Security Engineer
Role details
Job location
Tech stack
Job description
About the Role: We are seeking a highly experienced Senior Security Engineer to take ownership of security for our critical on-premise platform. This is a hands-on, technical leadership role where you will design, implement, harden, monitor, and continuously improve our security posture in a predominantly VMware-based on-prem environment. You will drive security strategy and execution, ensuring compliance, threat prevention, and rapid incident response, while collaborating with infrastructure, operations, and leadership teams., * Lead the design, configuration, deployment, and ongoing management of security controls for on-premise infrastructure, with a strong emphasis on network and workload segmentation.
- Own and optimise VMware NSX (including Distributed Firewall policies and micro-segmentation) and VMware vDefend (Distributed Firewall, threat prevention, and lateral security features) to enforce zero-trust principles and prevent lateral threat movement.
- Manage, tune, and harden Palo Alto Networks next-generation firewalls (NGFW), including policy creation, Panorama management, App-ID/User-ID, NAT, VPN, threat prevention profiles, and integration with other security tools.
- Configure and maintain Cisco network security devices (e.g., routers, switches, ASA/FTD firewalls, ISE for NAC) to support secure network access and segmentation.
- Harden Windows Server environments and related Microsoft products (Active Directory, Group Policy, endpoint configurations) using security best practices and CIS Benchmarks.
- Champion DevSecOps practices by embedding security into CI/CD pipelines, automating security testing (e.g., vulnerability scanning, policy-as-code), collaborating with development and operations teams to shift security left, and ensuring secure software delivery without impeding velocity.
- Deploy, configure, and leverage Elastic Stack (Elasticsearch, Kibana, Beats, Logstash) and Elastic Security features for centralised logging, SIEM capabilities, threat detection, dashboards, alerting, and integration with on-prem security tools (e.g., feeding logs from NSX/vDefend, firewalls, and endpoints).
- Implement, audit, and remediate against CIS Benchmarks, STIGs, and other hardening standards across operating systems, network devices, virtualisation platforms, and applications.
- Perform vulnerability assessments, penetration testing support, risk assessments, and remediation planning for on-prem assets.
- Monitor security events, respond to incidents, conduct root cause analysis, and implement preventive measures.
- Drive security architecture decisions, contribute to policy development, and act as the primary technical security point of contact for the platform.
- Collaborate with vendors, auditors, and internal teams to ensure compliance with regulatory and organisational requirements.
- Mentor junior engineers and promote a security-first culture.
Requirements
Do you have experience in Virtualization?, This position requires a proactive, detail-oriented engineer comfortable working in a high-security, regulated environment. This is a full-time fixed term role, requiring 5 days per week on-site (no remote or hybrid options). There is occasional travel required within the UK (and potentially internationally) to support related sites, vendors, or projects. Security Clearance Required: Secret Clearance at a minimum. Willing to attain Developed Vetting., * 7+ years of hands-on experience in cybersecurity engineering, with at least 5 years focused on on-premise enterprise environments.
- Proven deep expertise in VMware NSX (micro-segmentation, DFW policies, integration) and VMware vDefend (Distributed Firewall, advanced threat prevention).
- Strong experience designing and managing Palo Alto Networks firewalls (NGFW, Panorama, threat prevention, GlobalProtect).
- Solid hands-on experience with Cisco security/networking technologies (ASA/FTD, ISE, secure routing/switching).
- Extensive experience securing Windows environments (Server, Active Directory, Group Policy Objects, endpoint hardening).
- In-depth knowledge of CIS Benchmarks and their practical application to harden systems and networks.
- Strong understanding of zero-trust principles, network segmentation, firewall policy optimisation, identity and access management (IAM), and encryption.
- Experience with vulnerability management, SIEM integration, logging, and incident response in on-prem setups.
- Familiarity with TCP/IP networking fundamentals, the OSI model, routing protocols (BGP/OSPF), VPN technologies, and secure architecture design.
- Practical experience implementing DevSecOps principles, including integrating security tools and controls into CI/CD pipelines, automating security checks, and collaborating across dev, sec, and ops teams.
- Hands-on experience with the Elastic Stack (Elasticsearch, Kibana) and Elastic Security (SIEM, threat hunting, endpoint integration, dashboards/alerting) in on-premise deployments for log management, security analytics, and incident response.
- Security Clearance: Must have UK government security clearance, minimum SC, with the requirement to go through DV.
- Right to work in the UK and ability to pass background checks.
Desirable Skills & Certifications
- Relevant certifications such as:
- VMware Certified Professional - Network Virtualisation (VCP-NV) or Security
- Palo Alto Networks Certified Network Security Engineer (PCNSE)
- Cisco Certified Network Professional Security (CCNP Security) or CCIE Security
- Certified Information Systems Security Professional (CISSP)
- Microsoft Certified: Security, Compliance, and Identity Fundamentals (or equivalent)
- Experience with endpoint detection and response (EDR), SIEM tools, IDS/IPS, or threat intelligence platforms.
- Knowledge of Linux hardening, container security, or hybrid environments (though focus remains on-prem).
- Experience in regulated sectors (e.g., government, finance, critical national infrastructure).