IT Security Engineer (Hybrid: 3 days on-site in Hertfordshire / 2 days remote) | £45-50k | Permanent SR2 is partnering with a well-established, member-owned UK organisation to hire an IT Security Engineer to strengthen cyber resilience and improve day-to-day security operations. This is a hands-on role sitting within IT, working closely with infrastructure and support teams to embed security into BAU and projects. What you'll be doing Own day-to-day vulnerability monitoring and remediation, including maintaining a vulnerability register and tracking actions to closure Triage, categorise and prioritise vulnerabilities based on risk, exposure and business impact Support patching, configuration hardening and decommissioning activities to reduce risk exposure Monitor and respond to security alerts and incidents, contributing to investigation and improvement actions Help improve detection and response capability (more proactive monitoring and response workflows) Work with external providers (e.g., SOC / security vendors ) to reduce high-priority risks Develop and maintain security playbooks (phishing, ransomware, account compromise, etc.) Provide security input into projects, changes and supplier reviews so security is built-in from the start Support audits / assessments (e.g., vulnerability assessments, pen tests, configuration benchmarks, PCI where relevant) Contribute to awareness initiatives and practical security guidance across the business Support progress against NIST CSF focus areas and maturity improvements What we're looking for 3 years in security operations / cybersecurity engineering (or strong IT ops experience with security ownership) Strong understanding of vulnerability management processes and risk-based prioritisation Familiarity with email endpoint security controls (e.g., Defender-style toolsets, phishing controls, email security) Awareness of IAM concepts: MFA, conditional access, privileged access/PIM Comfortable working with technical teams to get remediation delivered (patching cycles, change, infrastructure support) Clear communicator who can explain risk to both technical and non-technical stakeholders Bonus points for: SIEM exposure, threat hunting, cloud security, automation/scripting, infrastructure/networking Package £45-50k salary range Private medical insurance, life assurance, permanent health insurance Staff discount, interest-free loan scheme, sports & social club Working pattern Hybrid : 3 days per week on-site in Hertfordshire, 2 days remote Full-time: 37.5 hours/week