SBOMs).
• Assists with integrating security monitoring, logging, and alerting capabilities.
• Creates and reviews technical documentation, including security architecture designs, supply chain risk assessments, hardware and software risk assessments, risk mitigation plans, and security operations procedures.
  
  
• Performs security validation, configuration assessments, and support user acceptance testing (UAT) for security-related features.
• Collates and analyses information for threat intelligence requirements from a variety of sources.
• Designs and executes complex vulnerability research activities.
• Provides guidance, support and mentoring to other IT Engineers as requested by the IT Leadership team or line manager

So, what are we looking for in your application?

We like to see diverse applications and welcome people from different industries, specific experience we will look for in your CV would include;

• Willingness, and eligibility to undertake government security clearances.
• Experience working in prior Cyber Security Engineer or IT Infrastructure Security specialist roles
• Strong technical knowledge of Microsoft-Based Environments across both on-prem and cloud environments.
• Understanding of network security principles, including firewalls, segmentation, and secure remote access.
• Knowledge of identity and access management (IAM), including multi-factor authentication (MFA), RBAC, and conditional access policies.
• Familiarity with common regulatory and compliance frameworks (e.g.NIST, CIS Controls, ISO 27001, Cyber Essentials Plus).
• Experience aligning infrastructure builds with cyber security standards such as NCSC guidance, CIS benchmarks, or Microsoft Security Baselines.
• Experience implementing monitoring, logging, and alerting toolsets including SIEM and threat detection platforms.
• Understanding of data classification, encryption, and secure storage/access principles.
• Familiarity with endpoint protection platforms and vulnerability management tools.
• Experience securing hybrid identity solutions and federated authentication models
• Understanding of security automation concepts, including security orchestration and response (SOAR) including ability to script or automate repetitive tasks.

What do we offer in return?

Flexible working patterns as standard, annual salary reviews, company paid private medical insurance, up to 12.5% employer pension contribution, great people, honorary staff status at the University of Bristol. With a genuine focus on wellbeing, EDI and learning and development this is a chance to build your career in a thriving R&D facility with a bright future.

Unsure if you should apply?  Got a quick question you wanted to check beforehand?  Please feel free to reach out to the recruitment team, Jon Barratt, via linked in.