Cyber Security Engineer

Location: London (Hybrid - 2 days per week in office)

Industry: Financial Technology / Data

Type: Full-time

About the Role

We are seeking a hands-on Cyber Security Engineer to join a growing Security Operations team within a fast-paced, data-driven organisation.

This is an operationally focused role responsible for the day-to-day monitoring, optimisation, and improvement of core security platforms across cloud, endpoint, and network environments.

You will play a key role in protecting the organisation by triaging alerts, investigating security events, and supporting remediation activities.

Key Responsibilities

Security Tooling Operations

• Monitor, triage, and investigate alerts across core platforms including Wiz, Zscaler, and CrowdStrike
• Validate alerts, assess impact, and ensure appropriate remediation actions are taken
• Perform tuning activities to reduce false positives and improve detection quality
• Maintain visibility and coverage across endpoints, cloud environments, and network traffic

Incident Response & Investigation

• Conduct initial investigation of security incidents, gathering and analysing evidence
• Escalate incidents appropriately based on severity and impact
• Execute containment actions where required (e.g. endpoint isolation, access restrictions)
• Support post-incident reviews and continuous improvement of response processes

Cloud & Platform Security

• Identify misconfigurations, excessive permissions, and exposed assets within cloud environments
• Support vulnerability validation and remediation tracking
• Assist in strengthening cloud security posture through continuous monitoring

Security Operations

• Perform daily alert reviews across SIEM and security tooling
• Contribute to runbooks, playbooks, and operational documentation
• Support threat intelligence analysis and apply findings to detection and response activities
• Work closely with Engineering, DevOps, and IT teams to drive remediation

Essential Requirements

• Minimum 1 year of commercial, hands-on experience with at least one of the following:
  • CrowdStrike Falcon
  • Zscaler
  • Wiz
• Experience working in a Security Operations or SOC environment
• Proven experience in alert triage, incident investigation, and response
• Familiarity with SIEM platforms and security telemetry analysis
• Understanding of cloud security concepts (Azure, AWS, or GCP)
• Ability to assess alert context, prioritise effectively, and follow structured processes

Desirable Skills

• Experience with threat hunting and threat intelligence
• Knowledge of MITRE ATT&CK or Cyber Kill Chain frameworks
• Exposure to SaaS and cloud-native security tooling
• Experience with scripting or query languages (e.g. KQL, SPL, Python)
• Familiarity with DevOps environments and CI/CD pipelines
• Experience with identity security and access controls

What We're Looking For

• A hands-on engineer who is comfortable operating directly within security tools
• Strong attention to detail and disciplined approach to investigations
• Ability to communicate clearly with both technical and non-technical stakeholders
• Proactive mindset with a focus on continuous improvement
• Someone who takes ownership and drives outcomes

Benefits

• Competitive salary and performance-based bonus
• Hybrid working model with flexible office access
• Pension scheme with employer contribution
• 25 days annual leave with option to purchase additional days, plus birthday off
• Private healthcare and employee assistance programme
• Work-from-anywhere policy (up to 2 months per year)
• Enhanced parental leave (maternity, paternity, adoption, shared parental)
• Wellbeing support including mental health resources and gym discounts
• Cycle-to-work and tech purchase schemes
• Electric vehicle salary sacrifice scheme
• Volunteer day and regular company social events
• Dedicated learning and development time with access to training platforms

Important Requirement

Candidates must have at least 1 year of hands-on commercial experience using CrowdStrike, Zscaler, or Wiz. Experience gained solely through labs, certifications, or academic work will not meet this requirement.