Security Engineer

Sterling Computers Corporation
Stretford, United Kingdom
17 days ago

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Stretford, United Kingdom

Tech stack

Kubernetes Security
Microsoft Active Directory
Software System Penetration Testing
Border Gateway Protocol
Computer Security
Network Address Translation
Elasticsearch
Identity and Access Management
Networking Hardware
Intrusion Detection and Prevention
Intrusion Detection Systems
Virtual Private Networks (VPN)
OSI Models
Information Systems Security Architecture Professional
Network Security
Microsoft Software
Windows Server
Routing
Network Segmentation
Network Virtualization
Open Shortest Path First
Remote Access Technology
Logstash
Zero Trust Network Access
Security Information and Event Management
Systems Integration
Virtualization Technology
Software Vulnerability Management
Policy as Code
Data Logging
Network Routers
Cyber Threat Analysis
Firewalls (Computer Science)
SC Clearance
Cybercrime
Palo Alto Networks
Hardware Infrastructure
CIS Benchmarks
Kibana
Firewall Services Module
Devsecops
Cisco networks
Vulnerability Analysis
VMware

Job description

About the Role: We are seeking a highly experienced Senior Security Engineer to take ownership of security for our critical on-premise platform. This is a hands-on, technical leadership role where you will design, implement, harden, monitor, and continuously improve our security posture in a predominantly VMware-based on-prem environment. You will drive security strategy and execution, ensuring compliance, threat prevention, and rapid incident response, while collaborating with infrastructure, operations, and leadership teams., * Lead the design, configuration, deployment, and ongoing management of security controls for on-premise infrastructure, with a strong emphasis on network and workload segmentation.

  • Own and optimise VMware NSX (including Distributed Firewall policies and micro-segmentation) and VMware vDefend (Distributed Firewall, threat prevention, and lateral security features) to enforce zero-trust principles and prevent lateral threat movement.
  • Manage, tune, and harden Palo Alto Networks next-generation firewalls (NGFW), including policy creation, Panorama management, App-ID/User-ID, NAT, VPN, threat prevention profiles, and integration with other security tools.
  • Configure and maintain Cisco network security devices (e.g., routers, switches, ASA/FTD firewalls, ISE for NAC) to support secure network access and segmentation.
  • Harden Windows Server environments and related Microsoft products (Active Directory, Group Policy, endpoint configurations) using security best practices and CIS Benchmarks.
  • Champion DevSecOps practices by embedding security into CI/CD pipelines, automating security testing (e.g., vulnerability scanning, policy-as-code), collaborating with development and operations teams to shift security left, and ensuring secure software delivery without impeding velocity.
  • Deploy, configure, and leverage Elastic Stack (Elasticsearch, Kibana, Beats, Logstash) and Elastic Security features for centralised logging, SIEM capabilities, threat detection, dashboards, alerting, and integration with on-prem security tools (e.g., feeding logs from NSX/vDefend, firewalls, and endpoints).
  • Implement, audit, and remediate against CIS Benchmarks, STIGs, and other hardening standards across operating systems, network devices, virtualisation platforms, and applications.
  • Perform vulnerability assessments, penetration testing support, risk assessments, and remediation planning for on-prem assets.
  • Monitor security events, respond to incidents, conduct root cause analysis, and implement preventive measures.
  • Drive security architecture decisions, contribute to policy development, and act as the primary technical security point of contact for the platform.
  • Collaborate with vendors, auditors, and internal teams to ensure compliance with regulatory and organisational requirements.
  • Mentor junior engineers and promote a security-first culture.

Requirements

Do you have experience in Virtualization?, This position requires a proactive, detail-oriented engineer comfortable working in a high-security, regulated environment. This is a full-time fixed term role, requiring 5 days per week on-site (no remote or hybrid options). There is occasional travel required within the UK (and potentially internationally) to support related sites, vendors, or projects. Security Clearance Required: Secret Clearance at a minimum. Willing to attain Developed Vetting., * 7+ years of hands-on experience in cybersecurity engineering, with at least 5 years focused on on-premise enterprise environments.

  • Proven deep expertise in VMware NSX (micro-segmentation, DFW policies, integration) and VMware vDefend (Distributed Firewall, advanced threat prevention).
  • Strong experience designing and managing Palo Alto Networks firewalls (NGFW, Panorama, threat prevention, GlobalProtect).
  • Solid hands-on experience with Cisco security/networking technologies (ASA/FTD, ISE, secure routing/switching).
  • Extensive experience securing Windows environments (Server, Active Directory, Group Policy Objects, endpoint hardening).
  • In-depth knowledge of CIS Benchmarks and their practical application to harden systems and networks.
  • Strong understanding of zero-trust principles, network segmentation, firewall policy optimisation, identity and access management (IAM), and encryption.
  • Experience with vulnerability management, SIEM integration, logging, and incident response in on-prem setups.
  • Familiarity with TCP/IP networking fundamentals, the OSI model, routing protocols (BGP/OSPF), VPN technologies, and secure architecture design.
  • Practical experience implementing DevSecOps principles, including integrating security tools and controls into CI/CD pipelines, automating security checks, and collaborating across dev, sec, and ops teams.
  • Hands-on experience with the Elastic Stack (Elasticsearch, Kibana) and Elastic Security (SIEM, threat hunting, endpoint integration, dashboards/alerting) in on-premise deployments for log management, security analytics, and incident response.
  • Security Clearance: Must have UK government security clearance, minimum SC, with the requirement to go through DV.
  • Right to work in the UK and ability to pass background checks.

Desirable Skills & Certifications

  • Relevant certifications such as:
  • VMware Certified Professional - Network Virtualisation (VCP-NV) or Security
  • Palo Alto Networks Certified Network Security Engineer (PCNSE)
  • Cisco Certified Network Professional Security (CCNP Security) or CCIE Security
  • Certified Information Systems Security Professional (CISSP)
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals (or equivalent)
  • Experience with endpoint detection and response (EDR), SIEM tools, IDS/IPS, or threat intelligence platforms.
  • Knowledge of Linux hardening, container security, or hybrid environments (though focus remains on-prem).
  • Experience in regulated sectors (e.g., government, finance, critical national infrastructure).

Apply for this position