Security Engineer

Work on Technology That Protects What Matters

At SiXworks, we build secure digital solutions that support Defence and National Security missions. Our teams work on complex problems where reliability, security, and speed of innovation matter.

We’re looking for a Security Engineer who enjoys solving difficult technical challenges and wants their work to have real operational impact.

What You’ll Do

As a Security Engineer, you’ll help design, build, and deliver secure digital solutions in highly secure environments. You’ll work alongside engineers, architects, and delivery specialists to develop technology that enables faster, safer decision-making for critical operations.

Your work may include:

Credential Lifecycle Management:

• Manually creating or bulk-importing passwords, SSH keys, and API keys
• Configuring and verifying Remote Password Changing (RPC) to ensure credentials rotate on a set schedule without service interruption.
• Checking our servers can successfully communicate with target systems to validate that stored credentials are still correct.

Discovery & Network Visibility:

• Running regular Discovery scans across Active Directory and network segments to identify new privileged accounts, service accounts, and dependencies.
• Mapping how service accounts are used by Windows Services, Scheduled Tasks, or IIS Application Pools to ensure rotation doesn't break critical systems.

System Maintenance & Performance:

• Proactive management of technical vulnerabilities and system security.
• Monitoring the status of Distributed Engines (DE) to ensure they are online and processing tasks like heartbeats and password changes without latency.
• Monitor and improve performance and ensure all secrets are bound to launchers, and secret templates are used and updated as required.
• Configuring and verifying automated database backups (full, differential, and log) to meet Recovery Point Objectives (RPO).
• Applying security patches and upgrades to our platforms
• Maintain the Licenses / certifications and update where required
• Check the results of recent Discovery scans to see if new privileged accounts, service accounts, or dependencies were found.

Access Governance:

• Managing Role-Based Access Control (RBAC) by creating roles, defining folder structures, and setting granular permissions for users and groups.

Audit & Compliance:

• Generating and reviewing audit logs and reports (e.g., most active users, failed heartbeats) to detect unusual activity and prove compliance.
• Configuring launchers to record privileged sessions, allowing or disallowing for full keystroke and video audits of administrative work.

Technical Troubleshooting:

• Resolving issues related to firewall requests, load balancer configuration.

Security Oversight

• Monitor Active Sessions: Session Monitoring for any currently active privileged sessions, particularly on high-value assets like Domain Controllers.
• Troubleshoot any Remote Password Changing (RPC) failures from the previous 24 hours to prevent account lockouts or "stale" credentials.
• Correlate server alerts with your SIEM to investigate suspicious activity, such as multiple failed login attempts or large-scale secret exports. 

What We’re Looking For

We value people who take ownership, think critically, and enjoy working as part of a collaborative team tackling complex challenges. You don’t need to tick every box, but we’re particularly interested in people with skills/experience in:

• Deploying and managing security tooling (vulnerability scanning, EDR Agents, etc);
• Deploying and managing identity solutions (Directory services, IdPs, Privileged Access Management solutions);

• Basic understanding of threat frameworks (such as ATT&CK).
• High standards in written report and/or design documentation;
  
• Working at a technical low level design level with the project team;
• Knowledge and experience of Agile, DevSecOps, CI/CD principles and their application in secure environments;
• Understanding of MOD assurance and policies;

Just as important are curiosity, strong problem solving ability, and the motivation to continuously improve how technology is designed and delivered.

About SiXworks

SiXworks is a specialist digital innovation partner delivering secure, mission-critical technology to Defence and National Security organisations. We focus on digital experimentation, secure-by-design architecture, cloud technologies, and rapid application development to help our customers move faster and stay ahead of evolving challenges.

Our team combines expertise from across technology, business, and operational backgrounds including the armed forces creating a collaborative environment where practical thinking and innovation thrive.

Why Join Us

Our culture is guided by six principles: Agility, Security, Innovation, Quality, Collaboration and Inclusivity our North Star for how we work. SiXworks is a leading provider of secure digital solutions, specialising in digital experimentation and focused on fail-safe-fast cutting-edge technology solutions deployed in highly secure environments.

As an end-to-end digital innovation and delivery partner, we turn complex challenges into mission-critical digital advantages. This is a thrilling time for us, with ambitious plans for growth. We are looking for brilliant, experienced, driven and self-motivated people to join the team on our journey.

We offer competitive salaries and a package that supports your wellbeing and development, including 25 days annual leave + bank holidays, free Private Medical cover and Life Assurance, Generous pension (10% employer, 5% employee contribution), Bonus and Professional development and training support. In addition to secure parking, gym, café & restaurant on site and lots of open break out spaces.

A word on UK Security Clearance 

Due to the secure nature of the position and working environment, you must have or be eligible to obtain the highest level of Security Clearance. More details relating to UK Security Clearance can be found here:  

United Kingdom Security Vetting: clearance levels - GOV.UK (www.gov.uk) 

Interested? 

Please apply!