Infrastructure Security Engineer in Winchester

Location - London or Winchester with hybrid working as per departmental requirements (currently a MINIMUM of 40% (2 days per week). LCP is an award-winning actuarial and analytics consultancy providing market-leading capabilities and advice across pensions and financial services, energy, and health. We use powerful analytics fused with human expertise to shape a more positive future.

This role is perfectly poised at the intersection of traditional Infrastructure Security operations and the future's promise of AI and automation. As a Security Engineer you will be 75% Hands‑On and 25% Policy/Process management. As LCP embarks on this transformative journey, the Infrastructure Security Engineer will be pivotal in ensuring a blend of technological innovation with a deeply human touch. Beyond just problem‑solving, this role offers the chosen candidates an opportunity for personal and professional growth. We're not just seeking individuals to join us; we're seeking visionaries who will evolve with us, taking ownership of their development and skills as the landscape of service support undergoes this exciting metamorphosis. The aim remains consistent: to uphold LCP's unwavering commitment to exceptional user experience across all locations.

What will you be doing?

• Secure LCP's infrastructure, spanning multiple physical office (UK and Europe) and numerous Cloud subscriptions, through a balanced‑risk approach.
• Design and implement technical information security controls and countermeasures, ensuring alignment with the risks they are intended to mitigate.
• Work with an outsourced Security Operations Centre (SOC), maintaining threat detection and response processes in conjunction with the InfoSec team to ensure its continued effectiveness.
• Effectively operate established technical information security controls and countermeasures, ensuring adherence to policy and compliance requirements.
• Deliver standardised security measures for cloud resource templates and configuration baselines, that enable approved teams to efficiently self‑serve pre‑configured resources.
• Automate manual or repetitive tasks, improving the end‑to‑end efficiency of technical security measures.
• Respond to new and emerging security threats and vulnerabilities, effectively engaging in cross‑functional collaboration as needed.
• Conduct security incident investigations, collaborating with technical and non‑technical stakeholders as appropriate, with the aim of identifying root cause, threat vector utilised, scope of compromise and related remedial and preventative actions.
• Implement and administer technical security tooling (Such as Defender for Cloud, Defender for End‑Point, Nessus, etc), training others as required.
• Optimise the cost of cloud‑based security measures, ensuring they remain fit‑for‑purpose and right‑sized as part of overall infrastructure efficiency.
• Constantly maintain and develop awareness of emerging threats and vulnerabilities and the techniques used to mitigate them.
• Coordinate with internal and external stakeholders.
• Partner with InfoSec to deliver on key information security risk related initiatives, ensuring compliance to patching and vulnerability policies.
• Partner with Product and Platform team members in respect of secure coding practices and security measures within the infrastructure resources they utilise.
• Establish and cultivate relationships, being a trusted advisor and technical point of contact within the firm's engineering community.

What skills and experience are we looking for?

• First‑hand experience and knowledge of modern information security methodologies, techniques, and tooling, spanning both physical and cloud infrastructure.
• Knowledge of key security standards/frameworks including ISO 27001, NIST, and CIS.
• Experience of securing infrastructure within a DevOps organisation - including secure coding standards, automation and enterprise monitoring and reporting tools specifically within Microsoft Azure.
• Demonstrable experience of security controls and countermeasures within IP based networks, WAN technologies, virtual server technologies and Microsoft Cloud on Windows and Linux.
• Demonstrable experience working with DLP and EDR technologies such as Microsoft Defender.
• Demonstrable first‑hand experience with modern Security Information and Event Management (SIEM) solutions and related workflow automation (SOAR).
• Ability to proactively own and coordinate resolving security issues, to ensure solutions continue to meet business needs.
• Ability to break a problem down into its component parts to identify and diagnose root causes, troubleshooting and identify problems across different technology capabilities.
• Strong planning and organisational skills, including the ability to coordinate several work streams simultaneously, while balancing priorities and quality.
• Excellent communication skills with a capacity to present, discuss and explain issues coherently and logically, both in writing and orally.
• Ability to balance conflicting and changing demands through prioritisation and pragmatism.

What's in it for you?

• Hybrid working (see top of the advert for details).
• Professional study support (where applicable).
• Access to our internal Wellbeing, LGBTQ+, Multicultural and Women's networks.

For your family:

• Life assurance.
• Income protection.
• Enhanced maternity/paternity/adoption and shared parental leave.

For your health:

• 26 days annual leave (pro‑rata for part‑time working) plus bank holidays (most of which can be taken flexibly!) with options to buy & sell holiday.
• Private medical insurance.
• Discounted gym memberships, critical illness and dental insurance through our flexible benefits.
• Eye care vouchers.
• Cycle to work scheme.
• Digital GP services.

For your wealth:

• Competitive pension scheme.
• Discretionary bonus scheme.
• High street discounts.
• Season ticket loans.

For others:

• Volunteering opportunities.

For the environment:

• Electric vehicle salary sacrifice scheme (qualifying period applies).

And much more! We continuously strive to build an inclusive workplace where all forms of diversity are valued, including age, background, disability, gender, gender identity, gender expression, race, religion or sexual orientation. LCP is committed to making our opportunities accessible to all and would welcome you getting in touch to let us know if an adjustment can be made to help with your application. This may be extra time for assessments, pre‑interview site visits, interview structure or questions, or asking us about building accessibility. Whatever it may be, please get in touch via our dedicated email address - [email protected] to discuss how we can support you with your application.

Recruitment agencies LCP operates a Preferred Supplier List (PSL) for recruitment agencies which is reviewed annually. We do not accept unsolicited CVs from agencies who are not part of our current PSL. LCP only pay agency fees where we have a signed agreement in place, and the agency has been instructed by a member of our recruitment team to supply CVs via the Applicant Tracking System (ATS) for a legitimate, open vacancy. If this process is not adhered to, LCP reserve the right to contact these candidates directly and have discussions with them without paying any agency fees. We do not pay agency fees when speculative and unsolicited CVs are submitted to any employee or Partner at LCP.