Cyber Security Operations Engineer – GLS Worldwide LLC
Salary: £40,000 – £50,000
Location: Sheffield City Centre (office-based)
We are looking for a Cyber Security Operations Engineer with strong SecOps, IAM, and cloud security experience to help elevate our security posture. The role focuses on identity, access governance, endpoint protection, threat detection, and operational security controls, while collaborating closely with our platform and engineering teams.
Key Responsibilities
Identity & Access Management (IAM)
* Own identity security across Entra ID and SaaS platforms.
* Implement and maintain Access policies aligned to best practice.
* Automate Joiner, Mover, Leaver (JML) processes where possible.
* Conduct monthly access reviews for critical systems and automate reporting.
* Enforce least privilege, role‑based access, and credential hygiene across all environments.
Security Operations
* Maintain an inventory of all SaaS applications, users, and access patterns.
* Manage endpoint security tools (AV/EDR) and ensure full device coverage and compliance.
* Monitor and enhance logging, alerting, and detection pipelines across cloud and SaaS systems.
* Work with our SOC partner on investigations, tuning, alert health, and visibility gaps.
* Perform vulnerability management across identities, devices, and cloud workloads.
Threat Intelligence, Hunting & Monitoring
* Integrate relevant CTI insights and attacker TTPs into detection and response workflows.
* Conduct targeted threat hunts using IOCs, behavioural patterns, and identity anomalies.
* Improve detections based on real‑world threats relevant to UniHomes.
Governance, Compliance & Operations
* Contribute to incident response planning and participate in post‑incident reviews.
* Pro‑active PEN testing and ownership of PEN test reporting.
* Support audit readiness by producing evidence of controls and maintaining documentation.
* Improve security processes, playbooks, and automation across IAM, SaaS, cloud, and endpoints.
* Clearly communicate security status, risks, and improvements across teams.
Platform Collaboration (not ownership)
* Work with platform engineers to ensure workloads follow secure configuration principles.
* Provide guidance on IAM, network access, logging, and hardening for AWS services.
* Support platform initiatives (e.g., observability, configuration standards, resilience) where security input is required.
Essential Skills and Experience
* SC-900 Compliance & Identity Fundamentals
* Microsoft Certified Associate‑level certifications in either SC-300/200/400/500
* Strong experience in identity security (Entra ID / Azure AD).
* Good understanding of IAM principles: RBAC, least privilege, Conditional Access, MFA.
* Experience with security operations, logging, and incident handling.
* Understanding DLP, or data governance tooling.
* Familiarity with Cyber Essentials, ISO27001, PCI DSS, or similar frameworks.
* Exposure to SIEM/SOC tools and detection tuning.
* Hands‑on experience with EDR/AV platforms and device security.
* Familiarity with automating security tasks using PowerShell, Python, or similar.
* Experience managing SaaS applications, user access, and configuration drift.
* Understanding of cloud security fundamentals (AWS or Azure).
* Strong analytical and problem‑solving skills with attention to detail.
* Effective communication skills and ability to work cross‑functionally.
* Proactive mindset with a desire to continuously improve security posture.
Desirable
* Experience with Infrastructure‑as‑Code concepts.
* Basic knowledge of Kubernetes (EKS) and container security.
* Experience supporting or participating in audits.
#J-18808-Ljbffr