About the job

Job summary

Would you like to play a key role in ensuring the security of and trust in platforms that underpin public services in Scotland?

In the cloud and platform services division, our mission is to design, build, and operate a Scottish Government platform for Public Sector bodies across Scotland, providing Cloud Computing, Digital Payments, and Digital Identity. By establishing common platforms, we support organisational transformation, allowing bodies to deliver their services more efficiently, more quickly, and at scale.

THE ROLE

We’re recruiting for a Security Engineer to join our growing cloud platform engineering & architecture team. Practicing a DevOps first approach to delivering digital services which are secure by design. They will be responsible for ensuring security is automated and elastic across all cloud platforms.

Reporting to the Service Owner, they will possess leadership qualities and mentoring abilities to support the development of our wider cloud platform team – particularly in areas of security.

This is an exciting opportunity to enable and advocate for best practice in security engineering for cloud services across the public sector in Scotland, with excellent opportunities for career development as part of a rapidly growing team.

OUR TEAM

"I've found the Scottish Government to be a supportive working environment and appreciate that my colleagues are all working towards a common goal. As someone who was previously employed in the private sector, I enjoy having the opportunity to work on software projects that will have a positive impact on the lives of people in Scotland" - Adam, Software Engineering Manager

Job description

HOW WILL I SPEND MY TIME?

DevSecOps

• Act as a subject matter expert for CI/CD pipeline security tools, identifying gaps in capability and supporting the team in implementing new solutions to remedy these gaps.
• Build, develops, and configure tooling and processes to be secure. Build tooling to support pre-commit, Continuous Integration, Continuous Deployment through to production. Build Secure Configuration Management using Infrastructure as Code.
• Identify, design, and develop cyber security solutions across a wide variety of applications and infrastructure.

Collaborating to define, implement and maintain security standards

• Collaborate with Product Managers, Platform Leads, and Information Security teams to design and implement secure cloud solutions.
• Collaborate with the Information Security and compliance team, technical teams to develop Cloud security architecture and maturity standards.
• Work with the Cloud Operations teams to define and implement security standards and best practices.
• Ensure that the Cloud Platform Service technical team has documentation and diagrams for security tools, system environments and cloud operations is developed and maintained.
• Work closely with functional-area architects, engineering, and security specialists throughout the team to ensure adequate security solutions and controls are in place throughout all development systems, cloud systems, and platforms to mitigate identified risks and meet business objectives and regulatory requirements.
• Engage with a broad range of internal and external stakeholders, providing cyber security assurance and managing the change process for the implementation of cyber security strategy, standards, and solutions.

Developing wider Cyber Security Capability

• Support and empower the engineering team and others solve cyber security problems in a way that not only complies with required standards but also contributes materially to the security of new systems.
• Actively contribute to the engineering function by reviewing and improving security for infrastructure as code deployments, following the current software development lifecycle and mentoring the engineering team to be able to undertake these tasks.
• Maintain and ensure the Cloud Platform Engineer team have a strong understanding of platform-related log sources relating to AWS, Azure & GitHub to support the identification of root causes for complex issues pertaining to security or to support incident resolution.
• Maintain a strong understanding of current security engineering best practices and products that can be used to support threat modelling and better enhance the security capabilities of the area through research and learning.

Monitoring & responding to events

• Evaluate and respond to alerts and events from the security tools, including tuning tool configuration to minimise false positives, developing event response documentation and processes for Security Operations Centre response to follow in the event of a cyber incident.
• Support vulnerability management and remediation for the Cloud infrastructure and Platforms and support tracking of this remediation through regular management meetings.

Person specification

No specific qualifications are required for this post.   

Essential Criteria

1. Your hands-on experience in designing, implementing, and managing security solutions tailored for cloud environments and aligned to industry-standard cybersecurity framework such as NIST/CIS/CSA. This includes proficiency in securing cloud platforms such as AWS, Azure, understanding cloud-native security services, and expertise in configuring security groups, IAM policies, and network access controls.
2. Experience with cloud-native monitoring and logging tools, proficiency in analysing and responding to security incidents, with skills in threat detection and forensics within cloud environments.
3. Experience and understanding of DevSecOps principles, emphasising the integration of security practices into the DevOps pipeline. This includes knowledge of shift left security, implementing security as code and tools, such as Terraform, bicep, CloudFormation.
4. Experience of working closely with engineers, architects, and other stakeholders to embed security practices into CI/CD workflows with ability to articulate complex security concepts clearly. This includes providing security guidance and mentoring and fostering a culture of shared responsibility for security throughout the organisation.   

Benefits

Alongside your salary of £57,141, Scottish Government contributes £16,513 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

How To Apply

To apply for this post, you will need to provide the information requested below via the online application process.

• Panels sift applications for interview and assessment purely based on evidence provided against the essential criteria. Therefore, it is especially important that your CV & Personal Statement provide clear examples and evidence demonstrating how your skills and experience meet each essential criteria.
• A CV (no longer than two A4 pages) setting out your career history, with key responsibilities and achievements.
  Personal Statement (no longer than 750 words)  

The closing date for applications is Sunday 9 June 2024 at 23:55

Interview/Assessment Information 

If you are invited to attend an interview this will include a DDaT Technical Skill Assessment and the following competencies: 

• Leading Others
• Communications & Engagement
• Improving Performance
• Analysis & Use of Evidence

More detail on these competencies can be found in  

We recommend reviewing the following links:

How to apply for Digital roles with Scottish Government  

If you have any additional questions, please email digitalcareers@gov.scot 

Feedback will only be provided if you attend an interview or assessment.

Security

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission. The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.