About Our Inside IR35 Security Engineer Contract Roles
What does a security engineer contractor do?
Organisations bring in Security Engineer contractors to implement, configure, manage, and improve the technical security controls and tooling that protect an organisation's systems, data, and users from cyber threats. The work spans a wide range of technical security disciplines: configuring and managing security tools including SIEM, EDR, firewalls, and vulnerability scanning platforms, implementing security automation and orchestration workflows, conducting vulnerability management programmes, performing security configuration reviews and hardening, supporting incident response activities, and building the security monitoring and detection capabilities that enable a security operations team to identify and respond to threats effectively.
Security Engineer contractors are expected to have genuine hands-on technical security skills rather than purely advisory or governance expertise, distinguishing the role from Security Architects and GRC specialists. Strong knowledge of at least one primary security technology domain is expected, whether endpoint security and EDR, network security including firewall administration and network segmentation, SIEM engineering and detection rule development, vulnerability management, or identity security. Cloud security engineering experience, particularly the ability to implement and manage security controls within AWS, Azure, or GCP environments using native security services and third-party cloud security tooling, is increasingly expected. The ability to write scripts and automation in Python, PowerShell, or Bash to automate security tasks, improve detection capabilities, and integrate security tooling is expected by most clients at senior Security Engineer level. Security certifications including CISSP, CEH, CompTIA Security+, or vendor-specific credentials relevant to the tooling in use are well regarded.
What is the market like for security engineer contractors?
The Security Engineer contract market is a consistently active and well-paying market within the cybersecurity contractor space, driven by the growing volume and sophistication of cyber threats and the structural need for technical security capability across organisations of all sizes and sectors. Financial services, healthcare, retail, and critical national infrastructure are the most consistent buyers. The adoption of cloud infrastructure has significantly expanded the scope of security engineering work, creating demand for engineers who combine traditional network and endpoint security skills with cloud-native security engineering capability. Supply of Security Engineers with the combination of technical depth, tooling breadth, and cloud security knowledge required is limited relative to demand, supporting strong rates across the discipline.
What does Inside IR35 mean?
IR35 is UK tax legislation that determines whether a contractor is genuinely self-employed or working in a manner that resembles employment. When a contract is classified as inside IR35, income tax and National Insurance are deducted at source, typically via an umbrella company or agency PAYE. Headline day rates on inside IR35 engagements are generally higher than equivalent outside IR35 roles to account for the tax and employment cost structure.
Inside IR35 determinations are made where the working arrangements are considered to resemble employment, based on factors including the level of client control, the absence of a genuine right of substitution, and the presence of mutuality of obligation. Since April 2021, the end client is responsible for making this determination for medium and large private sector organisations. Many employers in financial services, government, and professional services assess the majority of their contractor engagements as inside IR35.
On QualityContracts.co.uk, approximately 49% of roles with a stated IR35 status are classified as inside IR35, making it the most common arrangement across the contract market. The proportion varies by sector and role type. Each listing on this page displays its IR35 status where provided by the hiring organisation.
What security engineer roles are usually Inside IR35?
Security engineering leans inside IR35 at around 75% of contracts with a stated status. The operational dimension of security engineering, maintaining security tooling, responding to alerts, managing vulnerability remediation, and supporting incident response, embeds contractors in the client's security operations team. Financial services firms, government departments, and large enterprises with SOC operations hire security engineers for sustained inside IR35 engagements. The persistent shortage of security talent keeps rates strong.
How much do security engineer contractors usually earn when working Inside IR35?
Contract rates for security engineer roles typically range from £550 to £950 per day, depending on the scope of the role, required expertise, and the delivery expectations of the engagement. Inside IR35 rates are typically 15% to 30% higher than equivalent outside IR35 roles to account for tax and national insurance deducted at source by the fee-payer.
How many Inside IR35 security engineer vacancies are there on Quality Contracts?
Over the past twelve months, we have tracked over 150 security engineer contract roles across the site. Around one third of the roles currently listed on the site fall Inside IR35. Data reviewed up to June 2026.