Cyber Security Engineer

Overview

What we’re all about. Do you ever have the urge to do things better than the last time? We do. And it’s this urge that drives us every day. Our environment of discovery and innovation means we’re able to create deep and valuable relationships with our clients to create real change for them and their industries. It’s what got us here – and it’s what will make our future. At Quantexa, you’ll experience autonomy and support in equal measures allowing you to form a career that matches your ambitions.

The opportunity

The Cyber Security Engineer is a hands-on operational role within the Security Operations team, protecting Quantexa. The role is responsible for the day-to-day operation, optimisation, and monitoring of core security platforms, with a focus on Wiz (Cloud monitoring), Zscaler (Web Security/Tunnel 2.0) and CrowdStrike (Endpoint Detection and Response).

Working closely with the wider Security Operations team, you will ensure that security alerts, findings, and detections are promptly triaged, validated, logged and effectively remediated. The role contributes directly to improving Quantexa’s security posture by reducing risk, strengthening detection capability, and supporting timely response to security events.

This position is well suited to a highly technical, curious and observant practitioner who enjoys working with key security tooling, values disciplined execution and can operate confidently within established processes while identifying opportunities for continuous improvement.

What you’ll be doing

• Wiz (Cloud Security Posture Management)
  • Monitor and triage Wiz findings daily, validating alerts and determining operational impact.
  • Perform tuning and threat hunting within Wiz and other tooling.
  • Identify misconfigurations, excessive permissions, and exposed assets, escalating where required.
  • Track remediation progress with engineering owners and ensure closure of high-priority issues.
• Zscaler (Web Security / Tunnel 2.0)
  • Review and triage Zscaler alerts and policy violations, following documented response procedures.
  • Investigate suspicious traffic, access attempts, and user activity to determine legitimacy and risk.
  • Support enforcement actions by validating policy alignment and working with IT and Cloud teams to remediate issues.
  • Monitor coverage and configuration across users and locations, identifying gaps or misconfigurations.
  • Support policy tuning by analysing false positives and recommending rule or policy adjustments.
  • Contribute to playbook development, operational maturity, and ongoing service readiness.
• CrowdStrike (Endpoint Detection and Response)
  • Review and triage endpoint detections, applying documented response steps.
  • Execute containment actions, including network isolation and sensor troubleshooting.
  • Validate full sensor coverage across the estate and address gaps in coordination with IT.
  • Support tuning activities by analysing false positives and proposing rule refinements.
  • Contribute to playbook improvements and operational readiness tasks.
• Security Operations
  • Conduct initial investigation of security incidents, collect evidence, and escalate based on severity with a keen eye on the quality of the output.
  • Perform daily review of alerts across SIEM, Wiz, CrowdStrike, and other platforms.
  • Validate vulnerabilities and configuration weaknesses raised by scanning tools.
  • Interpret and operationalise threat intelligence, understand how it informs detection, prioritisation, and response activities, and clearly communicate technical threat intelligence to non-technical stakeholders.
  • Support cloud security controls, identity hygiene checks, and network policy reviews.
  • Contribute to the ongoing maturity and documentation of operational processes.
• Collaboration and Ways of Working
  • Act as a trusted operational partner to the Cyber Security Manager and the wider Information Security team, providing proactive support and consistent engagement.
  • Partner closely with DevOps, IT, and Engineering teams to drive timely and effective remediation actions.
  • Deliver clear and concise updates on incidents and operational activities proactively, without the need for prompting.
  • Actively participate in team stand ups, contributing constructively to continuous improvement and operational maturity.
  • Support senior engineers with platform enhancements, integrations, and controlled change activities.

What you’ll bring

• Demonstrated hands-on experience with security operations, incident triage, or vulnerability management.
• Familiarity with EDR platforms (ideally CrowdStrike) and security telemetry analysis.
• Knowledge of cloud environments, particularly Azure including Entra and Conditional Access, and a good understanding of cloud security concepts.
• Ability to understand alert context, assess impact, and follow structured response processes.
• Strong attention to detail, disciplined documentation, and good communication skills.

Mandatory Proficiency in the Following Platforms

• Practical experience with core security platforms, including Wiz for cloud posture and workload visibility, CrowdStrike for endpoint detection and response, and Zscaler for secure access and traffic inspection.
• Familiarity with insider risk and secret detection tooling, such as CyberHaven and GitGuardian, with the ability to support basic investigations and configuration checks.
• Working knowledge of CI/CD pipelines and DevOps tooling, including the ability to follow established security checks within delivery workflows.
• Exposure to native cloud security services (e.g. Azure Security Center, Google Cloud Command Center) for posture review, alert triage, and configuration validation.

Education & Certifications

• Minimum of 8 years of professional experience in cybersecurity.
• Master’s degree in information security, Computer Science, or related discipline.

Preferred Industry Certifications (Evidence required):

• GIAC certifications such as GCIA, GCED, GCIH, GDAT, GDSA or GMON, Microsoft Certified Identity and Access Administrator Associate (SC-300), Microsoft Certified Security Operations Analyst Associate (SC-200).

Expectations and Mindset

• Proactiveness: Take initiative, seek out information, do not sit back and wait, drive your own knowledge alongside that of other guidance provided by the team, and always ask questions.
• Communication: Keep stakeholders informed, ask questions, and ensure clarity in all interactions.
• Forward thinking: Anticipate challenges and issues, think strategically, and look for opportunities for improvement.
• Team Communication: Follow up with the team and make sure you are seen and known, be heard and build strong relationships and establish your presence.

Perks and our culture

We offer a range of benefits to support your work and well-being, including competitive salary, bonus, hybrid work options, private healthcare, generous leave, and more.

Our mission

We have one mission: to help businesses grow, to make data easier, and to make the world a better place. We’re not a start-up, but we are a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction – the future.

It’s all about you

We are an Equal Opportunity Employer. We value inclusion and diversity in our work environment. Regardless of race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity or ableness – if you are passionate, curious and caring, we want to hear from you.