Security Platform Engineering Manager in London

Location: London; Working pattern: 37.5 hours per week, Monday – Friday. Hybrid working arrangements; location London/Peterborough with potential travel to divisional sites as required by advisory engagements.

Salary: £84,000 - £100,000. Benefits: Car allowance, Bupa, matched pension contributions.

Overview: The Group Cyber Security (GCS) team manages cyber risk across the Group, operating a federated model spanning 11 divisions and over 50 countries. GCS sets cyber standards, measures compliance, and delivers centrally managed security services. The Cyber Advisory Services function translates Group standards into divisional context.

Role Summary: Reporting to the Deputy Group CISO, the Security Platform Engineering Manager is the technical owner and custodian of the Group’s security tooling portfolio. This role ensures platforms are configured correctly, exploited fully, evolved continuously, and deliver security outcomes and ROI. The role is hands-on, curious, and proactive, with in-depth knowledge of the platform capabilities and vendor roadmaps. Platforms in scope include Microsoft Defender (M365 Defender suite), Zscaler, Qualys, Abnormal Security, Axonius, and other centrally managed security technologies as the portfolio evolves. The Manager works closely with the Security Operations Centre (SOC) and operations teams, Cyber Architecture, and the Group CTO to align platform plans with architectural roadmaps and broader technology strategy. The role leads a small team of permanent engineers and flexible resources.

Role Responsibilities / Accountabilities:

• Security Platform Ownership & Technical Stewardship: Act as the technical product owner for each platform in the GCS security tooling portfolio; take accountability for health, configuration, and ongoing development. Maintain deep technical knowledge of each platform, including capabilities, vendor roadmaps, and potential new use cases. Ensure platforms are configured to their optimal state; enforce policies, enable licensable features, and avoid unused capabilities without documented rationale. Identify opportunities to apply platform capabilities to business or security problems before new expenditure is considered.
• Technical Configuration, Policy & Security Standards Alignment: Own and maintain technical configuration baselines; document, version-control, change-manage, and audit platform configurations; translate Group standards into enforceable settings. Align configurations with the Group’s cyber enterprise architecture; flag divergences between as-built and as-designed states. Provide expert technical guidance to divisional IT and security teams on deployment and configuration to meet standards while accommodating divisional requirements.
• Platform Roadmap Development & Lifecycle Management: Develop and own a rolling platform development roadmap; align with cyber strategy, vendor roadmaps, and SOC/business requirements. Lead platform replacement or consolidation assessments; work with the Cyber Architecture Manager on business cases and transition plans. Ensure roadmaps integrate with the Group CTO technology strategy and architecture roadmap; surface dependencies and opportunities early. Maintain visibility of licence entitlements; optimise license usage and provide evidence-based renewal recommendations.
• Vendor Engagement, Partnership & Return on Investment: Build relationships with vendor technical and commercial teams; gain early access to roadmaps and best practices. Ensure maximum value from each platform; track ROI and present findings to Deputy CISO and senior stakeholders based on security outcomes. Collaborate with vendors to address gaps; escalate issues, influence product direction, and ensure value from services. Provide input to contract renewals, procurement decisions, and licence negotiations with operational evidence.
• SOC, Operations & Stakeholder Alignment: Work with SOC and security operations to tune platforms for detection, investigation, and response; act as primary technical escalation for platform issues affecting SOC. Participate in prioritisation with SOC, operations, architecture, and leadership to focus engineering on impactful changes. Collaborate with the Group CTO function to integrate platform plans with broader IT strategy; surface cross-functional dependencies. Coordinate with Cyber Architecture Manager to ensure engineering aligns with the enterprise architecture and participates in design authority decisions.
• Team Leadership & Resourcing: Lead, develop, and motivate a small team of permanent engineers and flexible resources; set expectations and foster technical excellence. Prioritise deployment of engineering resources across platform portfolio and project demand; balance BAU with transformation work. Encourage knowledge sharing, documentation, and runbooks to reduce key-person dependency.
• Transformation, Continuous Improvement & Innovation: Lead engineering delivery for the GCS transformation programme for platforms in scope; minimise business and SOC disruption. Promote continuous improvement; review configurations and performance, driving incremental improvements routinely. Stay current with platform and product engineering trends; present evidence-based innovations to leadership.

Experience, Knowledge, Skills & Attributes:

Essential Experience: 8+ years in cyber security with hands-on experience in security platform engineering, security operations technology, or equivalent. Deep technical expertise in at least two platforms including configuration, policy management, and tuning. Experience as a platform/product owner for enterprise security technology, including managing configurations, licences, vendor relationships, and roadmaps. Experience partnering with a SOC to understand how platform configuration affects detection and analyst effectiveness. Experience managing a small technical team, including line management and contractor resources. Experience managing vendor relationships for strategic security products, including technical reviews and renewal input.

Knowledge & Skills: Genuine technical curiosity and product passion; ability to understand platform depth and apply it to problems. Strong working knowledge of the Microsoft security stack. Understanding of security platform integration patterns and how to design integrations for efficiency and detection. Ability to communicate status, recommendations, and roadmap to technical and senior non-technical stakeholders; evidence-based investment cases. Commercial awareness of licence terms, features, and security outcomes; ability to engage in vendor and procurement discussions.

Qualifications: Degree-level education in computer science, information security, or related field; or equivalent experience. Relevant professional certification: CISSP, CISM, CompTIA Security+, or vendor-specific certifications.

Desirable: Experience in a large FMCG, retail, or FTSE-listed manufacturing organisation; understanding federated, multi-divisional estates. Experience managing full platform lifecycle from procurement to replacement in an enterprise security product. Technical lead or engineering management experience within a managed SOC or MSSP environment. Experience in formal M365 E5 or enterprise security deployment programs, including migrations from legacy tooling. Hands-on experience with security automation and orchestration. Familiarity with OT/ICS security monitoring tools and understanding of applying enterprise security to OT environments. Understanding of CAASM platforms for continuous controls visibility and asset inventory accuracy. Understanding of identity security concepts and their interaction with Defender/Zscaler. Awareness of broader security tools and integration considerations. Advanced vendor certifications across multiple platforms and membership in professional bodies welcomed.