Job Title: MDA Security Operations (SecOps) Engineer
Clearance: DV required or ability to obtain
Location: Portsmouth
About the Role
We are seeking a hand-on Security Operations (SecOps) Engineer to secure and operate a MoD-hosted private cloud environment and its associated services.
You will play a key role in active defence of live services, combining security, vulnerability management, platform hardening, and operational security assurance.
You will work across infrastructure, platform and data layers to ensure systems are secure, compliant and resilient within a highly governed environment.
Key Responsibilities
Monitor and respond to security events, alerts and incidents across cloud, platform, and application layers.
Execute vulnerability scanning, patch assurance and configuration compliance checks.
Maintain security tooling such as SIEM, EDR, vulnerability scanners, and cloud-native controls.
Support ISO 27001 control operation and evidence collection.
Ensure compliance with MoD security standards including JSP 440 and SbD requirements.
Support internal/external audit, accreditation and remediation activities.
Maintain secure configurations, firewall rules, access control policies, and logging standards.
Provide security assurance during change, deployment and release activities.
Support improvement of SecOps processes, SOPs and monitoring automation.
Essential Skills
Experience operating within a Security Operations or SecOps function
Hands-on experience with SIEM (e.g. ELK), EDR and vulnerability tooling
Experience securing Linux and Windows environments
Understanding of ISO 27001 and secure configuration principles
Experience supporting cloud or virtualised platforms (e.g. VMware)
Ability to investigate and respond to security incidents
Strong understanding of operational security within governed environments
Eligible for DV clearance
Desirable
Experience in MOD or classified environments
Automation experience (Ansible, Terraform, scripting)
Experience with Nessus/Tenable or similar tools
Familiarity with JSP 440/441/453 and NCSC guidance
Role Purpose
To deliver security operations for a private cloud platform, ensuring systems are actively monitored, vulnerabilities are managed, and services remain secure, compliant and resilient.
Key Responsibilities
Security Monitoring & Response
Monitor SIEM, EDR and platform telemetry.
Investigate alerts and perform incident triage and escalation.
Conduct structured incident response activities.
Vulnerability & Patch Management
Execute vulnerability scans and interpret results.
Prioritise remediation based on risk and impact.
Track and verify remediation activities.
Platform Security Engineering
Maintain secure configurations across:
VMware / virtualisation platforms.
Linux and Windows systems.
Network security controls (firewalls, proxies).
Support least privilege and zero-trust principles.
Security Tooling & Automation
Operate and maintain SIEM, EDR and scanning tools.
Improve detection rules and alert quality.
Contribute to automation of security processes.
Compliance & Assurance
Support ISO 27001 control operation and evidence collection.
Maintain audit trails and configuration baselines.
Support JSP 440/441/453 compliance and accreditation.
Change & Release Security
Assess changes for security impact.
Ensure deployments meet security requirements.
Support secure-by-design implementation.
Documentation & Continuous Improvement
Maintain SOPs, runbooks and incident documentation.
Contribute to improvement of SecOps processes and tooling.
Essential Experience & Skills
Experience in Security Operations or SecOps.
SIEM, EDR and vulnerability management tooling experience.
Strong Linux/Windows security and administration knowledge.
Experience securing virtualised or cloud platforms.
Understanding of ISO 27001 controls and audit processes.
Ability to investigate and resolve security incidents.
Awareness of networking and infrastructure security.
Desirable
MOD or defence environment experience.
Knowledge of JSP 440/441/453.
Automation/scripting (Python, Bash, PowerShell).
Experience with VMware NSX-T, vSphere.
Security certifications (CISSP, Security+, GIAC etc.).
Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy