Senior Information Security Engineer

6 days ago Be among the first 25 applicants Direct message the job poster from Galliford Try Galliford Try are seeking a highly skilled and experienced Senior Information Security Engineer to join our cyber security team. The role will provide hands‑on technical expertise in the management of information security operations, ensuring the organisation’s security posture is maintained and aligned with strategic objectives. This role reports into and supports the Head of Information Security & Compliance, driving the operational execution of the security programme while mentoring others and managing third‑party providers. This role is pivotal in safeguarding our organisation’s digital assets, infrastructure, and sensitive data against evolving cyber threats. You will assist technical security initiatives, support compliance efforts, and collaborate across departments to embed security into our operations and development lifecycle. Responsibilities Threat Detection and Monitoring Take ownership of daily security operations, working closely with the outsourced SOC / SIEM provider to monitor networks, systems, and applications for indicators of compromise or malicious activity. Risk Assessment and Vulnerability Management Assess the organisation’s overall security posture by identifying vulnerabilities and evaluating potential risks. Conduct regular security assessments, vulnerability and maturity scans, and reporting to highlight weaknesses that could be exploited. Evaluate the impact of emerging and zero‑day threats, advising on mitigation and remediation strategies. Incident Response and Investigation Lead or support security incident investigations to determine the scope, root cause, and business impact of events such as breaches or cyberattacks. Coordinate containment and remediation activities with internal and external stakeholders. Maintain thorough incident documentation, produce post‑incident reports, and communicate findings and trends to management. Security Policy and Governance Support Contribute to the development, review, and implementation of security policies, standards, and procedures. Collaborate with business units to ensure alignment with organisational and regulatory security requirements. Security Awareness and Training Promote a strong security culture by supporting the delivery of awareness campaigns and training programmes. Design and execute phishing simulations and other cyber‑security exercises, and assist with the creation and maintenance of training materials to improve staff understanding of information security best practices. Security Tools and Technology Management Administer and optimise key security technologies, including Microsoft Azure, Entra ID, Microsoft 365, Microsoft Defender stack, email security solutions and endpoint protection solutions (AV/EDR). Oversee configuration changes, ensure tools are effectively integrated, and monitor identity and access management to detect potential misuse of credentials or privileges. Compliance and Regulatory Alignment Support compliance with relevant frameworks and regulations, including Cyber Essentials, ISO 27001, UK GDPR, and NIST best practices. Assist in internal and external audits, ensuring evidence and documentation are maintained to demonstrate ongoing compliance and continuous improvement. Continuous Improvement and Professional Development Stay informed on emerging threats, vulnerabilities, and security trends. Proactively recommend enhancements to tools, processes, and controls to strengthen the organisation’s overall security posture. Maintain your own professional knowledge through ongoing learning and certification. Business‑as‑Usual (BAU) Activities Contribute to day‑to‑day operational tasks such as reviewing quarantined emails, mentoring junior team members, handling escalated security tickets, attending meetings, and supporting or leading assigned projects. Required Skills & Experience Minimum 5 years’ experience in information security or related technical roles. Proven track record managing or collaborating with outsourced SOC and SIEM providers. Hands‑on experience with incident response, vulnerability management, and risk assessment. Skilled in maintaining and supporting an ISMS aligned to ISO 27001 and Cyber Essentials. Strong understanding of Microsoft 365, Azure, and related cloud security controls (AWS/GCP exposure advantageous). Experience planning or coordinating penetration testing and managing remediation activities. Knowledge of UK data protection regulations (UK GDPR, DPA 2018). Excellent documentation, communication, and stakeholder engagement skills. Adaptable, proactive, and able to manage changing priorities in a fast‑paced environment. Collaborative team player with high ethical standards and a continuous learning mindset. Experience in the construction industry would be beneficial. Experience in regulated industries (e.g., finance, healthcare, government). ISO / IEC 27001 Auditing experience (highly desirable). This role requires the successful candidate to undergo and obtain BPSS and SC Clearance as a condition of employment. Applicants must be based in the UK and have the legal right to work in the UK at the time of application. Benefits Competitive salary and performance‑based bonuses. Flexible working arrangements. Pension scheme and private healthcare. Training and certification support. Generous holiday allowance. Professional development and education. Health and wellbeing programs. Positive learning and growing environment. Referrals increase your chances of interviewing at Galliford Try by 2x Get notified about new Senior Information Security Engineer jobs in Leicester, England, United Kingdom. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries Construction #J-18808-Ljbffr