IT Security Engineer (Hybrid: 3 days on-site in Hertfordshire / 2 days remote) | £45–50k | Permanent
SR2 is partnering with a well-established, member-owned UK organisation to hire an IT Security Engineer to strengthen cyber resilience and improve day-to-day security operations. This is a hands-on role sitting within IT, working closely with infrastructure and support teams to embed security into BAU and projects.
What you’ll be doing
* Own day-to-day vulnerability monitoring and remediation, including maintaining a vulnerability register and tracking actions to closure
* Triage, categorise and prioritise vulnerabilities based on risk, exposure and business impact
* Support patching, configuration hardening and decommissioning activities to reduce risk exposure
* Monitor and respond to security alerts and incidents, contributing to investigation and improvement actions
* Help improve detection and response capability (more proactive monitoring and response workflows)
* Work with external providers (e.g., SOC / security vendors) to reduce high-priority risks
* Develop and maintain security playbooks (phishing, ransomware, account compromise, etc.)
* Provide security input into projects, changes and supplier reviews so security is built-in from the start
* Support audits / assessments (e.g., vulnerability assessments, pen tests, configuration benchmarks, PCI where relevant)
* Contribute to awareness initiatives and practical security guidance across the business
* Support progress against NIST CSF focus areas and maturity improvements
What we’re looking for
* 3+ years in security operations / cybersecurity engineering (or strong IT ops experience with security ownership)
* Strong understanding of vulnerability management processes and risk-based prioritisation
* Familiarity with email + endpoint security controls (e.g., Defender-style toolsets, phishing controls, email security)
* Awareness of IAM concepts: MFA, conditional access, privileged access/PIM
* Comfortable working with technical teams to get remediation delivered (patching cycles, change, infrastructure support)
* Clear communicator who can explain risk to both technical and non-technical stakeholders
* Bonus points for: SIEM exposure, threat hunting, cloud security, automation/scripting, infrastructure/networking
Package
* £45–50k salary range
* Private medical insurance, life assurance, permanent health insurance
* Staff discount, interest-free loan scheme, sports & social club
Working pattern
* Hybrid: 3 days per week on-site in Hertfordshire, 2 days remote
* Full-time: 37.5 hours/week