Senior Security Engineer role at ADDEV Materials Aerospace.
Maintenance and Operational Security
* Control Effectiveness: Ensure all security solutions (e.g., firewalls, EDR, WAF, posture management) remain operationally effective through regular checks and coordination with cross-functional teams.
* Patch & Vulnerability Management: Ensure technical teams timely patch applications, systems, software, and hardware; address findings from vulnerability scans or penetration tests, remediating directly where possible or coordinating with system owners.
* Configuration Management: Maintain and audit secure configurations for devices, applications, and cloud environments, ensuring alignment with approved baselines and CIS benchmarks.
Access Control and Identity Management
* Reviews: Conduct regular user and privileged account reviews, ensuring least-privilege principles and appropriate role-based access control.
* Monitoring: Manage and monitor Privileged Identity Management (PIM) profiles and elevated access accounts.
* JML: Coordinate with IT and HR for onboarding/offboarding to ensure access consistency and policy compliance.
Tool, Infrastructure, and Encryption Management
* Maintain and optimise security infrastructure and tools, including firewalls, antivirus, WAF, cloud security posture management, and endpoint protection solutions.
* Oversee encryption key and certificate management, ensuring secure communication and data protection across systems.
* Work with vendors and internal teams to ensure tools remain current, licensed, and integrated effectively.
VPN, Network & Firewall Security
* Design, configure, and maintain secure VPN and Zero-Trust network solutions for remote access and inter-site connectivity.
* Manage access controls, MFA policies, and authentication mechanisms (certificates, SAML, device posture checks).
* Administer and maintain network firewalls, including policy creation, rule optimisation, segmentation, and change management.
* Collaborate with the SOC to investigate network-related incidents and participate in periodic penetration testing and remediation.
* Document network topology, firewall rules, and VPN configurations; ensure compliance with internal standards.
Endpoint Security
* Deploy, manage, and monitor Endpoint Detection & Response (EDR) and associated endpoint controls.
* Maintain secure endpoint baselines covering patching, encryption, and vulnerability remediation.
* Integrate endpoint compliance and posture assessments with MDM platforms (e.g., Intune).
* Work with the SOC on endpoint incident investigations and automate endpoint configuration workflows where possible.
DevSecOps & Application Security
* Provide hands‑on security guidance to development teams throughout the software lifecycle.
* Embed security into CI/CD pipelines (shift‑left) including SAST/DAST, dependency management, and IaC security reviews.
* Contribute to secure cloud architecture and application design, ensuring alignment with global reference architectures.
* Support application security testing, sign-offs, and remediation of vulnerabilities across development and cloud environments.
Monitoring, Threat Management & Incident Response
* Collaborate with the SOC team to monitor, investigate, and triage security alerts and incidents.
* Conduct log and event analysis to support proactive detection and response.
* Participate in incident response, root cause analysis, and post-incident reviews to strengthen preventive controls.
Governance, Compliance & Continuous Improvement
* Maintain accurate documentation of network, endpoint, and security control configurations.
* Support compliance efforts against frameworks such as ISO 27001, SOC 2, CIS benchmarks, and Cyber Essentials Plus.
* Participate in change management, risk assessments, and architecture reviews to identify potential security impacts.
* Identify process optimisation opportunities, automate repetitive tasks, and drive continuous control improvement.
Awareness & Training
* Assist with internal security awareness initiatives, including phishing simulations and staff training programs.
* Promote a culture of security accountability across business units through practical engagement and education.
Partner & Vendor Engagement
* Serve as the primary UK liaison with third‑party security partners for 24/7 SOC, firewall, and network operations.
* Ensure outsourcing arrangements deliver effective outcomes while maintaining internal ownership and oversight.
* Collaborate with AU procurement and security leadership on vendor performance and contractual governance.
Security Advisory & Collaboration
* Provide security consultancy and expertise to IT, DevOps, and Infrastructure teams during system upgrades and new deployments.
* Contribute to vulnerability management and remediation planning across diverse technology stacks.
* Evaluate emerging tools, frameworks, and security technologies, leading proofs of concept and advising on procurement.
* Support penetration testing, application reviews, and other proactive security improvement initiatives.
Skills & Experience Required
* Proactive, can‑do attitude to get things done quickly and efficiently.
* Strong collaboration and communication skills.
* Willingness to contribute ideas to the security programme.
* Demonstratable first‑hand experience in achieving organisational adherence to security best practices.
* Experience in the practical protection of a remote working laptop estate and SaaS cloud solutions.
* Experience in identity and access management solutions.
* Experience in device business automation and updates.
* Experience in the security aspects of cloud web application hosting and defence measures like WAF.
Technology Product Specific Desirable Skills
* Palo Alto Cortex ERD
* Palo Alto Global Protect VPN
* Palo Alto Prisma Cloud Firewall
* Nucleus vulnerability management
* Airlocker application whitelisting
* Trend Micro and Abnormal email security
* OKTA / Entra IDAM
Legal & EEO Compliance
The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found at https://pexa.co.uk/applicant-policy/.
Digital Completion UK Limited (trading name PEXA), Optima Legal Services Limited (trading name “Optima Legal”) and Smoove Limited (a holding company which comprises of the following wholly owned subsidiary companies: United Legal Services Limited, United Home Services Limited, Legal‑Eye Limited, and Amity Law Limited) are all owned directly by DigCom UK Holdings Limited, which is a wholly owned subsidiary of PEXA Group Limited in Australia (ACN 140 677 792; ASX: PXA) (referred to collectively as PEXA Group).
When we process your applicant personal data for recruitment purposes, we do so as a controller. If as part of the recruitment process, we share your personal data with another company within the PEXA Group, that company may process your personal data as either an independent controller or, in certain circumstances, a joint controller. By applying for this role, you consent to us processing your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, and further information can be found in our privacy notice https://pexa.co.uk/applicant-policy/.
#J-18808-Ljbffr