Find your next tech and IT Job or contract role.

Job title: External Attack Surface Management Analyst Location: Preston or Frimley. We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Salary: Circa 45k dependant on skills and experience What you'll be doing: Supporting the Senior Attack Surface Management Analyst in maintaining the Global Attack Surface Management service to ensure BAE Systems perimeter assets are known and tested, and Shadow-IT assets are discovered and brought into governance Identifying and prioritising vulnerabilities across BAE Systems managed external assets as part of ongoing external attack surface management, coordinating remediation with resolver teams Reviewing and validating vulnerabilities detected by SaaS-based scanning tools, confirming exploitability and severity to inform accurate remediation Supporting vulnerability management across cloud and SaaS environments, identifying risks and coordinating remediation to safeguard externally hosted services Proactively detects external-facing security gaps and misconfigurations, ensuring timely escalation to relevant resolver teams for remediation Your skills and experiences: Essential A extensive technical background with a detailed knowledge of cyber security, computer networks and operating systems Broad and detailed experience of technologies including but not limited to DNS, Certificate Transparency, firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, Linux, TCP/IP, Networks, Cloud, CDN's and Vulnerability Management Good knowledge of technologies contributing to external risk, including publicly accessible services, user interfaces, and legacy systems Analytical background and is comfortable analysing and interpreting large and complex data sets and articulating the story behind any observations along with providing conclusions and recommendations Desirable Good knowledge of technologies contributing to external risk, including publicly accessible services, user interfaces, and legacy system Benefits: As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive. The Cyber Operations team: Cyber Operations is responsible for protecting BAE Systems from Cyber Attack by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us - who serve in our military and rely on the products and services we create. Across Threat Intelligence, Detection, Incident Response and now Active Defence we work to evolve cyber operations as a world class capability. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks. Closing Date: 5th September 2025 We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible. #LI-NP1 #LI-Hybrid

The Role We are looking for an exceptionally seasoned Security Architect with over 15 years of progressive experience, including extensive leadership in designing and implementing robust security architectures, particularly within large-scale cloud environments and the highly regulated financial domain. This role demands a deep understanding of complex security challenges, a proven track record of strategic influence, and the ability to translate business requirements into secure, scalable, and compliant technical solutions. Your responsibilities: · Strategic Security Leadership: Define, evangelize, and evolve the overall cloud security architecture strategy and roadmap, aligning with business objectives, relevant European regulatory requirements (e.g., GDPR, DORA, PSD2, NIS2 Directive), and industry best practices. Act as a trusted security advisor to senior leadership, engineering teams, and business units on all aspects of cloud security. Lead the development and implementation of security architectural standards, patterns, and guidelines for cloud-native and hybrid-cloud deployments. · Solution Design & Assurance: Provide expert security architecture guidance for critical enterprise applications, infrastructure, and data platforms, with a strong focus on secure-by-design principles. Conduct comprehensive security architecture reviews of high-level and low-level designs, identifying risks, proposing effective controls, and ensuring adherence to security policies. Drive the selection and integration of security technologies and services within cloud ecosystems (AWS, Azure, GCP preferred). · Risk & Compliance Management: Lead threat modeling, risk assessments, and security posture management across cloud environments. Ensure architectural designs meet stringent regulatory compliance requirements relevant to the financial industry in Europe (e.g., data residency, privacy, operational resilience). Develop and implement security controls that align with frameworks like NIST CSF, ISO 27001, PCI DSS, and CSA CCM. · DevSecOps & Automation: Champion the integration of security into the entire SDLC (DevSecOps), promoting automated security testing, continuous compliance, and secure configuration management. Design secure CI/CD pipelines and infrastructure as code (IaC) templates. Your Profile Essential skills/knowledge/experience: · 15+ years of progressive experience in Information Security, with a significant focus (minimum 7-8 years) on Security Architecture. · 5+ years of hands-on experience specifically in Cloud Security Architecture for enterprise-scale deployments across at least one major public cloud provider (AWS, Azure, or GCP). Multi-cloud experience is highly preferred. · Deep expertise in financial services domain security, including understanding of common threats, European regulatory requirements (e.g., PSD2, DORA, EBA guidelines), and data privacy mandates (GDPR). · Extensive knowledge of security architecture principles for: · Identity & Access Management (IAM) in cloud (e.g., AWS IAM, Azure AD, GCP IAM). · Network Security (VPCs, firewalls, WAFs, micro-segmentation, private connectivity). · Data Security (encryption at rest/in transit, KMS, data classification, DLP). · Application Security (secure coding, API security, SAST/DAST, WAF integration). · Container Security (Kubernetes, Docker, service mesh). · Security Information and Event Management (SIEM) and logging strategies. · Zero Trust Architecture principles. · Proven experience with DevSecOps methodologies and securing CI/CD pipelines. · Strong understanding of security frameworks such as NIST CSF, ISO 27001, CSA CCM, and experience in translating these into practical architectural designs. · Hands-on experience with security tools and technologies for vulnerability management, secrets management, cloud security posture management (CSPM), and cloud workload protection platforms (CWPP). · Relevant industry certifications are highly desirable (e.g., TOGAF, CISSP, CCSP, AWS Certified Security - Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer). Desirable skills/knowledge/experience: · Exceptional Communication: Ability to articulate complex security concepts clearly and concisely to technical teams, senior management, and non-technical stakeholders (both written and verbal). · Strategic Thinking & Vision: Capability to foresee future security challenges and proactively develop long-term architectural solutions. · Problem-Solving & Analytical Prowess: Strong ability to diagnose complex security issues, identify root causes, and devise innovative, practical solutions. · Influence & Persuasion: Proven ability to gain buy-in and drive adoption of security best practices across diverse teams. · Collaboration & Teamwork: A strong team player who can work effectively with cross-functional teams (development, operations, compliance, audit). · Leadership & Mentorship: Demonstrated ability to lead security initiatives, guide junior team members, and foster a culture of continuous learning. · Adaptability & Resilience: Ability to thrive in a fast-paced, evolving environment and navigate ambiguity with a positive and proactive approach. · Attention to Detail: Meticulous approach to design and review, ensuring no critical security gaps. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.

***SC CLEARED*** Vulnerability Manager 6 Month contract initially Location: Barrow-in-Furness. Hybrid, 40% Remote 60% Office Rate: £500 - £550 p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Vulnerability Manager to join the team. We are seeking a Vulnerability Management Lead with proven experience to join our cybersecurity team. Key Responsibilities: * Provide remediation recommendations; Monitor remediation activities; Report on the progress of remediation activities; Provide evidence on closure of remediation activities. * Organise, Scope and Facilitate ITHC Regression testing * Communicate and report technical vulnerabilities to a non-technical audience * Translate and map vulnerabilities to threats and risks. * Work with the client's third-party Pen Testing partners to understand and manage the findings of their testing * Identify remediation dependencies and establish remediation prioritisation plans. * Work with the vulnerability owners to provide recommendations for remediation, short term containment and/or short-term mitigating controls etc. * Create relevant risk acceptance reports where remediation is not possible in the short to medium term. Key Skills & Experience: * Must be a self-starter with good stakeholder management skills. * Experience of working within MOD on OS, S and TS environments. * Knowledge of Vulnerability tools: Nessus, Qualys, Tanium This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.

Cyber Security Manager Our Client to be secured and protected from increased cyber threats and compliant to industry standards. This role covers information protection, including data loss protection and data classification, and threat protection, including security information and event management (SIEM), user and entity behaviour analytics (UEBA), point products like anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS) and penetration testing. The Service Delivery team consists of approximately 20 staff who support and operate the Company’s services and there is an opportunity in that team for a Cyber Security Manager to oversee and govern all security services. Reporting Lines This role reports to Head of Service Delivery Main Accountabilities • Technical leadership for all security solutions, including all the 3rd party managed services • Maintain the overall security of Company’s network, systems, and data • Monitor security access and manage IDS/IPS configurations • Establishing and implementing security best-practice standards as well as departmental policies and procedures • Responsible for Security scanning and the efficient remediation of vulnerabilities • Responsible for analysing all security incidents to determine root cause • Determine, recommend, and implement upgrade security measures and controls • Delivery security responses for customer and client compliance requirements • Developing and managing security plans with vendors • Audit activities of administrators and conduct Security awareness training Requirements • Demonstrable skills and capability in Security leadership and 3rd party management experience • CISSP certification preferred. Compliance knowledge required in ISO27001, PCI and GDPR. Possibly a certified ethical hacker • Knowledge of Security technologies is essential, such as network appliances, firewall administration, AD, IAM, PAM, SIEM, UEBA, AV, IDS/IPS and MDM solutions • Understanding of common frameworks, such as ITIL or LEAN is preferred • Good exposure of user environment management, including desktops/laptops, profile management, access control methodologies • Must be very proactive in understanding and staying up to date with current security technologies and industry technology trends The job/Client is located at our head office in Paddington, London with hybrid working The Client holds a Licence to Sponsor (grade A) and will always consider sponsoring employees if needed We welcome applications from Ukrainian Refugees The salary for this position is circa £70K - £80K plus Benefits. Please do send your CV to us in Word format along with your salary.

***SC CLEARED*** Security Analyst - Nextlabs 6 Month contract initially Location: Barrow-in-Furness. Hybrid, 40% Remote 60% Office Rate: £Market rates p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Security Analyst with good experience of Nextlabs, to join the team. Key Responsibilities: Security Operations * Support the Head of IT Security Operations and deputise in their absence * Day to day management of the security analyst tasks related to Security Tickets and Security Service Requests * Identify, prioritise, and manage Security Incidents * Bring incidents to successful conclusions with thorough remediation plans * Influence stakeholders at all levels to assist with the timely resolution of Incidents * Respond to incidents and obtain forensic information as directed * Prioritising and differentiating between potential intrusion activity and false alarms * Conduct incident and investigation post-mortem briefings, analysis, and reporting Key Skills & Experience: Security Tooling * Provide hands-on security leadership and oversight of security tooling * Offer security guidance, risk assessment and assurance to business stakeholders * Lead incident response and oversee escalated alerts * Conducts follow up remediation and track findings from previous audits through to closure * Conduct Education and awareness training events * Manage and optimise the use of security technologies, services, and processes * Deliver security review processes, supporting change control, architecture assessments, and risk management * Work collaboratively with internal stakeholders, including IT, HR, DPO, Audit and Risk teams * Maintain awareness of emerging security threats and assist in the strategic enhancement of our cyber security capabilities * Support adoption of security controls and compliance frameworks including NIST, ISO, and PCI. * Work closely together with technical architects to produce design specifications according to information security policies, while fulfilling business needs * Provide training to project members during account onboarding This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.