The Post
We are seeking a proactive and technically skilled Cyber Security Engineer to join our team and bridge the gap between first line support and senior cyber leadership. This role focuses on strengthening systems, applying secure‑by‑design principles, managing vulnerabilities, and resolving complex security incidents. It is ideal for someone with a strong security mindset, a hands‑on approach, and the ability to translate threats into action.
Description of Duties
Secure Configuration and Technical Hardening
* Working with the infrastructure team, to ensure endpoint, server, and infrastructure configurations align with CIS benchmarks and best practices
* Collaborate across teams to embed secure‑by‑design principles into projects, technical designs, and operational changes, ensuring secure configuration baselines are implemented across cloud and on‑premise systems
* Conduct security assessments of applications and software, identifying vulnerabilities, and providing actionable recommendations for risk mitigation
Vulnerability Management and Technical Remediation
* Coordinate regular vulnerability scanning and work with infrastructure teams to prioritise, implement, and verify timely remediation actions, including patch management, to reduce risk exposure
* Track and document vulnerabilities, exceptions, and mitigation actions to ensure comprehensive risk management
Cloud Infrastructure Security
* Partner with the Cloud Specialist to enhance cloud security, implementing best practices and exploring solutions like Kubernetes, cloud‑native firewalls, and automated monitoring
Threat Intelligence and Landscape Monitoring
* Monitor emerging cyber threats, tools, and tactics, translating relevant intelligence into actionable, risk‑based recommendations
* Present threat insights and trends to internal stakeholders, tailoring the depth and delivery to suit technical teams, operational leads, and senior decision‑makers, including in briefings and the monthly Security Review Group
Incident Response and Forensics
* Investigate and resolve complex security incidents, such as malware infections, phishing, or unauthorised access
* Document findings, decisions, and actions during incident resolution, including root cause analysis and proposed improvements to mitigate future risk
* Conduct forensic analysis where necessary
Collaboration and Continuous Improvement
* Assist with security reviews, technical change assessments, and architectural evaluations
* Maintain and update security operating procedures, knowledgebase content, and guidance material
* Contribute to accreditation efforts (e.g. ISO27001, Cyber Essentials Plus)
#J-18808-Ljbffr