Senior Network Engineer

We are exclusively partnered with a leading UK retail organisation that is currently undergoing a significant digital transformation. We are seeking a technical and hands-on Senior Security Engineer to design, implement, and operate robust security controls across a complex hybrid environment.

In this role, you will bridge the gap between strategy and execution, serving as a technical authority for cloud platforms, identity systems, and endpoint security. You will collaborate closely with Network, Infrastructure, and Application teams to ensure that "secure-by-design" solutions are woven into the fabric of the entire ecosystem., * Hybrid Architecture & Governance: Design and implement security controls across Azure, on-prem servers, and SaaS applications while maintaining hardening standards based on CIS and NIST benchmarks.

• Identity & Access Security: Define standards for Entra ID and Active Directory, overseeing requirements for Conditional Access, MFA, SSO, and PIM.
• Threat Detection & Incident Response: Own and operate the SIEM/SOAR stack, including Microsoft Sentinel and Defender XDR, to develop detection rules and support forensic investigations.
• Infrastructure Hardening: Enforce secure baselines across virtualized environments (VMware/Hyper-V), Windows Servers, and Azure IaaS workloads.
• Data Protection: Manage the certificate lifecycle (PKI/AD CS) and implement data classification and DLP strategies using Microsoft Purview.
• Cloud Security Posture: Manage Azure Landing Zone security and connectivity, collaborating with Network Engineering to validate secure firewall and VPN configurations.
• Compliance & Risk: Support audit readiness for ISO 27001, PCI DSS, and Cyber Essentials Plus, ensuring all remediation progress is tracked and documented.

• Experience: 5-10 years in cloud or infrastructure security roles.
• Azure Expertise: Deep experience with Defender for Cloud, Sentinel, and Azure security configurations.
• Identity Mastery: Strong knowledge of Microsoft Entra ID, AD DS, RBAC, and hybrid identity security.
• Technical Proficiency: Hands-on experience with EDR (MDE), CSPM tools, and vulnerability management platforms.
• Security Principles: Practical understanding of Zero Trust architecture and secure-by-design methodologies.
• Compliance Knowledge: Familiarity with PCI DSS, NIST, and ISO 27001 frameworks.

Desirable Skills:

• Awareness of AWS security fundamentals (Guard Duty, KMS, IAM Identity Center).
• Experience with Infrastructure as Code (IaC) security (Terraform, Bicep) and DevSecOps practices.
• Scripting for automation using PowerShell or Python., * Education: Bachelor's degree in Computer Science, Information Security, or equivalent experience.
• Certifications: Preferred certifications include AZ-500, SC-300, SC-100, or CISSP/CCSP.
• Attributes: An analytical mindset with the ability to remain composed under pressure during security incidents.
• Collaboration: Excellent communication skills to engage with diverse stakeholders across the technology organization.