We're on the lookout for a Security Engineer to join Nucleus' Information Security team, to help ensure that we are secure by design.
About the role The Security Engineer supports the delivery of Nucleus’s technology and business change agendas by translating security requirements into practical, working controls. Security requirements are set within the Information Security function; the Engineer is the person who turns them into designed, implemented and validated controls. This includes reviewing technical designs against those requirements, building and configuring the controls, embedding them into our operations, and evidencing that they work as intended. The Engineer works closely with teams across Nucleus, and with outsource partners involved in delivery, to land the right security outcome in each change.
The Information Security team aims make sure that Nucleus is a trusted partner to the firms and people we work with. Being able to demonstrate that our systems are secure, through a structured control environment, is a core component of building that trust. This role is critical to delivering that outcome: being the go-to contact for implementing security controls; being ‘hands on’ with their design and configuration; and validating that controls work as intended through technical assessment, identifying opportunities for continuous improvement. Where a control cannot be delivered as intended, this role is also about articulating the resulting risk clearly and pragmatically, so the accountable people can decide how to handle it. This is a proactive, build-and-assure role, distinct from a monitoring or alert-response function.
You’ll work with SMEs across Nucleus, you’ll ensure that new processes and controls are handed over to the relevant team, and that the Information Security Analysis team have suitable evidence to demonstrate that our risks are effectively managed.
Responsibilities - Apply security best practice in our change and development programmes, to ensure delivery is within our risk appetites.
- Review technical designs against agreed security requirements, then design and implement the controls that meet them, following industry best practice and Nucleus standards.
- Work with technical and delivery teams to produce and deliver remediation plans for identified vulnerabilities and control gaps, in line with Nucleus’ risk appetites.
- Clearly communicate security risks where requirements cannot be fully met, so the business can make informed decisions on whether to accept, mitigate or remediate, and balance security with delivery.
- Maintain systems and integrations that enable these controls.
- Validate that delivered controls work as intended, and capture the evidence needed to demonstrate they are effective.
- Coordinate on security controls within other members of the Nucleus Group, to ensure Nucleus has an end to end understanding of our exposures and capabilities.
- Support Audit and Due Diligence activities to help demonstrate Nucleus’s capabilities.
- Work with Security Operations and Analysis to adopt and maintain standards that ensure Nucleus continues to manage our security risks effectively.
- Take responsibility in everything you do to deliver good outcomes for our customers
- Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours
- Ensure compliance with Code of Conduct at all times
About you Your friends might describe you as ‘the methodical one’. You love to look at how everything fits together to see the bigger picture, identifying where things can go wrong, and putting pragmatic solutions in place to catch them before they happen.
You’ll enjoy working within a fast-paced environment that gives you the opportunity to multi-task within set deadlines. Professional with a positive outlook, you’ll take great pride in your ability to act on your own initiative and remain flexible in changing circumstances and priorities.
You’ll be confident navigating challenge and competing priorities, holding a technical position where the security outcome depends on it, and doing so constructively. You build influence through the quality of your reasoning rather than relying on authority, and you stay composed and evidence-led when your thinking is tested.
At Nucleus, we place real value in cultural contribution and diversity of thought. For this role we’re also looking for genuine technical depth, so while we wouldn’t expect every item below, we’d want you to bring a good number of them:
- Exposure to recognised control frameworks, in particular the CIS Critical Security Controls, with an understanding of how frameworks like NIST SP 800-53 or the NCSC Cyber Assessment Framework benefit an organisation. You understand what these frameworks are for, not just that they exist.
- Able to identify effective implementation and test plans, and deliver those through either in house capabilities or by working with external providers, and demonstrate how they help manage Nucleus’ risks.
- An excellent communicator, able to discuss security effectively with areas of the business.
- Solid, demonstrable Information Security experience, ideally including time in a regulated environment such as financial services.
- Strong knowledge of IT, Infrastructure and Networking concepts.
- Hands-on experience building and maintaining the systems and integrations that enable security controls.
- Experience working with cloud platforms such as Microsoft Azure and AWS, including operating and maintaining security controls and responding to findings from cloud security posture or workload protection tooling.
- Able to weigh other people’s views, apply sound technical judgement, and provide constructive challenge where it is needed to manage our Information Security risks effectively.
- Able to articulate security risk in clear, practical terms, helping stakeholders make informed decisions about accepting, mitigating or remediating, rather than presenting security as a blocker.
- Ownership of tasks, attention to detail and following through to conclusion.
- Ability to prioritise and remain agile with competing work demands.
- Comfortable working independently on technical delivery, seeing work through to a validated, evidenced conclusion.
A little about us Our purpose at Nucleus is to transform financial services and create better outcomes for our advisers and their clients. It is this purpose that drives everything we do. Whether you are working in a role that is client facing or not, you’ll need to be service obsessed to work here.
It’s a fast paced and exciting environment, and one where we believe you will get the chance to fulfil your potential and do work that really matters, to you and our clients. We believe in you having your own chunk of responsibility and being trusted to make things happen.
Nucleus’ culture is something our people believe sets us apart from other places they’ve worked. We think big, know our stuff and move at pace, but always empowering others along the way and breaking new ground to find better ways of doing things. We know that sometimes the right choice is not the easy one, so empowering each other and celebrating others' successes, as well as our own, is part of what makes us Nucleus #WeAreNucleus
Inclusion and diversity at Nucleus As with most things in life, who cares, wins. We really care about inclusion.
For us this is not a box-ticking thing, it’s a commercial imperative. It isn’t about being PC. It’s about being future relevant and durable.
Find out more on our inclusion page
We’re proud to partner Stonewall and be a diversity champion for Scotland. This partnership demonstrates our ongoing commitment to diversity by providing an environment where everyone feels welcome, able to be their authentic self and do the best work of their life.
We offer a generous blend of benefits for the things that really matter to our people, including pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options.