Penetration Test Lead – Hands on

Rate – £400 – £500 Inside IR35

Duration – 3 months initial

Location – Bristol (Once a month on site)

We are seeking an experienced Pen Test Lead with strong, hands-on penetration testing expertise to lead and support a small internal testing function.

This role combines technical delivery with day-to-day leadership, overseeing a team of three penetration testers. You’ll be responsible for managing testing intake, scoping engagements, delegating work and ensuring high-quality, timely delivery across multiple assessments.

Alongside team leadership, you’ll remain technically engaged, providing guidance on complex testing activities, validating findings and supporting continuous improvement of tooling and methodology. An understanding of red team concepts and adversary led testing is highly desirable.

Key responsibilities:

• Lead and mentor a team of penetration testers
• Manage and prioritise testing requests and intake
• Scope penetration tests and allocate work effectively
• Maintain hands-on involvement in penetration testing where required
• Assure quality, consistency, and reporting standards
• Contribute to red team or advanced testing approaches

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security (SIEM) Architect – SC Cleared
Duration: 6 months
Location: Hybrid – Warwick / WFH (40/60)
Day rate: £700 – £750 inside IR35

We are looking for an SC Cleared Security (SIEM) Architect to design and deliver a full-scale, bespoke SIEM capability using the Elastic platform.

You will act as a lead architect, refining existing designs and building a holistic Elastic SIEM solution. An initial architecture has already been produced by Elastic EMEA; you will take this forward, working with sensitive data and collaborating with a wider team of architects.

Key requirements:

• Proven SIEM / Security Architecture experience

• Strong, end-to-end knowledge of the Elastic Stack

• Previous experience designing SIEM platforms at scale

• Background as a SOC Analyst highly desirable

A great opportunity to shape a critical security capability within a well-supported programme.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Secure by Design Consultant – Outside IR35

• Location: London
• Type: 1 day a week on-site
• Clearance: Active SC Cleared
• IR35: Outside
• Rate: £500 – £550
• Contingency: Must be able to start within 1-2 weeks

Sanderson G&D are seeking a Secure by Design Consultant. The role revolves around providing expert Secure by Design leadership across digital services, ensuring security is embedded from the earliest stages of discovery through delivery and into live operation. The role focuses on identifying risk early, shaping secure solutions, and enabling teams to make proportionate, well‑evidenced security decisions.

Responsibilities:

• Lead Secure by Design discovery and assessment activities across digital services
• Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations.
• Facilitate threat modelling and risk workshops with multidisciplinary teams.
• Define pragmatic security control expectations aligned to service risk and context.
• Produce concise written outputs that support decision‑making and assurance.
• Coach delivery teams to embed secure ways of working without impeding delivery pace.
• Support governance and assurance activities by articulating risk, mitigation, and residual exposure.

Essential Experience

• Strong experience embedding security into digital delivery, not just reviewing it.
• Deep understanding of Secure by Design and risk‑based security principles.
• Ability to influence senior stakeholders and delivery teams.
• Excellent written and verbal communication, with a focus on clarity and actionability.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Technical Security Architect – Application Security (RBAC / ABAC)

Rate: £650 – £750 Inside

Duration: 6 months

Location: Bristol

We are seeking a Technical Security Architect with strong expertise in Application Security, RBAC, ABAC and Policy Management to assess and modernise a predominantly legacy application estate, including platforms built on SQL Server.

This role will focus on evaluating the current security posture, reviewing how access and security policies are defined and enforced, and creating a clear roadmap to future-proof applications in line with client, regulatory and business requirements.

Key Responsibilities

• Assess the existing application, data and access control landscape, including legacy SQL Server-based platforms
• Review and rationalise security and access policies, ensuring they are consistent, enforceable and scalable
• Evaluate and design RBAC and ABAC models, aligned to business and client needs
• Define how policies are authored, managed, versioned and enforced across applications
• Identify security gaps, technical debt and policy inconsistencies within legacy systems
• Design target-state application security architectures that balance modern security principles with platform constraints
• Produce a pragmatic roadmap for modernising access control and policy management
• Provide architectural guidance to engineering teams to embed policy-driven security controls
• Act as a trusted security advisor to technical and non-technical stakeholders

Required Experience

• Proven experience as a Technical Security Architect or Application Security Architect
• Strong experience securing legacy application estates, including SQL Server environments
• Deep understanding of RBAC, ABAC and policy-based access control
• Experience defining and governing security and access policies across complex platforms
• Ability to translate business, regulatory and client requirements into practical security designs
• Strong stakeholder engagement and communication skills

Desirable

• Experience integrating legacy applications with modern IAM and policy engines
• Exposure to cloud or hybrid environments (Azure, AWS or GCP)
• Knowledge of Zero Trust and identity-centric security models

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Vulnerability Remediation Analyst – SC Cleared

Location: Leeds
Type: 2 days on-site
IR Status: Inside
Rate: £450 – £545
Clearance: Must be SC Cleared
Length: Initial 6 months

Sanderson G&D are seeking an experienced Vulnerability Remediation Analyst with hands-on expertise in managing and resolving platform vulnerabilities across large-scale data estates. Proven ability to work with tools like Tenable One, coordinate with engineering teams, and ensure timely closure of security gaps.

Key Skills

• Vulnerability scanning & validation (Tenable One)
• Risk-based prioritization
• Remediation tracking & reporting
• Security compliance documentation
• Collaboration with platform and cyber teams
• Experience in working with Tenable One, Nessus or Rapid7

Responsibilities & Achievements

• Validated and tracked vulnerabilities across NHS England’s platform estate.
• Coordinated remediation efforts with engineering teams, ensuring closure within agreed timelines.
• Maintained central vulnerability tracker and provided regular assurance updates.
• Captured remediation evidence for internal and external audits.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Cyber Security / Infosec Coach

Rate – £450 / £500 Inside IR35 (Total to umbrella)

Duration – 3 months initial

Location – London – Three days a week on site

We are looking for an experienced Cyber Security Culture, Training & Awareness Principal to play a key role in strengthening cyber security awareness across the organisation. This position focuses on building and promoting a strong cyber security brand, driving engagement and embedding a positive security culture across all departments and business units.

Working closely with the Culture, Training & Awareness Lead, you will help design, deliver and continuously improve impactful security awareness and training initiatives. You will collaborate with a wide range of stakeholders across InfoSec and the wider business to ensure colleagues clearly understand their responsibilities in protecting sensitive information and critical assets, supporting a resilient and security-conscious organisation.

You will be responsible for promoting the Information Security Brand to enhance cyber security awareness and engagement across the full estate. You’ll proactively support the process of developing and implementation of comprehensive training programs, creating a strong security culture and ensure all colleagues and partners understand their roles in protecting information and assets.

• Proactively support the building and promotion of a distinct Cyber Security Brand to enhance awareness and engagement with InfoSec globally.
• Cultivate and influence security culture so that organisational, team and individual decisions result in positive outcomes and an understanding that cyber security is everyone’s responsibility.
• Support the development, implementation and outcome measurement of comprehensive cyber security training and awareness programs and initiatives, tailored to different departments, teams and business units to maximise security engagement.

Key Responsibilities:

• Deliver a high degree of support and motivation to the Culture Training & Awareness Lead and the Head of Business Engagement
• Understand the security culture, training and awareness objectives derived from the InfoSec management team and support the translation of these into concrete and measurable deliverables and outcomes.
• Enhance awareness and engagement with the Cyber Security Brand. Contribute to the creation of branding materials, communication strategies and campaigns aimed at reinforcing the importance of cyber security among colleagues and partners.
• Proactively support the design and execution of comprehensive cyber security training programs customised to various departments, teams and business units. Ensure that the training materials are relevant, engaging and effectively communicate security best practices.
• Support the design and implementation of solutions to measure the impact and success of culture, training and awareness activities.
• Deliver initiatives to cultivate a strong security culture, promoting awareness and proactive engagement among employees.
• Motivate and inspire colleagues to actively participate in security initiatives, emphasising the importance of their roles in safeguarding company assets. Employ effective communication techniques to encourage buy-in and enthusiasm for security practices.

Skills / Experience

• 3 years relevant experience in a similar environment and role
• Ability to provide security awareness support and guidance to colleagues within InfoSec and the broader estate
• A clear understanding of the actions required to develop and promote a Cyber Security Brand.
• Proven experience of delivering cyber security training programs.
• Understanding / experience of deploying effective methodologies for measuring and assessing employee awareness levels.
• Good understanding of information security principles, practices and technologies.
• Familiarity with security awareness training platforms and tools.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Service Manager

We are working alongside a large technology firm seeking an experienced Service Manager to join the organisation. This is a key role focused on owning BAU services, driving cost optimisation, and ensuring SLA/KPI compliance within a secure, mission-critical environment.

You’ll act as the single service owner, working within a DevSecOps and Agile model, coordinating continuous service improvements and providing clear direction across teams.

What you’ll be doing:

• Owning BAU service delivery and meeting contractual SLAs

• Driving cost optimisation and service improvements

• Ensuring Run teams understand client deliverables and priorities

• Leading daily stand-ups and managing escalations

• Ensuring Business Continuity Plans are in place and aligned with client BCPs

What you’ll bring:

• Strong service ownership mindset with the ability to work in complex client environments

• Confidence operating under pressure and navigating ambiguity

• Excellent stakeholder management and communication skills

• A proactive, results-driven attitude with a passion for change and improvement

• Willingness to travel to client meetings when required

Desirable experience:

• Vendor, financial, risk and change management

• Performance metrics, negotiation and conflict resolution

• Trusted advisor approach with strong customer focus

• Ideally a sole British national

What we offer:

• Competitive salary and pension scheme

• Select benefits (private healthcare, gym membership, childcare vouchers & more)

• Perks at Work discounts

• Recognition programmes, incentives and regular social events

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Resilience Consultant

Rate: £500 – £550 per day (Inside IR35)
Duration: 6 months initial
Location: London – 2 days per week on-site

Role Overview:

We are seeking a hands-on Security Resilience Consultant to support and strengthen security controls across a regulated technology environment. This role would suit someone who has worked within a medium sized regulated business, where security teams are lean, responsibilities are broad and individuals are expected to balance analysis, delivery and operational ownership.

You will focus on the effectiveness of technical security controls, supplier and SaaS security posture and the use of data and dashboards to provide clear, actionable insight into risk and resilience. This is not a purely policy or assurance role, you will be expected to get into the detail and work directly with systems and data.

Key Responsibilities

• Monitor and assess the coverage and effectiveness of technical security controls, aligned to defined KRIs and KCIs.
• Work closely with the Supplier Assurance function to evaluate the security posture of third-party products and services, with a strong focus on SaaS Security Posture Management (SSPM) / Third Party risk platforms.
• Perform hands-on analysis of security and risk datasets, drawing meaningful conclusions to support resilience decisions.
• Help design and build a SaaS security assessment capability, embedding day-to-day security practices into administrative and technical controls.
• Develop and maintain practical dashboards and reporting to provide visibility of security posture and control effectiveness.
• Support compliance with regulatory, legal, and internal governance requirements in a pragmatic, delivery-focused manner.

Required Experience

• Background in a regulated environment (e.g. financial services, insurance, payments, utilities, or similar).
• Experience working in small-to-medium security or technology teams, where you’ve been required to be hands-on.
• Solid cloud security experience, ideally within SaaS-heavy environments.
• Strong data analysis capability, including querying, mapping, and interpreting complex datasets.
• Experience with data harmonisation and visualisation, using tools such as Excel and Power BI.
• Comfortable working across security, technology, and assurance stakeholders, translating data into clear risk insight.

Nice to Have

• Exposure to SSPM tooling or third-party risk platforms.
• Experience operating in environments without heavy process, where you help shape how things are done rather than inherit mature frameworks.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Business Continuity, Operational Resilience, Disaster Recovery, Incident & Crisis Management Consultant
Outside of IR35.
Hybrid working – 3 days per week

Our client, a leading financial services organisation based in the City of London is looking to hire an experience Business Continuity Consultant.

The outcome of the assignment will lead the organisation’s readiness programme in preparation for the PRA DyGIST exercise in May 26.

The successful candidate will provide leadership, coordination, and delivery oversight for our clients Business Continuity, Incident and Crisis Management framework to deliver a validated and operationally ready Business Continuity and Crisis Management framework.

This assignment has been deemed outside of IR35.
Hybrid working – 3 days per week.

General responsibilities and deliverables: –

Lead & coordinate Business Continuity, Incident and Crisis Management activities and acting as the central point of accountability for resilience.

• Partner and oversee the appointed consultancy, ensuring that deliverables meet regulatory, operational, and governance expectations.
• Deliver hands-on remediation and delivery of improvements to business continuity, incident response, and crisis management plans.
• Ensure alignment across all functions including Underwriting, Claims, Finance, Risk/Assurance, Operations and IT.
• Communicate and coordinate with stakeholders to ensure identified capability gaps are addressed promptly and progress is tracked through to a successful completion.
• Lead readiness activities for the PRA’s DyGIST exercise, including rehearsals/simulations etc.
• Provide Executive and Board-level briefings to present progress updates, risk summaries etc.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

DV Cleared – Supply Chain Info & Cyber Sec Risk Manager – Hybrid

• Pattern: Hybrid, 60% on-site
• IR Status: Inside
• Rate: £650 – £750
• Clearance: Must have active DV (any)
• Length: Initial 6 months, scope for extension

Multiple new contract opportunities have opened up with an organisation operating in the UK Public Sector, providing supply chain security assurance to on-going large scale technical project.

Essential

• Risk Assessment Methodologies: In-depth knowledge of identifying, evaluating, and prioritising security based upon best practice
• Knowledge of Security Frameworks & Compliance: Proficiency in applying standardised control frameworks
• Critical Thinking & Problem Solving: Proven ability to navigate complex, unique scenarios, strong analytical and critical thinking skills supporting the ability to find feasible solutions
• Communication & Presentation: The ability to distil complex technical information into meaningful, non-technical advice for stakeholders and executive leadership
• Stakeholder management, engagement and collaboration: The ability to engage positively, effectively and collaborate with stakeholders from various departments and grades
• Third- and Fourth-Party Assurance: The ability to develop and implement programmes for prioritised continuous monitoring and auditing of the supply chain

Desirable

• Knowledge of Security Frameworks & Compliance: Proficiency in understanding and applying GDPR, ISO 27001, GovAssure and NCSC’s Cyber Assessment Framework
• Business and Financial Acumen: An understanding of the departments business model and how this applies to the supply chain
• Regulatory Knowledge: Up-to-date knowledge of relevant regulations and legal requirements governing data protection and supply chain security in government

If you’re interested in learning more, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.