IT Security Engineer

IT Security Engineer (Hybrid: 3 days on-site in Hertfordshire / 2 days remote) | £45–50k | Permanent

SR2 is partnering with a well-established, member-owned UK organisation to hire an IT Security Engineer to strengthen cyber resilience and improve day-to-day security operations. This is a hands-on role sitting within IT, working closely with infrastructure and support teams to embed security into BAU and projects.

What you’ll be doing

  • Own day-to-day vulnerability monitoring and remediation, including maintaining a vulnerability register and tracking actions to closure
  • Triage, categorise and prioritise vulnerabilities based on risk, exposure and business impact
  • Support patching, configuration hardening and decommissioning activities to reduce risk exposure
  • Monitor and respond to security alerts and incidents, contributing to investigation and improvement actions
  • Help improve detection and response capability (more proactive monitoring and response workflows)
  • Work with external providers (e.g., SOC / security vendors) to reduce high-priority risks
  • Develop and maintain security playbooks (phishing, ransomware, account compromise, etc.)
  • Provide security input into projects, changes and supplier reviews so security is built-in from the start
  • Support audits / assessments (e.g., vulnerability assessments, pen tests, configuration benchmarks, PCI where relevant)
  • Contribute to awareness initiatives and practical security guidance across the business
  • Support progress against NIST CSF focus areas and maturity improvements

What we’re looking for

  • 3+ years in security operations / cybersecurity engineering (or strong IT ops experience with security ownership)
  • Strong understanding of vulnerability management processes and risk-based prioritisation
  • Familiarity with email + endpoint security controls (e.g., Defender-style toolsets, phishing controls, email security)
  • Awareness of IAM concepts: MFA, conditional access, privileged access/PIM
  • Comfortable working with technical teams to get remediation delivered (patching cycles, change, infrastructure support)
  • Clear communicator who can explain risk to both technical and non-technical stakeholders
  • Bonus points for: SIEM exposure, threat hunting, cloud security, automation/scripting, infrastructure/networking

Package

  • £45–50k salary range
  • Private medical insurance, life assurance, permanent health insurance
  • Staff discount, interest-free loan scheme, sports & social club

Working pattern

  • Hybrid: 3 days per week on-site in Hertfordshire, 2 days remote
  • Full-time: 37.5 hours/week
Apply Now
Apply Now

Job Details

Company
SR2 | Socially Responsible Recruitment | Certified B Corporation™
Location
Hertfordshire, England, United Kingdom
Posted