IT Security Engineer in London

The IT Security Engineer will be responsible for supporting the implementation, operation, and continuous improvement of Verne’s security operations capability across all regions, covering corporate IT environments and the interfaces to OT environments that support data centre operations. Based in the UK headquarters, this role will work closely with Compliance, Operations, IT, the Head of Information Security, and Verne’s SOC to help ensure that security controls are effective, practical, well documented, and capable of meeting both ISO-aligned requirements and demanding customer audit expectations. This is a senior individual contributor role with significant responsibility for the day-to-day operation of security monitoring, incident handling, security tooling, and technical control implementation across the organisation.

The role also has operational ownership of core security platforms and appliances, including their technical architecture, configuration, testing, change control, and ongoing reliability across IT environments and controlled IT/OT boundaries. This role operates within Verne’s broader information security framework and works closely with the Head of Information Security, who retains overall responsibility for enterprise security strategy, policy, and programme leadership.

Responsibilities

• Support the implementation, operation, and continuous improvement of Verne’s security operations activities across all regions.
• Define, maintain, and improve the technical architecture and deployment approach for operational security platforms and appliances across the organisation, in alignment with Verne’s wider information security framework.
• Own the administration, configuration, maintenance, and controlled change of key security platforms and appliances, including firewall infrastructure, centralised management platforms, SIEM, and related monitoring and protection technologies.
• Manage firewall rulesets, segmentation, policy deployment, firmware lifecycle, and associated controls across corporate IT environments and relevant OT-connected environments.
• Sandbox, test, sequence, and implement upgrades, patches, and configuration changes to security platforms in a disciplined manner, ensuring continuity of service and avoiding disruption to critical IT and OT operations.
• Maintain and support the practical enforcement of separation between IT and OT environments, ensuring that network boundaries, access paths, and security controls remain appropriate for both operational and development activities.
• Work with Infrastructure, Operations, and project teams to ensure that new deployments, system changes, and development activities preserve the intended security posture and controlled separation between IT and OT environments.
• Monitor, triage, investigate, and coordinate response to security alerts, incidents, suspicious activity, and control failures across the estate.
• Act as a key operational interface with Verne’s SOC, ensuring alerts, escalations, investigations, response actions, and service expectations are properly coordinated and followed through.
• Configure and continuously improve logging, alerting, dashboards, correlation rules, and reporting to strengthen visibility across networks, systems, endpoints, and relevant services.
• Support vulnerability management and remediation tracking, including following up on findings from scanning, audits, incidents, or control reviews and helping ensure timely closure.
• Support incident response processes, including investigation, containment, escalation, documentation, lessons learned, and corrective action tracking.
• Help maintain effective operational controls relating to access control, privileged access, endpoint protection, secure configuration, and other day-to-day security disciplines.
• Produce and maintain high-quality documentation, including security procedures, control descriptions, incident records, change records, exception logs, evidence packs, and knowledge base material.
• Support the maintenance of operational security records and evidence required to meet IMS requirements, ISO-aligned controls, and customer audit expectations.
• Work with Compliance to ensure that security operations activities, records, and controls align with IMS requirements and support internal and external audits.
• Support customer audits, due diligence requests, control walkthroughs, and remediation programmes related to cyber security and operational security controls.
• Support recurring reporting, dashboards, service trends, and control metrics for review by relevant stakeholders.
• Work within formal ticketing, incident, and change control processes, ensuring actions are properly logged, traceable, and closed out.
• Collaborate with site and central teams to ensure that security requirements remain practical and effective in critical operational environments and contribute to good operational discipline across the business.

The role will involve occasional travel to Verne sites and offices in support of audits, incident response, control reviews, operational changes, and project needs. Some out-of-hours support will be needed for incident response, security investigations, planned changes, or critical operational activities.

Candidate profile

The successful candidate will be disciplined, analytical, and well organised, with a strong sense of ownership and follow-through. They must be motivated and accustomed to working in a team environment, while also being capable of handling sensitive matters with discretion and good judgement. This role requires an individual who is comfortable operating in controlled environments, who values documentation and evidence, and who can balance security, practicality, and auditability in a growing multi-region business. The individual must be capable of maintaining a high operational standard across security platforms, security monitoring, and controlled IT/OT boundaries.

Essential

• Significant experience in IT security operations, cyber security engineering, or information security roles with strong operational responsibility.
• Experience administering and maintaining security platforms and appliances, including firewalls, centralised management tools, SIEM, or related monitoring and protection technologies.
• Experience managing controlled upgrades, patching, testing, and change sequencing for security infrastructure in environments where operational continuity is important.
• Experience investigating, coordinating, or responding to security incidents, alerts, and operational security issues.
• Good understanding of core security domains such as network security, identity and access management, endpoint security, vulnerability management, logging and monitoring, secure configuration, and incident response.
• Experience working with or alongside a SOC, including handling escalations, investigations, and response coordination.
• Experience maintaining network segmentation and controlled boundaries between different security zones, ideally including IT and OT or similarly sensitive environments.
• Experience working with ticketing, incident management, and change control processes.
• Strong documentation capability, including procedures, records, evidence, control descriptions, and incident notes.
• Experience supporting audit, compliance, or control assurance activities in environments subject to internal or external scrutiny.
• Ability to work effectively with Compliance, Operations, Infrastructure, IT, project teams, and information security stakeholders.
• Strong communication skills, with the ability to engage technical and non-technical audiences.
• Good organisational skills and the ability to manage multiple issues in a structured and dependable way.
• Awareness of the importance of procedural discipline and traceability in critical environments.

Desirable

• Experience with enterprise-class firewall and security infrastructure platforms, including next-generation firewalls, centralised management tools, and associated security services.
• Experience in ISO 27001-aligned environments or similar control frameworks.
• Familiarity with the NIST Cybersecurity Framework and its use in structuring cyber security outcomes and improvement plans.
• Exposure to OT, ICS, or other operationally critical environments.
• Experience with EDR, vulnerability scanning, or other security monitoring platforms in addition to SIEM.
• Experience supporting customer security questionnaires, audits, or due diligence processes.
• Experience producing KPI reporting, dashboards, or trend analysis, including the use of tools such as Power BI.
• Basic scripting, automation, or data-handling skills to support reporting and operational efficiency.
• Experience in data centre, infrastructure, or other business-critical operating environments.

Qualifications

Relevant experience in security operations and security engineering is more important than a specific degree requirement. A degree or technical qualification in cyber security, information security, computer science, information technology, or a related discipline would be beneficial. Relevant certifications such as Security+, SC-200, SC-300, Fortinet certifications, ISO 27001-related qualifications, or equivalent would be advantageous.

Key measures of success

• Security platforms and appliances are stable, well managed, documented, and changed in a controlled manner.
• Security operations processes are clear, practical, and consistently followed.
• Firewall, segmentation, and IT/OT boundary controls remain effective and aligned with operational needs.
• Strong quality of documentation, records, and audit evidence.
• Timely and effective handling of security alerts, incidents, vulnerabilities, and remediation actions.
• Good alignment between security operations practices and IMS requirements.
• Positive outcomes in ISO-aligned reviews, customer audits, and due diligence exercises.
• Effective collaboration with Compliance, Operations, IT, project stakeholders, information security stakeholders, and the SOC.
• Improved visibility of security posture through appropriate reporting, KPIs, and trend analysis.

What We Offer

• Opportunity to be part of a fast-growing, private equity-backed company.
• A dynamic, innovative, and inclusive working environment.
• Competitive compensation and benefits package.
• The chance to work with a talented and ambitious international team.