Security Engineer

ABOUT THE ROLE

We are looking for a talented and driven senior Security Engineer. You will take ownership of security audits, compliance activities, and day-to-day operational security tasks across our environment. You will work closely with engineering, IT, and business stakeholders to advise on, protect and ensure security for our systems, data, and customers. This is a broad, high-impact role suited to someone who is comfortable moving between hands-on technical work, senior level advising and structured compliance activities. Equally comfortable reviewing SIEM alerts and preparing evidence for an ISO 27001 audit.

KEY RESPONSIBILITIES

COMPLIANCE & AUDITS

• Lead and support internal and external security audits, including ISO 27001, SOC 2 Type II, and GDPR-related assessments.
• Maintain and evolve the Information Security Management System (ISMS), including policies, procedures, and risk registers.
• Coordinate with external auditors and manage the evidence collection process.
• Track audit findings and remediation activities through to closure, providing regular status updates to stakeholders.
• Support Data Protection Impact Assessments (DPIAs) and ensure ongoing GDPR compliance across business processes.
• Assist in third-party vendor security assessments and due diligence reviews.

CLOUD SECURITY

• Monitor and improve security posture across cloud environments (AWS, Azure, or GCP), including IAM, network controls, and storage security.
• Implement and maintain Cloud Security Posture Management (CSPM) tooling and review findings.
• Contribute to secure architecture reviews for new cloud services and infrastructure changes.
• Ensure cloud configurations align with CIS Benchmarks and internal security standards.
• Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines (DevSecOps).

PENETRATION TESTING

• Scope, coordinate, and manage internal and external penetration tests with third-party providers.
• Conduct vulnerability assessments and targeted internal testing on applications, networks, and infrastructure.
• Review pentest reports, triage findings, and work with engineering teams to drive timely remediation.
• Maintain a vulnerability management programme, including patching SLAs and risk acceptance processes.
• Stay current on emerging threats, CVEs, and attack techniques relevant to the company's environment.

SECURITY OPERATIONS (SOC / SIEM)

• Implement, operate and tune SIEM tooling (e.g. Splunk, Microsoft Sentinel, or similar) to detect threats and reduce false positives.
• Identify, triage and investigate security alerts, leading incident response activities where required.
• Develop and refine detection rules, playbooks, and response procedures.
• Perform log analysis and threat hunting across endpoint, network, and cloud telemetry.
• Maintain and test the Incident Response Plan (IRP), including tabletop exercises.

GENERAL SECURITY

• Act as a point of contact for security queries from internal teams and promote a security-aware culture.
• Guide, contribute and disseminate security awareness training and phishing simulation programmes.
• Produce regular reporting on security metrics and KPIs, making recommendations and managing remedial actions.
• Understanding, developing and supporting the security aspects of business continuity and disaster recovery planning.

REQUIREMENTS

ESSENTIAL

• Min 4–5 years of experience in an information security, security engineering, or similar role.
• Demonstrable experience with at least two of the following frameworks: ISO 27001, SOC 2, GDPR, Cyber Essentials Plus, or NIST CSF.