Job Summary
The Cyber Essentials Security Consultant will play a key role within SilvaTech’s cyber security practice, delivering Cyber Essentials (CE) and Cyber Essentials Plus (CE+) assessments, vulnerability assessments, vulnerability management services, penetration testing support, and practical security consultancy. Working closely with clients, the role will help organisations achieve and maintain certification, identify and remediate security risks, validate the effectiveness of security controls, and make measurable improvements to their cyber security posture. As part of an ISO 27001 and ISO 9001 certified organisation, the consultant will also contribute to continual improvement across information security and quality management processes.
What success looks like
Success in this role means working independently to deliver high-quality CE and CE+ assessments, producing clear and actionable reports, building trusted client relationships, and helping organisations reduce cyber security risk. The successful candidate will be able to combine technical knowledge with practical advice, ensuring clients understand their risks, prioritise remediation effectively, and make measurable improvements to their security posture.
Key Responsibilities
Cyber Essentials delivery
- Deliver CE and CE+ assessments in accordance with IASME and NCSC requirements.
- Review CE submissions and provide practical remediation guidance to clients.
- Conduct Cyber Essentials Plus audits.
- Support organisations through certification, re-certification, and remediation programmes.
- Act as a trusted advisor throughout the assessment lifecycle.
Vulnerability assessment and management
- Conduct internal and external vulnerability assessments using industry-standard tools.
- Perform authenticated and unauthenticated vulnerability scanning.
- Validate findings and identify false positives.
- Deliver ongoing vulnerability management services for managed security customers.
- Track vulnerabilities through remediation and closure.
- Maintain vulnerability registers and risk treatment plans.
Client reporting and consultancy
- Independently produce professional client-facing assessment reports.
- Provide consultancy across Microsoft 365, Entra ID, Intune, Defender, Azure, and cloud technologies.
- Deliver remediation workshops and security advisory engagements.
Security improvement and governance
- Conduct security reviews and gap assessments.
- Contribute to continual improvement across information security and quality management processes.
Required Skills & Qualifications
- Cyber Essentials Assessor qualification.
- Cyber Essentials Plus Assessor qualification or willingness to obtain.
- Experience within cyber security, vulnerability management, or security consultancy.
- Three years of work experience in IT or cyber security within the last five years.
- Experience with Tenable Vulnerability Management and Tenable Nessus Professional.
- Strong understanding of Microsoft 365, Entra ID, Intune, Defender and Azure.
Desirable Skills & Certifications
- NCSC Cyber Scheme Team Member qualification, or progress towards it.
- Microsoft security certifications such as SC-200, SC-300, SC-400, AZ-500 or MS-102.
- Experience with Microsoft Sentinel, Defender XDR, Defender for Endpoint, Defender for Cloud or Microsoft Purview.
- Experience with Tenable.io, Qualys, Rapid7, OpenVAS or similar vulnerability management tools.
- Penetration testing methodologies, including OWASP Top 10, internal infrastructure testing, external perimeter testing and report writing.
- Knowledge of ISO 27001, ISO 9001, NIST Cybersecurity Framework, CIS Controls or similar security frameworks.
- Experience working in an MSP, MSSP, consultancy or cyber assessment body.
Company Culture & Values
We aim to provide organisations with security-focused solutions – empowering them to gain a competitive edge in an ever-evolving threat landscape. Our brand values are:
- Cool-headed – Always calm; our clients can rely on us to deliver a well-reasoned solution.
- Empathetic – We put ourselves in our client’s shoes and work with them to understand and resolve their technology challenges.
- Honest – We act with integrity and always in the best interests of our clients.
- Ardent – We’re passionate about what we do and are committed to delivering the best service for our clients.
Salary & Benefits
- £40,000 - £50,000 p/a, depending on skills and experience.
- The opportunity to work with a people-focused organisation.
- Fully remote working 37.5 hours (5 days) per week between Monday to Friday 9am to 5.30pm.
- You are entitled to 25 days' annual leave per calendar year, plus the usual bank and public holidays in England and Wales.
- Private healthcare for yourself and immediate family.
- Opportunities for professional growth, mentoring and support in obtaining certifications.
Pay: £40,000.00-£50,000.00 per year
Benefits:
- Private medical insurance
- Work from home
Application question(s):
- What interests you most about joining SilvaTech?
- Tell us about a recent situation where you helped a colleague or client overcome a challenge.
- How do you keep yourself calm and focused when things get busy?
- What kind of team environment helps you do your best work?
- All Assessors for the Cyber Essentials scheme must be based in the UK or the Crown Dependencies. Are you located in the UK?
Work Location: Hybrid remote in Exeter (Devon)