Senior Security Engineer in Portsmouth

Join a leading UK data and software company shaping the future of geospatial and security innovation. Envitia is a UK-based software and services company that helps organisations unlock the full value of their data to make better, faster decisions. With over 30 years of experience, we specialise in delivering innovative software products, solutions, and consultancy services that transform complex data challenges into actionable insights. Our mission is to empower customers across defence, government, and national security sectors to harness the power of data — from geospatial intelligence to advanced analytics and AI integration.

The Role

Envitia is recruiting a Security Engineer to join our growing Engineering department, initially working on our largest defence programme. As part of the hosting engineering team, the successful candidate will specialise in the design, enhancement, and implementation of technical security controls across multi-tenant cloud hosting platforms that underpin our defence clients’ digital strategies. The role combines the delivery of new security features with the ongoing operation and support of live services. You will also work closely with new tenants to securely transition their applications onto the hosting environment. This is a hands-on security engineering role and is not focused on security accreditation or assurance activities. Instead, you will be responsible for specifying, configuring, implementing, and testing technical security measures that protect and strengthen the hosting platform.

Responsibilities

• Provide security engineering services as a member of the overall platform engineering service team.
• Secure all cloud infrastructure from both a deployment and detection standpoint.
• Coordinate and advise other team members on security approaches and industry best practices.
• Coordinate with MOD Security Authorities on risks and appropriate technical control options.
• Design, implement, manage and continually improve service-wide cloud security controls using the inherent / new security products and features provided on the existing hosting platform(s).
• Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), restrictions, and platform security controls.
• Monitor security control effectiveness and drive continuous improvement of cloud hosting security governance.
• Ensure all technical security measures from the boundary to the tenant applications are optimal and exceed the MOD specified minimum base security requirements.

Experience Required

• Experience with on-premises Security Information and Event Management (SIEM) systems (e.g., Fortinet, Splunk, Elastic).
• Ability to enhance, operate, and manage SIEM services for multi-tenant cloud platforms.
• Skills in event triage, escalation, and incident investigation, including collaboration with tenants and central SOC teams.
• Familiarity with real-time threat detection, monitoring, and alerting across network, boundary, hosting, and application layers.
• Hands-on experience with VMware Cloud Foundation (Incl. Aria operations and NSX-T) and related technologies in air-gapped or restricted environments.
• Security best practices, system and OS level security hardening (CISCAT, NIST benchmarking etc) security vulnerability scanning tools such as Nessus.

Desirable Skills

• Experience with infrastructure as code (IaC) tools (e.g., Terraform, Ansible, Packer) and containerization (e.g., Kubernetes, Tanzu).
• Ability to assist with Business Continuity Planning, Risk and Asset management and AI Security is desirable.
• Understanding of MOD security compliance, including UK Security Levels, Secure by Design and NIST frameworks.
• Experience in delivering and supporting accredited solutions at multiple classification levels.
• CI/CD pipeline security and DevSecOps methodologies.

Security Clearance Requirements

The successful candidate must be eligible to obtain and maintain a SC level security clearance, DV clearance is preferred.

Location

The role will require travel to Corsham 1 day a week and occasional site visits to Portsmouth and Horsham when required.

What it’s like to work at Envitia

At Envitia, we believe that our greatest asset is our people. We’re committed to fostering a work environment where every employee feels valued, supported, and motivated to excel. Our comprehensive benefits package is designed to enhance both your professional and personal wellbeing, including:

• Annual Leave: 25 days plus your birthday off, with the ability to buy or sell up to five additional days.
• Private Healthcare: Comprehensive coverage with additional options for family members.
• Training & Skills Development: Ongoing learning opportunities to help you advance your career.
• Fitness Reimbursement: Support for gym memberships or fitness-related expenses.
• Life Assurance: Extensive life insurance coverage for peace of mind.
• Pension Contribution: Competitive options to help you plan for a secure financial future.
• Perkbox Subscription: Discounts on a wide range of products and services.
• Flexible Work Arrangements: Designed to support work-life balance and personal commitments.
• Internal Reward Schemes: Recognition initiatives to celebrate your contributions and achievements.
• Community Engagement & Volunteering: Opportunities to support meaningful causes through company-sponsored programs.

Inclusion at Envitia

At Envitia, we celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applicants from all backgrounds and walks of life. We believe that our strength lies in our differences, and we are dedicated to fostering a workplace where everyone feels valued, respected, and empowered. We encourage applications from people of all abilities, ages, genders, sexual orientations, races, ethnicities, and religions. We strive to support a culture of inclusion, accessibility, and work-life balance. If you require any accommodations during the application or interview process, please let us know.