Senior Security Engineer

Senior Security Engineer
London (2x a week)
Permanent

About the Role
We are exclusively partnered with a leading UK retail organisation that is currently undergoing a significant digital transformation. We are seeking a technical and hands-on Senior Security Engineer to design, implement, and operate robust security controls across a complex hybrid environment.

In this role, you will bridge the gap between strategy and execution, serving as a technical authority for cloud platforms, identity systems, and endpoint security. You will collaborate closely with Network, Infrastructure, and Application teams to ensure that "secure-by-design" solutions are woven into the fabric of the entire ecosystem.

Key Responsibilities
Hybrid Architecture & Governance: Design and implement security controls across Azure, on-prem servers, and SaaS applications while maintaining hardening standards based on CIS and NIST benchmarks.

Identity & Access Security: Define standards for Entra ID and Active Directory, overseeing requirements for Conditional Access, MFA, SSO, and PIM.

Threat Detection & Incident Response: Own and operate the SIEM/SOAR stack, including Microsoft Sentinel and Defender XDR, to develop detection rules and support forensic investigations.

Infrastructure Hardening: Enforce secure baselines across virtualized environments (VMware/Hyper-V), Windows Servers, and Azure IaaS workloads.

Data Protection: Manage the certificate lifecycle (PKI/AD CS) and implement data classification and DLP strategies using Microsoft Purview.

Cloud Security Posture: Manage Azure Landing Zone security and connectivity, collaborating with Network Engineering to validate secure firewall and VPN configurations.

Compliance & Risk: Support audit readiness for ISO 27001, PCI DSS, and Cyber Essentials Plus, ensuring all remediation progress is tracked and documented.

Essential Skills & Experience:

Experience: 5–10 years in cloud or infrastructure security roles.

Azure Expertise: Deep experience with Defender for Cloud, Sentinel, and Azure security configurations.

Identity Mastery: Strong knowledge of Microsoft Entra ID, AD DS, RBAC, and hybrid identity security.

Technical Proficiency: Hands-on experience with EDR (MDE), CSPM tools, and vulnerability management platforms.

Security Principles: Practical understanding of Zero Trust architecture and secure-by-design methodologies.

Compliance Knowledge: Familiarity with PCI DSS, NIST, and ISO 27001 frameworks.

Desirable Skills:

Awareness of AWS security fundamentals (Guard Duty, KMS, IAM Identity Centre).

Experience with Infrastructure as Code (IaC) security (Terraform, Bicep) and DevSecOps practices.

Scripting for automation using PowerShell or Python.

Qualifications & Soft Skills
Education: Bachelor’s degree in Computer Science, Information Security, or equivalent experience.

Certifications: Preferred certifications include AZ-500, SC-300, SC-100, or CISSP/CCSP.

Attributes: An analytical mindset with the ability to remain composed under pressure during security incidents.

Collaboration: Excellent communication skills to engage with diverse stakeholders across the technology organization.

Eligo Recruitment is acting as an Employment Business in relation to this vacancy. Eligo is proud to be an equal opportunity employer dedicated to fostering diversity and creating an inclusive and equitable environment for employees and applicants. We actively celebrate and embrace differences, including but not limited to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran status, and disability. We encourage applications from individuals of all backgrounds and experiences and all will be considered for employment without discrimination. At Eligo Recruitment diversity, equity and inclusion is integral to achieving our mission to ensure every workplace reflects the richness of human diversity