Cyber Security Specialist

As a Cyber Security Specialist, you'll own our Cyber Essentials work stream, delivering Cyber Essentials and Cyber Essentials + projects to our customers. A meticulous attitude towards high quality security hygiene and best practices, with exceptional cyber security knowledge you'll excel in this role. When you're not managing our Cyber Essentials projects, you'll deliver secure by design Microsoft infrastructure and cloud solutions to our customers, grounded in our technical baselines, Microsoft security best practice, and the Cyber Essentials control set. You'll also lead implementations across Microsoft 365, Windows Server, Azure and virtual networking. Placing identity, endpoint protection, secure configuration, patching, logging, and incident readiness at the heart of every deployment.

• Lead deployments of Microsoft infrastructure and cloud solutions, ensuring security is designed‑in, not bolted on.
• Produce and maintain secure build documentation: HLD/LLD, as‑built packs, security baselines, rollback plans.
• Implement and optimise:
  • Entra ID (Azure AD), MFA/Conditional Access, identity governance
  • Intune / Endpoint Manager device compliance & hardening
  • Microsoft Defender (Endpoint, Office 365, Identity, Cloud Apps)
  • Secure email posture (anti‑phishing, SPF/DKIM/DMARC, safe links/attachments)
  • Azure security controls (where applicable): RBAC, PIM, Key Vault, policy/guardrails

• Secure configuration (servers, endpoints, Microsoft 365)
• User access control (least privilege, role‑based access, joiners/movers/leavers)
• Malware protection (Defender and layered controls)
• Security update management (patching cadence + reporting)
• Firewalls & boundary controls (including VPN where applicable)
• Support readiness for CE Plus style evidence gathering (device samples, screenshots, policy evidence, implementation proof).

• Run technical workshops, translate risk into plain English, and guide customers through secure adoption.
• Provide security‑focused handover/training sessions for IT admins and end users.

• Own QA & renewals for your implementations: validation checklists, control testing, documented outcomes.
• Ensure clean handover to project management and support desk functions, including relevant operational security guidance.
• Feed back improvements into HBP baselines using lessons learned and emerging Microsoft security features.

• Deliver multiple project baselines (typically 10‑25 days) across varied customer environments, often 50‑100 users, multi‑site and VPN enabled.
• Work with project managers to plan resources, milestones, risks and security dependencies.
• Provide clear customer updates; challenge unachievable timelines with constructive options.
• Produce high‑quality documentation and communicate effectively to technical and non‑technical stakeholders (including C‑suite).
• Mentor junior engineers and contribute to onboarding.

• Projects delivered on time, within budget, with positive customer effort feedback.
• Security baselines applied consistently (with evidence) and aligned to Cyber Essentials.
• Clear, complete handover packs including operational security guidance and monitoring recommendations.
• Continuous development: new Microsoft Security capabilities adopted into delivery standards.

• Cloud security: Microsoft Defender for Cloud/Purview Suite/Cloud Apps (where applicable), Azure guardrails.
• Security operations readiness: logging, alerting, audit trails, incident runbooks.
• Backup & DR: secure backups, immutability where possible, recovery testing.
• Documentation: clear auditable customer security deviation tracking.

Here at the HBP Group we are passionate about our business and our customers, and believe our people are our greatest asset. Driven by our commitment to creating a great place to work for all our staff, we are always looking for ways to improve our employee experience. We are a living wage foundation employer, pay the Real Living Wage and are working towards earning Best Companies 3‑Star “World Class employer to work for” accreditation. The HBP Group is the number one choice for many businesses across the UK looking for reliable, award‑winning business technology, providing local IT support, accounts software and EPOS solutions. Our offices are in Scunthorpe, Hull and Peterborough.

• 36 days of holiday (28 days plus bank holidays), pro‑rated for part‑time employees.
• Option to sell back holiday.
• Salary Sacrifice Pension Scheme and a range of additional salary‑sacrifice options, including electric/hybrid car, bike‑to‑work and childcare schemes.
• Enhanced family‑friendly leave, including maternity pay, paternity pay, and our compassionate "Time to Say Goodbye" bereavement leave.
• Mid‑year and year‑end appreciation parties, themed office days (yes, even Pancake Day!), and fundraising events supporting our chosen charities.
• A friendly, inclusive working environment – we genuinely are a great bunch.
• Free lunches and summer BBQs.
• Quarterly Rise & Shine breakfast events to bring the team together.
• Casual business dress code, with the option to choose from our free workwear wardrobe.
• Christmas Thank‑You Bonus.
• Structured support and guidance from day one, including tailored training plans to help you succeed.
• On‑site parking for convenience.
• Access to wellness activities to support your wellbeing.
• Eligibility criteria or length of service requirements apply.

• Microsoft 365 Certified: Endpoint Administrator Associate (MD‑102), 2+ years in IT consultancy/technical delivery (cloud/infrastructure) with demonstrable security responsibility.
• Strong Microsoft 365 and Windows Server delivery background (design + implementation).
• Good networking fundamentals (routing/switching, firewall concepts, VPNs).
• Confident documentation and stakeholder communication.
• Practical understanding of Cyber Essentials controls and how to implement them in Windows/macOS.
• Working knowledge of Cyber Security frameworks (CIS/NIST2/CE, etc.).
• Technical focus areas:
  • Identity & access: Entra ID, MFA, Conditional Access, RBAC, least privilege.
  • Endpoint security: Intune, Defender for Endpoint, device compliance, hardening.

Salary of between £45,000 to £50,000 per annum (depending on experience). We reserve the right depending on application numbers to close or extend the closing dates for positions; we therefore recommend an early application.