Cyber Security Engineer

On behalf of Sellafield, we are looking for a Cyber Security Engineer (Inside IR35) for a 12 month contract based hybrid in Warrington - 2/3 days per week. Work at Sellafield Ltd, and you are not just building a career. You are embarking on a mission. Joining 11,000 people on a 100-year project transforming the Sellafield site for all the generations that follow. We have the site at Sellafield (West Cumbria) and our office at Risley (near Warrington). Join us and you will work shoulder-to-shoulder with industry-leading - sometimes world-leading - experts. There are generations and generations of knowledge here and people are only too willing to share it. Our culture of continuous improvement is underpinned by commitment to professional and personal development few can match. Our relentless pursuit of excellence is reflected in our health, safety, security, resilience, and environmental performance standards as well as the quality of the products and services we deliver to our customers.

SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.

• Subject Matter Expert (SME) for log source evaluation and onboarding into Azure Sentinel.
• Review existing on-premises logging configurations and recommend improvements for cloud ingestion.
• Conduct discovery and assessment of log sources, ensuring appropriate classification and prioritisation.
• Collaborate with Head of Cyber Operations and other security stakeholders to ensure accurate, consistent logging across platforms.
• Deploy and configure native and custom data connectors to support diverse log source integration.
• Maintain a standardised process for log source categorisation, enrichment, and validation.

• Assess, categorise, and prioritise existing log sources for migration based on telemetry value and risk.
• Coordinate connector deployment, workspace configuration, and diagnostic settings with platform teams.
• Configure and validate native, Syslog, API, and custom ingestion paths as needed.
• Ensure key log types (e.g., Windows Security, Firewall, DNS, Proxy, AD, Identity) are onboarded and actionable.
• Track onboarding progress and ingestion metrics using workbooks, dashboards, and reports.
• Document log schemas, ingestion frequency, source ownership, and normalisation mappings.

• Experience with Microsoft Azure security technologies, especially Azure Sentinel, Log Analytics, and Azure Monitor.
• Strong understanding of common log formats (Syslog, JSON, CEF, Windows Events, etc.).
• Familiarity with cloud migration strategies and hybrid logging environments.
• Strong documentation skills and attention to detail.
• Experience with security frameworks such as MITRE ATT&CK, NIST, and CAF.
• Ability to troubleshoot complex ingestion or parsing issues and resolve at speed.

• Proven experience onboarding and managing log sources in Azure Sentinel.
• Hands-on experience configuring data connectors and diagnostic settings in Azure.
• Solid understanding of use case development and detection engineering.
• Knowledge of PowerShell, KQL (Kusto Query Language), and JSON formatting.
• Familiarity with identity-related logs (Azure AD, ADFS, M365 Defender, etc.).
• Experience working in a Security Operations environment or supporting SOC functions.
• Understanding of network and host-based telemetry relevant for threat detection.

• Azure certifications (SC-200, AZ-500, MS-500).
• Experience with LogRhythm SIEM Platform.
• Knowledge of SOAR tools and automation (Logic Apps, Sentinel Playbooks).

Please be aware that this role can only be worked within the UK and not Overseas. Sellafield Ltd is committed to eliminating discrimination and encouraging diversity amongst its workforce.

As a member of the Disability Confident Scheme, Sellafield guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

Sellafield guarantees to interview veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following: "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different."