Cyber Security Engineer

The Cyber Security Engineer will help protect and improve security across a hybrid IT environment, spanning Microsoft Azure cloud services, on-prem VMware infrastructure, and the network estate (including Cisco Meraki). The role is hands-on and operational, partnering with IT teams to implement security controls, support monitoring and incident response through Sophos MDR, and improve cyber resilience by supporting Disaster Recovery (DR) testing and Business Continuity (BC) readiness., Cloud Security (Azure)

·Implement and maintain Azure security controls across identity, networking, compute and storage.

·Support governance guardrails (Azure Policy), secure baselines and logging/monitoring for cloud workloads.

·Contribute to security design reviews for new services and changes to ensure secure-by-default patterns.

On-Prem Security (VMware)

·Support hardening and secure operation of VMware vSphere (vCenter/ESXi) and associated management networks.

·Assist with vulnerability remediation, patching coordination and secure configuration for Windows/Linux servers.

·Improve segmentation and admin access controls for critical systems and management planes.

Network Security (Cisco Meraki)

·Support secure configuration of Cisco Meraki (MX/MS/MR as applicable), including firewall rules, segmentation (VLANs) and secure admin access.

·Assist with secure remote access/VPN configurations where required and ensure changes follow change control.

·Enable and review network security logging/alerting (e.g., syslog/SIEM integrations where applicable).

Monitoring, Detection & Incident Response (Sophos MDR)

·Act as the internal technical point of contact for Sophos MDR and ensure smooth collaboration with MDR analysts.

·Maintain coverage and telemetry health (endpoints/servers) and support onboarding of new assets into MDR.

·Triage MDR escalations, coordinate containment/remediation with IT teams, and document outcomes and lessons learned.

·Maintain and improve incident runbooks and response playbooks; support post-incident improvements.

Vulnerability & Secure Configuration

·Support vulnerability scanning, prioritisation, remediation tracking and verification.

·Help define and apply secure configuration baselines (e.g., CIS-aligned) across cloud, servers and network devices.

·Work with IT teams to reduce attack surface and prevent repeat security issues.

·Update, maintain and improve security policies, standards and supporting procedures to reflect evolving threats, business needs and technology changes.

Disaster Recovery (DR) & Business Continuity (BC) Support

·Support DR & BC testing activities. Assist planning, execution support, recovery validation and evidence capture.

·Help maintain recovery runbooks, dependency maps, and escalation/communications pathways for major incidents.

·Support secure backup and recovery practices (access control, separation of duties, restoration validation).

Ways of Working

·Collaborate closely with internal infrastructure, business systems, service desk teams, relevant business units, and delivery partners; ensure standards and runbooks are thoroughly documented so Security knowledge is accessible and not confined to a single individual.

·Participate as part of the out-of-hours support team rota.

·Demonstrable experience in a cyber security engineering / infrastructure security role within a hybrid environment.

·Hands-on knowledge of Azure security fundamentals (identity, networking, logging/monitoring, governance).

·Practical understanding of VMware vSphere (vCenter/ESXi) and on-prem infrastructure fundamentals.

·Networking security fundamentals: segmentation (VLANs), firewall policy management, VPN concepts, and logging/visibility.

·Experience supporting security monitoring and incident handling processes, working with operational IT teams.

·Experience supporting DR testing and recovery activities (planning support, execution support, documentation).

What We're Looking For (Must-have)

·Strong technical troubleshooting and methodical approach to investigations.

·Ability to communicate clearly with both technical and non-technical stakeholders.

·Good documentation discipline (runbooks, diagrams, test evidence).

·Ability to prioritise and manage multiple tasks in a busy operational environment.

·Ownership mindset-drives actions through to completion and follows up on remediation.

Nice-to-have

·Experience with Sophos Central / Sophos MDR operations (coverage management, escalation handling, policy tuning).

·Familiarity with Microsoft Defender suite and/or Microsoft Sentinel.

·Scripting/automation skills (PowerShell, KQL, Python).

·Knowledge of ransomware recovery patterns (immutable backups, restore validation, offline documentation).

·Exposure to audit/compliance requirements (ISO 27001, NIST, CIS) and evidence collection.