Senior Information Security Engineer

We are seeking a highly skilled and experienced Senior Information Security Engineer to join our cyber security team. The role will provide hands-on leadership and technical expertise in the management of information security operations, ensuring the organisation's security posture is maintained and aligned with strategic objectives. This role bridges the gap between junior security staff and the Head of Information Security, driving the operational execution of the security programme while mentoring others and managing third‑party providers. This role is pivotal in safeguarding our organisation's digital assets, infrastructure, and sensitive data against evolving cyber threats. You will assist technical security initiatives, support compliance efforts, and collaborate across departments to embed security into our operations and development lifecycle. The role reports to the Head of Information Security and Compliance.

• Oversee daily security operations with SOC/SIEM provider, monitoring networks, systems, and applications for threats.
• Detect, analyze, and respond to potential compromises swiftly.
• Conduct risk assessments, vulnerability scans, and advise on mitigation for emerging threats.
• Lead or support incident investigations, coordinate containment and remediation, and produce post-incident reports.
• Develop and implement security policies, standards, and ensure compliance with organizational and regulatory requirements.
• Deliver security awareness campaigns, training programs, and phishing simulations.
• Administer and optimize security tools (Microsoft Azure, Entra ID, M365, Defender, AV/EDR), manage configurations, and monitor identity/access management.
• Support compliance with Cyber Essentials, ISO 27001, UK GDPR, and NIST; assist audits and respond to security questionnaires.
• Stay updated on threats, recommend security enhancements, and maintain professional development.
• Handle BAU tasks such as quarantined emails, escalated tickets, mentoring, and project support.

With an impressive order book of over £4.1 billion we are one of the industry’s leading principal contractors, affording you the opportunity to work on some of the UK’s most exciting projects offering you stability as well as the chance to stretch your capabilities and realise long-held career goals. You will joining diverse teams working at a high professional level with exceptional levels of commitment. With an ambitious strategy, we’re poised for further growth and success, so if you’re committed, talented and enthusiastic, Galliford Try is the right place for you.

We are committed to maintaining the physical and mental wellbeing of all our people, through our "Be Well" programme which offers discounts on certain products, advice and support for a range of issues. We invest in high-quality training for employees of all levels, from our leadership development framework to our apprenticeship programmes. Through our Career Paths initiative, individuals receive tailored training and support to fulfil their potential. Our industry is all about creating talented teams that excel in their areas of expertise. As an employer, we know you are most motivated to give your best when you feel valued and engaged. Our Agile Working programme empowers you with flexibility in when, where and how you work. Where appropriate, site and office-based employees can take advantage of a wide variety of working practices, offering different amounts of structure, regularity and flexibility to suit your needs as well as those of your wider team.

• Strong understanding of Microsoft 365, Azure, and cloud security controls (AWS/GCP exposure advantageous).
• Experience planning/coordinating penetration tests and managing remediation.
• Knowledge of UK data protection regulations (UK GDPR, DPA 2018).
• Familiarity with secure coding practices and DevSecOps principles.
• Excellent documentation, communication, and stakeholder engagement skills.
• Experience with Oracle Fusion/cloud platforms is an advantage.
• Strong grasp of enterprise IT architectures and security integration.
• Adaptable, proactive, and able to manage changing priorities in a fast-paced environment.
• Collaborative team player with high ethical standards and a continuous learning mindset.
• Industry certifications such as CISSP, CISM, CEH, GIAC.
• Minimum 5 years’ experience in information security or related technical roles.
• Proven track record managing or collaborating with outsourced SOC and SIEM providers.
• Hands-on experience with incident response, vulnerability management, and risk assessment.
• Skilled in maintaining and supporting an ISMS aligned to ISO 27001 and Cyber Essentials.
• Experience in construction or regulated industries (finance, healthcare, government) beneficial.
• ISO/IEC 27001 auditing experience (highly desirable).
• CompTIA Security+ or CySA+ certifications.
• Ability to obtain BPSS and SC Clearance as a condition of employment.

Our purpose is to improve people’s lives through building the facilities and infrastructure that communities need, providing opportunities for our people to learn, grow and progress, working with our supply chain to promote the very best working practice and caring for the environment in which we work.

We do this by holding true to our values, delivering excellence for our clients and the community, being passionate about our role in providing vital services, putting integrity at the heart of our business by doing the right thing, and collaborating with our clients, supply chain and stakeholders to deliver lasting change and long-term value. Galliford Try is a leading UK Construction group. The business is split into four distinct divisions, Infrastructure, Building, Environment and Specialist Services, covering a range of specialist work in water, highways, telecoms, security, commercial, custodial, education, health, interiors and leisure, across both public and private sectors. Listed on the London Stock Exchange and a member of the FTSE 250. Our vision is to be leaders in the construction of a sustainable future.

• Generous holiday entitlement, increasing with years of service, plus the opportunity to purchase further holidays
• A wide range of corporate discounts
• Cycle to Work schemes
• Comprehensive pension plan
• Competitive family leave policy
• Regular Save as You Earn share purchase scheme
• Private medical scheme options are available for all salaried employees, and our employee assistance programme also provides free 24/7 support to those who need it
• Paid for yearly membership to one recognised professional association relevant to your role