Cyber Security Engineer

Cyber Security Engineer

All potential candidates should read through the following details of this job with care before making an application.

Location: London (Hybrid - 2 days per week in office)

Industry: SaaS

Type: Full-time

About the Role

We are seeking a hands-on Cyber Security Engineer to join a growing Security Operations team within a fast-paced, data-driven organisation.
This is an operationally focused role responsible for the day-to-day monitoring, optimisation, and improvement of core security platforms across cloud, endpoint, and network environments.
You will play a key role in protecting the organisation by triaging alerts, investigating security events, and supporting remediation activities.

Key Responsibilities

Security Tooling Operations

Monitor, triage, and investigate alerts across core platforms including Wiz, Zscaler, and CrowdStrike
Validate alerts, assess impact, and ensure appropriate remediation actions are taken
Perform tuning activities to reduce false positives and improve detection quality
Maintain visibility and coverage across endpoints, cloud environments, and network traffic

Incident Response & Investigation

Conduct initial investigation of security incidents, gathering and analysing evidence
Escalate incidents appropriately based on severity and impact
Execute containment actions where required (e.g. endpoint isolation, access restrictions)
Support post-incident reviews and continuous improvement of response processes

Cloud & Platform Security

Identify misconfigurations, excessive permissions, and exposed assets within cloud environments
Support vulnerability validation and remediation tracking
Assist in strengthening cloud security posture through continuous monitoring

Security Operations

Perform daily alert reviews across SIEM and security tooling
Contribute to runbooks, playbooks, and operational documentation
Support threat intelligence analysis and apply findings to detection and response activities
Work closely with Engineering, DevOps, and IT teams to drive remediation

Essential Requirements

Minimum 1 year of commercial, hands-on experience with at least one of the following: CrowdStrike Falcon
Zscaler
Wiz

Experience working in a Security Operations or SOC environment
Proven experience in alert triage, incident investigation, and response
Familiarity with SIEM platforms and security telemetry analysis
Understanding of cloud security concepts (Azure, AWS, or GCP)
Ability to assess alert context, prioritise effectively, and follow structured processes

Desirable Skills

Experience with threat hunting and threat intelligence
Knowledge of MITRE ATT&CK or Cyber Kill Chain frameworks
Exposure to SaaS and cloud-native security tooling
Experience with scripting or query languages (e.g. KQL, SPL, Python)
Familiarity with DevOps environments and CI/CD pipelines
Experience with identity security and access controls

What We're Looking For

A hands-on engineer who is comfortable operating directly within security tools
Strong attention to detail and disciplined approach to investigations
Ability to communicate clearly with both technical and non-technical stakeholders xwzovoh
Proactive mindset with a focus on continuous improvement
Someone who takes ownership and drives outcomes

Benefits

Competitive salary and performance-based bonus
Hybrid working model with flexible office access
Pension scheme with employer contribution
25 days annual leave with option to purchase additional days, plus birthday off
Private healthcare and employee assistance programme
Work-from-anywhere policy (up to 2 months per year)
Enhanced parental leave (maternity, paternity, adoption, shared parental)
Wellbeing support including mental health resources and gym discounts
Cycle-to-work and tech purchase schemes
Electric vehicle salary sacrifice scheme
Volunteer day and regular company social events
Dedicated learning and development time with access to training platforms

Important Requirement

Candidates must have at least 1 year of hands-on commercial experience using CrowdStrike, Zscaler, or Wiz. Experience gained solely through labs, certifications, or academic work will not meet this requirement.