Overview

Cyber Security Engineer (Defence) at NCC – Bristol based with hybrid working (3-4 days per week in office). Salary: Competitive Salaries plus 12.5% employer pension, private medical insurance and additional benefits package. Government Security Clearance: employment subject to satisfactory references and an appropriate level of government security clearance. Closing Date: 30th October. We reserve the right to withdraw adverts earlier if required.

NCC

Summary: The NCC is a not-for-profit organisation supporting manufacturing innovation across 16 sectors in the UK. We are looking for a Cyber Security Engineer to join our IT department, providing guidance and hands-on cyber security support. You will work within a small, skilled & friendly team who collaborate to protect NCC from cyber security threats.

Key responsibilities

• Primarily working on IT projects and programmes across the IT Defence Portfolio, taking a consultative and hands-on role in the design, implementation, and ongoing maintenance of security controls across hybrid and on-premises IT environments.
• Work with Microsoft technologies and integrated toolsets to ensure infrastructure platforms and services are secure, resilient, and compliant with internal policies and relevant external regulations.
• Maintain and optimise operational security processes.
• Provide advice on implementing and managing physical, procedural and technical security for both physical and digital assets.
• Define and enforce secure configuration baselines and hardening standards aligned with security obligations and industry frameworks (e.g., CIS Benchmarks, Microsoft Security Baselines).
• Conduct threat modelling and risk assessments to identify vulnerabilities or compliance gaps.
• Maintain and manage Software Bills of Materials (SBOMs).
• Assist with integrating security monitoring, logging, and alerting capabilities.
• Create and review technical documentation, including security architecture designs, risk assessments, mitigation plans, and security operations procedures.
• Perform security validation, configuration assessments, and support user acceptance testing (UAT) for security-related features.
• Collate and analyse information for threat intelligence requirements from various sources.
• Design and execute complex vulnerability research activities.
• Provide guidance, support and mentoring to other IT Engineers as requested by IT Leadership or line manager.

What we’re looking for

• Willingness and eligibility to undertake government security clearances.
• Experience as a senior or independent Cyber Security or IT Infrastructure Security specialist.
• Strong technical knowledge of Microsoft-based environments (on-prem and cloud).
• Understanding of network security principles, including firewalls, segmentation, and secure remote access.
• Knowledge of identity and access management (IAM), including MFA, RBAC, and conditional access policies.
• Familiarity with regulatory and compliance frameworks (e.g., NIST, CIS Controls, ISO 27001, Cyber Essentials Plus).
• Experience aligning infrastructure builds with cyber security standards (e.g., NCSC guidance, CIS benchmarks, Microsoft Security Baselines).
• Experience implementing monitoring, logging, and alerting toolsets including SIEM and threat detection platforms.
• Understanding of data classification, encryption, and secure storage/access principles.
• Familiarity with endpoint protection platforms and vulnerability management tools.
• Experience securing hybrid identity solutions and federated authentication models.
• Understanding of security automation concepts, including SOAR, with ability to script or automate repetitive tasks.

What we offer

Flexible working patterns as standard, annual salary reviews, company paid private medical insurance, up to 12.5% employer pension contribution, great people, honorary staff status at the University of Bristol. We focus on wellbeing, EDI and learning and development to support your career in a thriving R&D facility.