Senior Security Engineering Consultant in Hampshire

Nomios’ mission is to build a secure and connected future. Organisations across the globe depend on us to help secure and connect their digital infrastructures. As part of our continued UK growth, we are expanding our Professional Services capability and seeking a Security Engineering Consultant to deliver specialist security engineering and operations consultancy across our customer base. This is a hands‑on technical role within the Security Operations domain, focused on helping customers improve and automate their SOC functions, tooling, and detection capabilities. You will work across a range of technologies and engagements, from SOAR and SIEM implementation through to vulnerability management, exposure management, and process automation.

The Security Engineering Consultant role sits within the Security Operations Team, working directly with the Nomios SOC Engineering team. You will deliver a range of short to mid‑term customer projects, providing both technical engineering and advisory support across Security Operations tooling, architecture, and processes. Typical engagements include Azure Health Checks, SOAR and automation builds, SIEM and log source integration, parser creation, ruleset development, vulnerability management optimisation, and exposure management assessments. Around half of your time will be spent delivering customer‑facing Professional Services projects, with the remainder focused on supporting internal engineering initiatives, labs, roadmap activities and innovation within the broader Security Operations Team. This position suits an experienced SOC or Security Engineer who enjoys working across multiple environments and technologies, and who is comfortable engaging directly with customers as a trusted technical consultant. We are particularly interested in speaking to individuals with Azure and Cloud based skillsets.

Responsibilities

• Deliver Professional Services engagements across SOAR, SIEM, XDR, vulnerability and exposure management platforms
• Conduct Azure and cloud environment security health checks and configuration reviews
• Design and build SOAR playbooks, integrations, and automation frameworks
• Develop and maintain custom log source parsers, normalisation, and correlation logic
• Deploy, configure, and optimise SIEM and XDR solutions for customer environments
• Build and tune vulnerability management workflows and dashboards using common tools such as Rapid7, Tenable, and Qualys
• Perform CTEM‑related assessments using tools such as Cymulate or XM Cyber
• Produce clear technical documentation and customer deliverables following each engagement
• Work closely with the internal SOC Engineering team to align practices and share technical improvements
• Support engineering escalations and onboarding for customer environments
• Contribute to engineering design sessions, roadmap planning, and internal innovation projects
• Mentor and share knowledge with internal engineers and analysts
• Identify and implement automation and efficiency improvements across customer and internal toolsets
• Contribute to the development of reusable playbooks, connectors, and integration frameworks
• Support the continual enhancement of Nomios’ Professional Services delivery templates, labs, and testing environments

Job Requirements

We hire result‑orientated, smart, and high‑energy individuals who bring a can‑do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team.

Required skills

• Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure.
• Experience triaging and investigating security alerts.
• Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution).
• Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes.
• Hands‑on experience with at least one major security platform (SIEM, EDR or XDR).
• Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA.
• Familiarity with Windows event logs, authentication logs, basic process trees, and command‑line tools.