Cyber Security Engineer

About CFP Energy

We are not just any energy and sustainability group; we're a dynamic, award-winning powerhouse. At the forefront of environmental innovation, we lead the charge in providing cutting-edge solutions for large-scale energy consumers.

From guiding small businesses to corporate giants on their journey to achieve net zero emissions to expertly managing risks and supplying vital power and gas resources, we do it all. But wait, there's more! We're not content with just excelling in our current ventures - we thrive on pioneering new businesses and seizing energy investment opportunities.

The Role

This is a hands-on technical role focused on enhancing and maintaining the organisation's security capabilities, emphasising Azure infrastructure. This role supports the maturity of SIEM, SOC, and EDR capabilities while actively addressing emerging threats and vulnerabilities. The security engineer will also play a critical role in incident response, compliance, and implementing innovative security technologies to strengthen the organisation’s defenses.

Essential functions of the job:

• SOC operations: perform incident triaging, threat detection, and response activities.
• SIEM & EDR management: advance and configure SIEM and EDR systems to optimise threat detection and response in Azure environments.
• Incident response: investigate and mitigate security incidents, applying root cause analysis and remediation.
• Security testing: conduct regular application and network security assessments to identify vulnerabilities.
• Threat intelligence: monitor the cybersecurity landscape for emerging threats and develop innovative defensive strategies.
• Development security: monitor version control systems, identify vulnerabilities, and collaborate with DevOps and app teams to address risks and enforce secure coding practices.
• Technology integration: evaluate, test, and integrate new security tools into the organisation's tech stack.
• Compliance support: assist in technical evidence gathering during audits and ensure adherence to compliance standards.
• Risk assessments: conduct assessments on corporate environments to identify and mitigate risks.
• Awareness and training: manage the security awareness platform and execute social engineering campaigns to improve staff vigilance.

Skills required:

• Quantitative problem-solving skills with a data-driven approach to decision-making.
• Exceptional communication skills, able to articulate complex ideas to technical and non-technical audiences.
• Collaborative team player, proactive in driving initiatives, and skilled at working in dynamic, fast-paced environments.
• Motivated, adaptable, and committed to high ethical standards while delivering innovative security solutions.

Experience required:

• Relevant certifications in public cloud security and experience managing Azure cloud infrastructure.
• Proven expertise in security testing, IAM, vulnerability management, and SIEM configuration.
• Strong grasp of networking fundamentals, including DNS, WAF, and ingress, paired with experience in CPSM.
• Familiarity with GIT/version control, SDLC pipelines and implementing compliance frameworks (NIST2, SOC2, ISO 27001).

Benefits:

• 25 days annual leave in addition to Bank holidays.
• Hybrid working pattern; 3 days a week in the office, 2 days remote.
• Discretionary commission/bonus scheme.
• Company pension scheme.
• Life and medical insurance, and eyecare scheme.
• Employee Assistance Program.
• Cycle to work scheme.
• Family-friendly policies.
• Recruit and Reward scheme.
• Access to perk-box benefits package.

The CF Group is committed to ensuring equal opportunities, fairness of treatment, dignity and respect, and the elimination of all forms of discrimination in the workplace for all employees/contractors and job applicants.