Principal Cyber Security Engineer in London

Provide expert advice on the defences against cyber threats, data breaches, and emerging risks. This includes offering guidance on the selection, design, justification, implementation, and operational management of cybersecurity strategies, technologies, and standards. Contribute to the development and refinement of controls and processes to ensure the safety, confidentiality, integrity, availability, and overall security of data stored on systems. You will be responsible for identifying gaps in existing cybersecurity policies and procedures and, in collaboration with security, network, information governance, and technical leads, developing new measures to address these gaps.

KEY RESPONSIBILITIES:

• You will work closely with system and service owners, as well as internal and external stakeholders, to design, implement, and enforce appropriate protective and detective security controls, policies, and procedures.
• The role includes the administration and operational management of security tooling and SIEM platforms, with responsibility for monitoring, detecting, and responding to cyber threats, intrusions, and unauthorised or suspicious activity. This includes Microsoft Sentinel (data and source tuning, creation and maintenance of workbooks and connectors, and threat intelligence review), Microsoft Defender for Endpoint and Defender for Cloud, and Darktrace, including system and model tuning, email module management, and configuration of autonomous response actions.
• You will be responsible for incident response activities, including triaging security alerts, investigating incidents, coordinating escalation and remediation, and conducting root cause analysis. You must be able to communicate effectively about security incidents and cyber risks to both technical and non-technical stakeholders.
• The role works closely with the Security Operations Centre (SOC) partner, supporting the assessment and investigation of alerts and contributing to the development and refinement of incident response plans and playbooks.
• You will support vulnerability management activities, including vulnerability assessments, annual audits, and penetration testing. This includes preparing and presenting incident, threat, and compliance reporting to stakeholders at all levels, including compiling a monthly SIRO report.
• Continuous improvement is a core responsibility. You will conduct post-incident reviews, recommend control and process improvements, and contribute to the creation and maintenance of cybersecurity governance documentation. You will also research emerging cyber threats and mitigation strategies and provide reports or presentations to senior stakeholders as required.
• The role supports cybersecurity training and awareness initiatives, promoting a strong security culture and helping to upskill colleagues in cybersecurity best practices.
• You will also collaborate with solution architects and project teams to ensure security is embedded into system and application designs, supporting secure architecture and delivery from the outset.
• Ensure security operations align with regulatory standards and frameworks such as NIST, ISO 27001, and NCSC CAF.

Person Specification

Essential:

• Demonstrated experience with Microsoft Sentinel, Microsoft Defender for Endpoint/Cloud SIEM tools, threat intelligence platforms, and vulnerability management.
• Technical experience securing Microsoft Azure and Amazon Web Services cloud environments as well as on-premise/virtual Microsoft technologies.
• Strong analytical, communication, and problem-solving skills, including the ability to produce clear technical and non-technical reports.
• Ability to analyse and interpret security events/logs and perform remediation work to address security issues.

Desirable:

• Recognised cybersecurity certifications (e.g., CompTIA Security+, CEH, GIAC, CISSP).
• Experience with DarkTrace.

Qualifications

Bachelor's degree in Cybersecurity or Computer Science.