Senior Security Engineer – PEXA UK
We are seeking a Senior Security Engineer to provide hands‑on technical leadership within the UK, ensuring that cyber‑security strategy and architecture defined by Australia are implemented effectively across UK subsidiaries.
Location: Reading, England, United Kingdom
Employment Type: Contract
Key Responsibilities
Maintenance and Operational Security
* Ensure all security solutions remain operationally effective through regular checks and coordination with cross‑functional teams.
* Ensure timely patching, vulnerability remediation, and address findings from scans.
* Maintain and audit secure configurations for devices, applications, and cloud environments using approved baselines and CIS benchmarks.
Access Control and Identity Management
* Conduct regular user and privileged account reviews, ensuring least‑privilege principles and role‑based access control.
* Manage and monitor Privileged Identity Management (PIM) profiles and elevated access accounts.
* Coordinate onboarding/offboarding activities with IT and HR to ensure access consistency.
Tool, Infrastructure, and Encryption Management
* Maintain and optimise security infrastructure and tools, including firewalls, antivirus, WAF, cloud security posture management, and endpoint protection solutions.
* Oversee encryption key and certificate management across systems.
* Work with vendors and internal teams to keep tools current, licensed, and integrated effectively.
VPN, Network & Firewall Security
* Design, configure, and maintain secure VPN and Zero‑Trust network solutions for remote access and inter‑site connectivity.
* Manage access controls, MFA policies, and authentication mechanisms.
* Administer network firewalls – policy creation, rule optimisation, segmentation, and change management.
* Collaborate with SOC on investigation of network incidents and periodic penetration testing.
* Document network topology, firewall rules, and VPN configurations.
Endpoint Security
* Deploy, manage, and monitor EDR and associated endpoint controls.
* Maintain secure endpoint baselines covering patching, encryption, and vulnerability remediation.
* Integrate endpoint compliance and posture assessments with MDM platforms.
* Collaborate with SOC on endpoint incident investigations and automate configuration workflows.
DevSecOps & Application Security
* Provide hands‑on security guidance to development teams throughout the software lifecycle.
* Embed security into CI/CD pipelines (shift‑left) – including SAST/DAST, dependency management, and IaC security reviews.
* Support secure cloud architecture and application design, ensuring alignment with global reference architectures.
* Support application security testing, sign‑offs, and remediation of vulnerabilities.
Monitoring, Threat Management & Incident Response
* Collaborate with SOC to monitor, investigate, and triage security alerts and incidents.
* Conduct log and event analysis to support proactive detection and response.
* Participate in incident response, root cause analysis, and post‑incident reviews.
Governance, Compliance & Continuous Improvement
* Maintain documentation of network, endpoint, and security control configurations.
* Support compliance against ISO 27001, SOC 2, CIS benchmarks, and Cyber Essentials Plus.
* Participate in change management, risk assessments, and architecture reviews.
* Identify opportunities for process optimisation, automation, and continuous improvement.
Awareness & Training
* Assist with internal security awareness initiatives, including phishing simulations and staff training programmes.
* Promote a culture of security accountability across business units.
Partner & Vendor Engagement
* Serve as primary UK liaison with third‑party security partners for 24/7 SOC, firewall, and network operations.
* Ensure outsourcing arrangements deliver effective outcomes.
* Collaborate with procurement and security leadership on vendor performance and contractual governance.
Security Advisory & Collaboration
* Provide security consultancy to IT, DevOps, and Infrastructure teams during system upgrades and deployments.
* Contribute to vulnerability management and remediation planning.
* Evaluate emerging tools, frameworks, and technologies, leading proofs of concept and advising on procurement.
* Support penetration testing, application reviews, and other proactive security improvement initiatives.
Skills & Experience Required
* Proactive, can‑do attitude.
* Strong collaboration and communication skills.
* Experience achieving organisational adherence to security best practices.
* Experience protecting remote laptop estates and SaaS cloud solutions.
* Experience in identity and access management solutions.
* Experience in device business automation and updates.
* Experience in cloud web application hosting and WAF defence measures.
Desirable Technical Skills
* Palo Alto Cortex ERD
* Palo Alto Global Protect VPN
* Palo Alto Prisma Cloud Firewall
* Nucleus vulnerability management
* Airlocker application whitelisting
* Trend Micro and Abnormal email security
* OKTA / Entra IDAM
Equal Opportunity
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, sexual orientation, gender identity, age, national origin, disability status, veteran status or any other protected characteristic. GDPR Compliance – employer agrees to comply with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. Further information can be found in our privacy notice: https://pexa.co.uk/applicant-policy/
#J-18808-Ljbffr