Cybersecurity Engineer

The Cybersecurity Engineer will help to design, develop, and mature the company's cybersecurity capability, including the selection, implementation, and management of security tools and technologies focused on detection, prevention, and analysis of security threats. They will assess risk, identify mitigating controls, create and review design artifacts, and support the creation, implementation, and maintenance of a robust cybersecurity framework in line with strategy and threats. Individuals who are hands-on with security tools, technically experienced, and capable of making risk-based security decisions are ideal for this position. The candidate should be able to build relationships and collaborate effectively with the wider technology teams. Additionally, they must communicate security topics to non-technical, non-security, senior business stakeholders to enable strategic security decision-making. A self-starter is required for this role, and the successful applicant should demonstrate ownership and responsibility for resolving issues.
Key Responsibilities:

• Work with technology and business teams to deliver security processes, technologies and controls, acting as the authority on security-related queries.
• Define, design, implement, and maintain security solutions appropriate to the business' needs To Create designs or review existing/proposed designs for services or applications to identify potential security issues. Where issues are identified, look to resolve them using defined security patterns and security principles.
• Support the definition, execution and continuous improvement of key cybersecurity processes
• Including vulnerability & patch management, security incident response, security monitoring, endpoint security, identity and access management, network security, and cryptography.
• Manage, deliver, and lead cybersecurity and cyber risk assignments, producing documentation,
• Presentations, reports, recommendations, and design proposals to impact and steer business and IT design decisions
• Contribute to the development of cybersecurity standards, procedures and guidelines
• Contribute as a team member to projects and change initiatives aimed at increasing enterprise security capabilities, e.g., identity and access management, centralised monitoring, etc.
• Provide security analysis and support throughout the organisation, ensuring security and governance requirements are met, and be proactive in the identification and remediation of security incidents.

Required Experience:

• Strong knowledge of security architecture patterns, design principles, and security controls across complex enterprise environments.
• In-depth understanding of core IT components, including compute, storage, networking, and identity, and how cyber threats impact them, with the ability to design appropriate security mitigations.
• Proven ability to design, document, and implement effective security controls aligned with business requirements using a risk-based approach.
• Familiarity with application attack tactics and techniques, including the MITRE ATT&CK framework, and security maturity models such as OpenSAMM and C2M2.
• Strong working knowledge of recognised security frameworks and standards, including NIST Cybersecurity Framework, OWASP, SANS Top 25, and regulatory requirements such as GDPR and PCI DSS.
• Demonstrated technical expertise across modern technologies and architectures, including virtualisation, cloud computing, and serverless deployments.
• Hands-on experience with Microsoft Azure, Microsoft Defender, Microsoft 365 security, and enterprise firewall technologies.
• Strong understanding of operating system security and system-hardening practices, including CIS benchmarks.
• Experience working with information security frameworks and regulatory standards such as ISO 27001, NIST, PCI DSS, GDPR, and Cyber Essentials.
• Knowledge of general IT audit processes, including conducting risk assessments and supporting audit activities.
• Exposure to threat hunting, digital forensics, and cloud security principles.
• Ability to assess the impact of architectural and risk decisions while balancing security, operational, and business requirements.
• Proven experience working collaboratively with a wide range of technical and business stakeholders.
• Strong verbal and written communication skills, with the ability to articulate complex security concepts clearly.
• Highly self-motivated, proactive, and capable of working independently in fast-paced environments.

Education & Certs:

• Bachelor's or master's degree in computer science, Information Security, or a related discipline.
• Professional certifications such as CISSP, CCSP, CEH, or equivalent are highly desirable.
• Certified Information Security Manager (CISM) is highly desirable.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk