IT Security Engineer

The IT Security Operations Engineer is accountable for protecting the client's IT environment, helping to enhance the client's cyber resilience by proactively identifying, responding to, and resolving security incidents and vulnerabilities, ensuring IT services remain secure as threats evolve.

This role calls for strong hands-on capability with Microsoft 365 security tooling, Microsoft cloud and on-prem technologies, solid networking fundamentals, and ITIL-aligned operational practices. The engineer will partner closely with internal IT teams and external service providers to maintain a secure, compliant, and robust IT environment for the client.

What you'll be doing

• Investigate and follow up on security alerts across on-prem, cloud, and hybrid environments using SIEM, EDR/AV, Microsoft 365 security portals, and other security tools, driving root-cause analysis through to remediation.

• Stay on top of new vulnerabilities by monitoring CVE databases and threat intel sources, then lead the roll-out of fixes (patching, configuration updates, and security improvements).

• Respond to and contain security incidents using ITIL-aligned processes, escalating critical issues when required and contributing to thorough post-incident reviews.

• Help build and maintain operational documentation including SOPs, runbooks, procedures, and knowledge articles.

• Manage and continuously improve Microsoft 365 security configurations across the Defender suite (Endpoint, Office 365, Identity/Entra features).

• Oversee identity and access controls including Conditional Access, MFA, identity protection, and device compliance policies within Entra ID.

• Improve cloud security posture by reviewing Secure Score, compliance dashboards, and M365 posture recommendations.

• Track vulnerabilities end-to-end, maintaining oversight of remediation status through to closure.

• Support endpoint and system hardening across both cloud and on-prem estates, including patch compliance oversight and baseline enforcement.

• Contribute to governance, risk, and compliance activity, supporting ISO 27001/GDPR initiatives, maintaining security documentation, providing audit evidence, and assisting with risk assessments.

• Operate within ITIL processes (Incident, Problem, Change, Request) and participate in CAB discussions for security-related changes and deployments.

• Work closely with network teams to strengthen security controls across firewalls, VPNs, proxies, segmentation, routing policies, and investigate network-based threats (e.g., lateral movement, abnormal traffic).

• Drive continual service improvement across cyber operations and Microsoft 365 security services, helping enhance processes, tools, and ways of working.

What you'll bring

• Bachelor's degree in Computer Science, Information Technology, or a related discipline.

• 5+ years experience in cybersecurity engineering/operations, ideally within a regulated environment.

• Hands-on experience across SIEM, EDR/XDR, vulnerability management, and cloud security (particularly Microsoft 365/Azure)

• Strong working knowledge of Microsoft security tooling: Microsoft Defender suite, Conditional Access, MFA, Entra ID security/identity protection, and device compliance.

• Practical capability in threat detection and investigation workflows, including root-cause analysis and incident handling.

• Experience with vulnerability management tools and patching / remediation workflows.

• Solid understanding of network security fundamentals (firewalls, VPNs, IDS/IPS, proxies, DNS, TCP/IP) and the ability to support configuration/security reviews.

• Scripting capability for automation (PowerShell strongly preferred; Python also valuable), including creating or modifying scripts to improve security operations.

• Familiarity with ITIL-aligned service management processes (Incident, Problem, Change, Request), with strong documentation and process discipline.

Highly desirable certifications (or working toward):

• CISSP / CISM / CEH (or similar)

• Microsoft: SC-200, SC-300, SC-400, AZ-500, MS-102

• ITIL Foundation (or equivalent service management awareness)