Senior Security Engineer

We are looking for a Security Engineer to design, implement, and operate security controls across a hybrid environment spanning Microsoft Azure, on‑prem infrastructure, SaaS platforms, and a large UK retail footprint.

This is a hands‑on technical role with architectural influence, focused on identity security, cloud security posture, threat detection, endpoint and server hardening, data protection, and compliance. You’ll work closely with Network Engineering, Infrastructure, Cloud, and Application teams to ensure security is embedded by design across the organisation.

• London Based

What You’ll Be Doing

• Design and operate security controls across Azure, on‑prem servers, and SaaS applications
• Define and maintain security baselines aligned to Microsoft, CIS, NIST, and Zero Trust principles
• Govern cloud security using Azure Policy and Defender for Cloud
• Provide security requirements and oversight for identity and access management, implemented by IAM teams
• Own and operate SIEM, SOAR, and detection tooling (Microsoft Sentinel, Defender XDR)
• Investigate and support incident response across identity, endpoints, servers, and cloud workloads
• Implement and oversee endpoint and server security (hardening, EDR, vulnerability remediation)
• Operate data protection controls including encryption, Key Vault, PKI, DLP, and sensitivity labels
• Support compliance and audit activities (ISO 27001, PCI DSS, Cyber Essentials Plus, NIST)
• Produce security documentation, runbooks, and audit artefacts
• Collaborate closely with Network Engineering on segmentation, firewall governance, and secure connectivity
• Provide security guidance across projects, platform changes, and operational teams
• Strong hands‑on experience securing Azure environments
• Deep knowledge of Microsoft Entra ID, Active Directory, MFA, Conditional Access, PIM, and RBAC
• Experience with SIEM/SOAR, EDR, CSPM, and vulnerability management tools
• Practical experience securing Windows Server, domain controllers, PKI/ADCS, and hybrid identity
• Solid understanding of Zero Trust and secure‑by‑design architecture
• Working knowledge of PCI DSS, ISO 27001, Cyber Essentials Plus, and NIST
• Strong investigation, log analysis, and incident response skills
• AWS security fundamentals (IAM, GuardDuty, Security Hub, KMS)
• DevSecOps or CI/CD security practices
• Infrastructure-as-Code security (Terraform, Bicep)