Cyber Platform Engineer

Overview

Company: FTSE 100

Reports to: Security Platform Engineering Manager

Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place).

Salary: £59,000 - £72,000

Benefits: Bupa, Matched pension contributions.

The Role

Group Cyber Security Overview

The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. This is a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus.

It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on.

The Security Platform Engineering function is central to that portfolio – responsible for ensuring that the security tools the Group invests in are deeply understood, expertly configured, continuously improved, and consistently delivering their intended security and business value.

Role Summary

Reporting to the Security Platform Engineering Manager, the Cyber Platform Engineer is a hands-on technical specialist responsible for the day-to-day engineering, configuration, and operational health of one or more security platforms within the GCS portfolio. The role sits at the technical heart of the platform engineering function – doing the detailed, expert work that keeps the security tools performing at their best, configured to the right standards, and evolving in line with the Group’s needs and the vendor’s roadmap.

The platforms in scope include Microsoft Defender (across the M365 Defender suite), Zscaler, Qualys, Abnormal Security, and Axonius. The Cyber Platform Engineer will typically own deep expertise in one or two of these platforms and maintain solid working knowledge across the others. The role shares the mindset that defines the whole function: genuine curiosity about the tools under its care, a desire to understand and exploit their full capability, and an instinct to identify where existing platform features can be applied creatively to address new problems rather than defaulting to new tooling.

The Cyber Platform Engineer works closely with the SOC and security operations teams to ensure platforms are tuned for effective detection and response, and provides technical support and configuration guidance to divisional IT and security teams who are deploying or operating centrally managed platforms in their environments.

Role Responsibilities / Accountabilities

• Platform Engineering & Technical Configuration
  • Own the technical configuration and day-to-day engineering of assigned platforms within the GCS portfolio; maintain configurations to the approved baseline, apply updates and changes through the change management process, and ensure platform health is actively monitored and maintained.
  • Develop and maintain detailed configuration documentation, runbooks, and change records for assigned platforms; ensure that configuration state is consistently documented, version-controlled, and auditable by the Security Platform Engineering Manager or by assurance functions.
  • Utilising the Run team - Identify and implement improvements to platform configurations that improve security outcomes, reduce operational noise, or unlock additional capability; bring well-evidenced proposals to the Security Platform Engineering Manager for review before implementation.
  • Maintain deep, current technical knowledge of assigned platforms; stay ahead of vendor releases, patch notes, and roadmap updates, and flag relevant developments to the Security Platform Engineering Manager with a view on their implications.
• Policy Configuration & Standards Alignment
  • Translate Group cyber technical standards into platform-level policy configurations; ensure that policy settings in assigned platforms enforce the correct security controls, are consistently applied across all in-scope environments, and align with the Group cyber enterprise architecture.
  • Identify and report divergence between the approved configuration baseline and the as-built state of assigned platforms; investigate root causes, assess risk, and work with the Security Platform Engineering Manager to agree and implement remediation.
  • Provide technical configuration guidance to divisional IT and security teams deploying or operating centrally managed platforms in their environments; act as the technical point of contact for platform-specific queries, ensuring divisional implementations meet Group standards.
• SOC Support & Operational Tuning
  • Work closely with the SOC and security operations teams to tune platform configurations for effective detection and response; adjust detection rules, alert thresholds, and data feeds in response to operational feedback, ensuring SOC analysts receive high-fidelity, actionable alerts.
  • Act as the technical escalation point for platform-related operational issues raised by the SOC; diagnose platform problems, engage vendor support where required, and drive issues to resolution with minimal impact on SOC operational effectiveness.
  • Develop and maintain platform integration configurations that connect assigned platforms to the SIEM, SOAR, and other operational tooling; ensure data feeds are reliable, well-formed, and provide the SOC with the visibility needed to detect and respond to threats effectively.
• Platform Capability Development & Innovation
  • Actively explore the full capability of assigned platforms; identify licensable features, beta capabilities, and underused functionality that could improve the security posture, and bring well-structured proposals to the Security Platform Engineering Manager for consideration.
  • Design and implement automation and integration workflows that improve the efficiency and effectiveness of platform operations; develop scripts, API integrations, and orchestration logic that reduce manual effort and enable platform capabilities to be delivered at scale.
  • Support the delivery of platform deployments, upgrades, and new capability rollouts as part of the GCS transformation programme; plan and execute engineering work with precision, minimising disruption to the business and to SOC operations throughout.
• Vendor Engagement & Licence Management
  • Maintain productive working relationships with vendor technical teams for assigned platforms; engage effectively with vendor support for issue resolution, participate in technical briefings and product roadmap sessions, and escalate product deficiencies through appropriate channels.
  • Maintain accurate records of licence entitlements, feature adoption, and consumption for assigned platforms; flag any discrepancies, unused entitlements, or upcoming renewal milestones to the Security Platform Engineering Manager in a timely manner.

Experience, Knowledge, Skills & Attributes

Essential

• Experience
  • 4+ years in a cyber security engineering or security operations technology role, with hands-on technical experience configuring and managing enterprise security platforms.
  • Demonstrable, deep technical expertise in at least one platform from the portfolio – Microsoft Defender / M365 Defender suite, Zscaler, Qualys, Abnormal Security, or Axonius – including hands-on configuration, policy management, and operational tuning at enterprise scale.
  • Experience working closely with a SOC or security operations team, with an understanding of how platform configuration decisions affect detection quality, alert fidelity, and analyst workflow.
  • Experience maintaining configuration documentation and operating within a structured change management process for security platforms.
  • Experience engaging with vendor technical support teams, logging and escalating issues effectively, and driving platform problems to resolution.
• Knowledge & Skills
  • Genuine technical curiosity: the instinct to explore platforms beyond surface-level familiarity, understand their full capability depth, and think creatively about how features can be applied to solve real security problems.
  • Strong working knowledge of the Microsoft security stack, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, and M365 security policy configuration.
  • Understanding of security platform integration patterns, including API connectivity, SIEM/SOAR data feeds, and log forwarding; practical experience implementing or maintaining at least one such integration.
  • Ability to produce clear technical documentation – configuration records, runbooks, change requests – to a consistent and auditable standard.

Qualifications

• Degree-level education in computer science, information security, or a related technical discipline; or equivalent professional experience.
• Vendor certification in at least one of the platforms in scope (e.g. Microsoft SC-200, SC-300, AZ-500; Zscaler ZCCA-IA or ZCCA-PA; Qualys certification; or equivalent).

Desirable

• Experience
  • Experience in a large FMCG, food and beverage, retail, or FTSE-listed organisation, with exposure to the complexity of securing a highly federated, multi-divisional estate.
  • Experience working within a managed SOC or MSSP environment as a platform engineer or technical specialist, providing engineering support to security operations teams.
  • Hands-on experience with security automation and scripting: PowerShell, Python, API integrations, or SOAR playbook development.
  • Experience participating in a formal M365 E5 deployment or migration programme, including configuration of Defender workloads and integration with Sentinel.
• Knowledge & Skills
  • Expertise in a second platform from the portfolio, providing broader coverage across the security tooling estate.
  • Understanding of identity security concepts – Entra ID, conditional access policy design, privileged identity management – and their interaction with Defender and Zscaler configurations.
  • Familiarity with CAASM concepts and Axonius as a platform for continuous asset visibility and controls monitoring.
  • Awareness of OT/ICS security monitoring considerations and the challenges of extending enterprise platform coverage into operational technology network zones.
• Qualifications
  • Additional vendor certifications across a second or third platform in the portfolio (e.g. Microsoft SC-100, Zscaler ZCCP, or Qualys advanced certifications).
  • CISSP, CISM, or CompTIA Security+ demonstrating broader security knowledge alongside platform-specific expertise.