Cyber Security Engineer
THE TEAM At JSM Group, we’re building the utility and infrastructure networks of the future - delivering power and communications solutions that truly matter. Our IT & Security team plays a critical role in protecting our systems, data and operations from cyber threats, ensuring we continue to deliver safely and reliably across all our business units nationwide. SCOPE OF ROLE As Cyber Security Engineer, you will act as the lead technical authority for cyber security within JSM Group. While not managing people directly, you will own the cyber security roadmap, drive best practice, and guide the organisation’s security posture across systems, networks and cloud environments. You will design, implement and continuously enhance our security controls, monitor for threats, lead incident response, and work closely with IT, compliance and operational teams to embed “security-by-design” throughout the business. You will also support compliance with industry standards, maintain security governance, and champion a strong security culture. This is a hands-on, senior-level role where you will lead the cyber security space and influence decision-making across the organisation. How You'll Succeed
- Lead the design, deployment and management of core security controls (firewalls, IDS/IPS, SIEM, endpoint protection, IAM).
- Take ownership of security monitoring, threat detection and incident response, guiding investigations and remediation.
- Conduct regular vulnerability assessments and coordinate penetration testing, driving follow-up actions.
- Lead forensic analysis in the event of security incidents.
- Develop, maintain and enforce security policies, standards and procedures.
- Work closely with IT and project teams to ensure secure Architecture and secure-by-design solutions in cloud and hybrid environments.
- Maintain and guide compliance with ISO 27001, NIST, Cyber Essentials Plus, GDPR and other relevant frameworks.
- Deliver security awareness training and act as the go-to expert for cyber queries across the business.
- Champion cyber security as a core business function and influence key stakeholders at all levels.
- Participate in on-call or emergency response rotations (as required).
- Degree in Cyber Security, Computer Science, or related field — or equivalent experience.
- Recognised cyber-security or IT certification (e.g., Security+, CySA+, CEH, GIAC), or working toward advanced-level certifications (CISSP, CISM).
- Strong understanding of network, cloud and OS security, threats and mitigations.
- Hands-on experience with SIEM, firewalls, endpoint protection, IAM, vulnerability management and log/event analysis.
- Experience in incident response and conducting security investigations.
- Ability to influence teams and lead security direction without formal line management.
- Strong analytical and communication skills, with the ability to engage technical and non-technical stakeholders.
- Experience with cloud or hybrid environments (Azure, AWS).
- Scripting or automation skills (Python, PowerShell, Bash).
- Familiarity with Zero-Trust principles and modern identity architecture.
- Previous SOC or IR experience.
- A role within a dynamic and growing utility and infrastructure business, working on high-profile, large-scale projects.
- Opportunities for training, certification support, and continuous professional development.
- Competitive salary and benefit package.
- Hybrid working arrangements (subject to operational requirements).
- A diverse, inclusive and supportive working culture — in line with JSM Group’s values.
- A role within a dynamic and growing utility and infrastructure business, working on high-profile, large-scale projects.
- Opportunities for training, certification support, and continuous professional development.
- Participation in mentoring and coaching programmes
- 28 days of holiday (excluding bank holidays)
- Hybrid working arrangements (subject to operational requirements).