Information Security Engineer

Experience Level: 5+ years

We are seeking a highly skilled Information Security Engineer to lead the development and implementation of robust security controls across our cloud, application, and enterprise environments. This individual will drive secure SDLC practices, lead threat modeling, manage detection and response capabilities, and strengthen security for cloud and Microsoft 365 platforms. The ideal candidate is a hands-on security expert with a broad technical background, deep problem-solving abilities, and a proactive mindset.

Key Responsibilities

1. Application & Cloud Security

• Implement secure SDLC initiatives by integrating security into design, development, and deployment workflows.

• Conduct threat modeling for both applications and infrastructure to identify and mitigate risks early in the lifecycle.

• Secure cloud platforms, including identity controls, configuration hardening, and policy enforcement.

• Assess and secure financial web applications hosted in AWS through code reviews, penetration testing coordination, and architecture reviews.

2. Security Platform Operations

• Operate and monitor key security platforms such as:

• EDR/XDR solutions

• DLP solutions across endpoints, cloud, and email

• Email Security Solutions

• Ensure proper tuning, coverage, and integration of security tools with enterprise IT systems and logging pipelines.

3. Security Monitoring & Response

• Participate in day-to-day security monitoring using SIEM, EDR/XDR, and other detection platforms to augment the SOC team when required.

• Assist in configuring and tuning monitoring tools for optimal detection coverage.

• Collaborate with different teams to investigate security alerts and incidents.

• Support incident response activities, including triage, containment, and remediation efforts.

• Contribute to post-incident reviews and continuous improvement of detection and response processes.

4. Threat & Vulnerability Management

• Implement and coordinate the identification, triage, and remediation of vulnerabilities across cloud, endpoints, and infrastructure.

• Support ongoing patch management strategy, vulnerability scanning, and threat intelligence correlation.

5. Endpoint & Infrastructure Hardening

• Implement and enforce hardened configurations for endpoints (Windows/Linux), servers, and network appliances.

• Align baseline configurations with CIS benchmarks and industry best practices.

6. Detection Engineering

• Understand, implement, and tune detection rules and logic in SIEM/XDR platforms for proactive threat identification.

• Collaborate with different colleagues to improve alert fidelity, reduce false positives, and create meaningful security detections.

7. Business Continuity & Risk

• Contribute to BCP/DR planning and implementation with a security-first approach.

• Collaborate with stakeholders to ensure critical business processes remain secure and resilient.

Qualifications

• 5+ years of progressive experience in information security roles, preferably with exposure across application, cloud, and infrastructure domains.
• Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Computer Engineering, Electronics Engineering, or related field.
• Experience in managing and securing cloud platforms.
• Hands-on experience with security tools including EDR, DLP, email security, vulnerability scanners, and SIEM.
• Working knowledge of secure SDLC practices, application security testing, and DevSecOps integration.
• Experience with identity and access management (IAM), conditional access, and zero trust architecture.
• Intermediate background in detection engineering, incident response, and threat modeling methodologies (STRIDE, MITRE ATT&CK, etc.).
• Familiarity with regulatory and compliance standards (e.g., NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).
• Excellent communication and collaboration skills; ability to work across technical and non-technical teams.

By applying to this job, you are permitting our organization to use your personal data solely for recruitment purposes. This data may be shared with third-party services to streamline the processing of your application and with our parent company, ETS London, for recruitment assessment and interview purposes.

We are committed to protecting and respecting your privacy. For more information on how we collect, use, store, and protect your personal data, please read our Privacy Notice or contact our

Data Protection Officer