Security Engineer

Kennedys is looking for a Security Engineer to join Kennedys, who will be a vital member of our newly established SecOps team, reporting directly to the IT Security Manager. This position is crucial in implementing and maintaining robust security measures across our technology landscape, as well as managing incident response. The role involves developing, implementing, and sustaining security solutions designed to protect our systems against constantly evolving cyber threats, with a focus on transitioning to a zero-trust operating model. The Security Engineer will work collaboratively across IT functions, spearhead key security initiatives, and play a pivotal role in enhancing our overall security posture. The role will also support the firm in its pursuit of ISO 27001 certification and the implementation of CIS controls.

Team Kennedys' IT team is responsible for the maintenance of IT systems and security across the firm, including its portfolio of managed bespoke and off-the-shelf applications. This role will work across all IT functions and, in the case of broader projects, occasionally with other business functions within the firm. The majority of the global IT team are based in London and Chelmsford, although some staff are based in other UK and non-UK offices. As a team that provides a truly global service, the team are used to working flexibly and remotely.

Key responsibilities

• Maintain and optimise the Security platform, including configuring EDR policies, tuning SIEM rules, and optimising the system for performance.
• Monitor for security threats, analyse alerts, and respond to incidents using security tools; conduct vulnerability scans and support remediation and risk mitigation efforts.
• Lead and participate in incident response efforts, conducting root cause analysis and developing runbooks for incident handling.
• Oversee WAF, DDoS, VPN, and perimeter firewalls.
• Manage Email and Web Security Gateways.
• Maintain security certificates, encryption keys, and IDS/IPS systems.
• Perform security scanning and vulnerability management, taking proactive steps to reduce operational risk.

INFRASTRUCTURE & IDENTITY

• Work with network engineers to implement posture management, including ICE/NAC segmentation, lateral movement control, and firewalls.
• Work with the Endpoints team to administer MFA, SSO, PAM, MDM/MAM, and Conditional Access.
• Manage Identity and Access Management (IAM) solutions.
• Develop and deploy automation tools and scripts to streamline common IT Security Operations tasks.

COLLABORATION & GOVERNANCE

• Collaborate with third-party penetration testers to identify, prioritise, and remediate security vulnerabilities.
• Create detailed reports on detected threats, incidents, and response actions; document configurations, processes, and runbooks.
• Keep well-informed of the latest cybersecurity trends, emerging threats, and updates.
• Comply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards, Regulations, and Principle.

Required experience

• EDR – platform management, EDR policy configuration, and SIEM tuning.
• Microsoft Security: Defender (ATP), Azure Security Centre, Entra ID, Intune, Conditional Access.
• Next Gen firewalls: Palo Alto Prisma (preferred) or similar - configuration and management.
• Email security: Mimecast, Exchange Online, DMARC, and email DLP (Tessian or equivalent).
• Identity and Access Management: CyberArk, Entra ID, SSO, MFA, and PAM solutions.
• SIEM tooling: Sentinel, Exabeam, Splunk, or equivalent.
• Vulnerability management: Tenable or equivalent enterprise toolsets.
• Scripting and automation: PowerShell (preferred), KQL, or similar.
• Data Loss Prevention (DLP) solutions including MS Purview Compliance Manager.
• Certified Information Systems Security Professional (CISSP), desirable.
• CREST Practitioner Security Analyst (CPSA), desirable.
• Palo Alto Networks Certified Security Operations Professional, desirable.
• CEH, OSCP, SANS, or ISACA certifications are also welcomed.

*where a level of experience is indicated, this is a guideline only and represents the amount of time we would usually expect a candidate to accumulate the requisite level of experience. This does not preclude applications from candidates with more or less experience.