Overview
Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness unrelenting technological change to deliver innovations that provide a competitive advantage and improve everyday life worldwide.
As part of the Expleo Digital and Emerging Technology (DET) team, you will report to the Head of Cybersecurity and work within a dynamic, passionate, growing Cybersecurity Practice. You will be key in implementing cybersecurity solutions for current and new clients, supporting engagements across multiple sectors and technical environments.
This hands-on, client-facing position focuses on control implementation, infrastructure security hardening, technical remediation, and cyber risk reduction. You will be expected to work independently while maintaining alignment with industry standards and client requirements.
Responsibilities
Deliver and support the implementation of cybersecurity solutions across a wide range of client environments, ensuring alignment with industry standards and regulatory requirements.
Perform system and infrastructure hardening activities, including configuration reviews, security baseline application, and policy enforcement across cloud, on-premises, and hybrid environments.
Conduct technical control assessments, gap analysis, and remediation planning to address vulnerabilities, misconfigurations, and non-compliance issues.
Support the deployment of technical controls such as endpoint protection, access management, network segmentation, logging and monitoring solutions, and encryption mechanisms.
Collaborate with client stakeholders and internal teams to provide actionable guidance and implementation support tailored to specific business and regulatory contexts.
Contribute to security design reviews and technical workshops, offering practical insights to improve client security posture and delivery assurance.
Provide clear and concise technical documentation, including implementation guides, remediation reports, and configuration artefacts to support assurance and audit requirements.
Stay current with emerging cybersecurity threats, vulnerabilities, tools, and mitigation techniques to ensure that all recommendations and implementations reflect current best practices.
Provide technical expertise, solution context, and risk-based insights to support the sales and pre-engagement process and help shape the delivery scope and approach.
Contribute to continuously improving internal methodologies, tooling, and knowledge sharing to strengthen Expleo's Cybersecurity Practice and promote delivery excellence across all engagements.
Operate effectively in remote and on-site client environments, maintaining professionalism, delivery discipline, and stakeholder trust.
Qualifications
A degree (or equivalent experience) in Cybersecurity, Information Security, Computer Science, Network Engineering, or a related technical discipline.
Recognised industry certifications in cybersecurity or infrastructure security (CompTIA, ISACA, ISC2, GIAC, Microsoft, CREST, Cisco Security, or equivalent).
Certifications in security governance and frameworks: ISO/IEC 27001, IEC 62443, NIST CSF, CAF, or CIS Controls.
Additional vendor or platform-specific certifications (AWS, Azure, Microsoft, GCP, Palo Alto, CrowdStrike, Tenable) are advantageous
Essential skills
Strong understanding of core cybersecurity principles, including confidentiality, integrity, availability, and risk management.
Practical experience implementing security controls across IT/OT infrastructure.
Proficiency in system hardening techniques.
Ability to conduct technical risk assessments, identify control gaps, and propose actionable remediation plans.
Familiarity with enterprise security tools and platforms.
Strong troubleshooting and problem-solving skills with the ability to work independently across varied environments and technologies.
Excellent communication skills, with the ability to clearly explain technical risks and solutions to technical and non-technical stakeholders.
Desired skills
Familiarity with UK regulatory frameworks (NIS/NIS2, Ofgem CAF, ECAF, GDPR/DPA18, ISO 27001, or Cyber Essentials Plus).
Understanding secure architecture principles, including zero trust, defence-in-depth, and secure-by-design approaches.
Exposure to DevSecOps practices, security tooling integration into CI/CD pipelines, and secure development lifecycle support.
Awareness of threat intelligence, attack vectors, and emerging vulnerabilities across enterprise IT ecosystems.
Ability to contribute to client workshops, security design reviews, and collaborative problem-solving sessions.
Experience
Proven experience in a hands-on cybersecurity engineering or infrastructure security role, ideally within a consultancy, systems integrator, or multi-client environment.
Experience delivering technical cybersecurity controls, system hardening, and infrastructure remediation within complex IT environments.
Track record of operating effectively across multiple sectors or projects, adapting to new client requirements, technology stacks, and regulatory contexts.
Experience working directly with client stakeholders to gather technical requirements, explain security considerations, and support implementation activities.
Demonstrated ability to manage technical tasks independently, prioritise work, and deliver outcomes in line with project timelines and expectations.
Exposure to enterprise IT environments, cloud platforms, and standard security tools, with evidence of practical application in real-world delivery contexts
