Cyber Security Engineer in London

We are looking for Two Cyber Security Engineers to play a key, hands-on role in protecting our organisation from cyber threats. This is an operational security role, ideal for someone who enjoys investigating incidents, working across multiple security platforms, and making a tangible impact on an organisation’s cyber resilience. You will sit at the heart of our cyber defence operations, working daily with technologies including Microsoft O365 Defender, Entra ID, Intune, Rapid7 SIEM, and Sophos Antivirus. You’ll be responsible for monitoring security events, investigating suspicious activity, responding to incidents, and continuously improving our security posture.

This is a genuinely hands-on cyber security role with real responsibility and impact; you will have exposure to a broad security tooling landscape and real-world incidents. At Foresters we are a supportive, collaborative working environment and you will have ongoing opportunities to develop your technical skills and grow within cyber security.

What you will do:

• Security Monitoring & Incident Response

• Actively monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos AV.
• Investigate suspected cyber attacks including malware infections, phishing campaigns, identity compromise, and unauthorised access attempts.
• Perform triage, root cause analysis, containment, and remediation of security incidents.
• Lead or support incident response activities in line with internal policies and procedures.
• Escalate significant incidents appropriately and provide clear, timely updates to stakeholders.
• Proactively identify emerging threats, vulnerabilities, and attack patterns affecting the organisation.
• Tune and optimise security tools to reduce false positives and improve detection accuracy.
• Implement, manage, and maintain endpoint protection and security policies.
• Support vulnerability management activities, including remediation planning and risk tracking.

• Maintain and enhance security monitoring rules, alerts, and dashboards.
• Contribute to the development and maintenance of security runbooks and incident response playbooks.
• Support security audits, compliance activities, and risk assessments.
• Actively contribute to improving the organisation’s overall cyber security maturity.
• Work closely with IT, infrastructure, and service desk teams to resolve security-related issues.
• Produce clear, structured technical and non-technical incident reports.
• Identify trends in phishing or risky user behaviour and support security awareness initiatives.
• Assist with security-related projects and new technology deployments.

Working hours are 40 hours a week Monday to Friday. Start times are flexible from 7.30am to 9.30am. After a successful training period there is flexibility to work from home for 1 day a week.

What we require:

• Experience in a Cyber Security Engineer, SOC Analyst, or similar security-focused role.
• Hands-on experience with Microsoft Defender (Endpoint and/or O365 security).
• Experience using Rapid7 SIEM or a comparable SIEM platform for alerting and investigations.
• Experience managing or supporting Sophos Antivirus or other endpoint protection solutions.
• Strong understanding of common cyber threats, attack vectors, and incident response processes.
• Ability to analyse logs, alerts, and endpoint activity to determine scope, impact, and root cause.
• Good working knowledge of Windows environments and basic networking concepts.
• Strong documentation, reporting, and communication skills.
• Practical experience with security tools such as IDS/IPS, Metasploit, Nexpose, Nmap, Nessus, Wireshark, L0phtCrack, John the Ripper, or similar.
• Familiarity with recognised information security frameworks such as ISO 27001 and the NIST Cybersecurity Framework.

What we offer you:

• Basic salary up to £60000 per annum.
• Discretionary annual bonus dependent on your performance and company performance provided you are employed on bonus payment date.
• Annual holiday allowance of 25 days holiday plus bank holidays.
• Life Assurance (based on pensionable earnings).