Senior Security Engineer

We are exclusively partnered with a leading UK retail organisation that is currently undergoing a significant digital transformation. We are seeking a technical and hands‑on Senior Security Engineer to design, implement, and operate robust security controls across a complex hybrid environment.

• Hybrid Architecture & Governance: Design and implement security controls across Azure, on‑prem servers, and SaaS applications while maintaining hardening standards based on CIS and NIST benchmarks.
• Identity & Access Security: Define standards for Entra ID and Active Directory, overseeing requirements for Conditional Access, MFA, SSO, and PIM.
• Threat Detection & Incident Response: Own and operate the SIEM/SOAR stack, including Microsoft Sentinel and Defender XDR, to develop detection rules and support forensic investigations.
• Infrastructure Hardening: Enforce secure baselines across virtualised environments (VMware/Hyper‑V), Windows Servers, and Azure IaaS workloads.
• Data Protection: Manage the certificate lifecycle (PKI/AD CS) and implement data classification and DLP strategies using Microsoft Purview.
• Cloud Security Posture: Manage Azure Landing Zone security and connectivity, collaborating with Network Engineering to validate secure firewall and VPN configurations.
• Compliance & Risk: Support audit readiness for ISO 27001, PCI DSS, and Cyber Essentials Plus, ensuring all remediation progress is tracked and documented.

• Experience: 5‑10 years in cloud or infrastructure security roles.
• Azure Expertise: Deep experience with Defender for Cloud, Sentinel, and Azure security configurations.
• Identity Mastery: Strong knowledge of Microsoft Entra ID, AD DS, RBAC, and hybrid identity security.
• Technical Proficiency: Hands‑on experience with EDR (MDE), CSPM tools, and vulnerability management platforms.
• Security Principles: Practical understanding of Zero Trust architecture and secure‑by‑design methodologies.
• Compliance Knowledge: Familiarity with PCI DSS, NIST, and ISO 27001 frameworks.
• Desirable Skills:
  • Awareness of AWS security fundamentals (Guard Duty, KMS, IAM Identity Centre).
  • Experience with Infrastructure as Code (IaC) security (Terraform, Bicep) and DevSecOps practices.
  • Scripting for automation using PowerShell or Python.

• Education: Bachelor's degree in Computer Science, Information Security, or equivalent experience.
• Certifications: Preferred certifications include AZ‑500, SC‑300, SC‑100, or CISSP/CCSP.
• Attributes: An analytical mindset with the ability to remain composed under pressure during security incidents.
• Collaboration: Excellent communication skills to engage with diverse stakeholders across the technology organisation.

Eligo Recruitment is proud to be an equal opportunity employer dedicated to fostering diversity and creating an inclusive and equitable environment for employees and applicants. We actively celebrate and embrace differences, including but not limited to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran status, and disability. We encourage applications from individuals of all backgrounds and experiences and all will be considered for employment without discrimination.