Information Systems Security Engineer

A fantastic opportunity to join a UK-based financial services organisation that provides flexible funding solutions to SMEs nationwide. Established in the late 1990s, they have grown into one of the UK's leading independent finance providers, combining technology, service, and innovation to deliver great outcomes for their customers.

As part of their continued growth, they are strengthening their Information Security capability and are looking for an Information Security Engineer to join their technology function.

This is an excellent opportunity for someone with an IT support or infrastructure background who is looking to progress into cyber security within a Microsoft cloud-first environment. You'll be joining a collaborative technology team where learning, development, and knowledge sharing are actively encouraged.

You will support the wider Information Security function, helping to embed security best practice across the organisation. This is a hands-on role that blends security operations, Microsoft cloud security, ISO 27001 support, and IT collaboration.

You will work closely with IT and external security partners to ensure systems, processes, and people remain secure, compliant, and resilient.

• Support the day-to-day operation of the Information Security function
• Assist in maintaining an ISMS aligned to ISO 27001:2022
• Support incident response processes and disaster recovery testing with stakeholders
• Help deliver cyber security awareness training and internal communications
• Review and support updates to security policies, controls, and procedures
• Work closely with the IT team on shared operational and BAU activities
• Monitor and review security alerts and incidents managed by an external SOC provider
• Support improvement of security tooling and Microsoft security configurations

• Background in IT support or service desk (Level 2 or equivalent)
• Strong interest in cyber security and information security principles
• Experience working with Microsoft 365 administration or support
• Exposure to Azure or cloud-based environments
• Ability to follow, document, and improve technical processes and procedures
• Understanding of incident management and IT operational support
• Basic scripting or automation skills (e.g. PowerShell or similar)

• Exposure to security tools such as Microsoft Defender or Sentinel
• Awareness of SIEM tools and alert monitoring
• Understanding of ISO 27001 or other security frameworks (e.g. Cyber Essentials, NIST)
• Experience supporting or working alongside a SOC team
• Knowledge of identity and access management (e.g. Azure AD / Entra ID)
• Security-related certifications (e.g. Security+, CySA+)

This is a hybrid role with an expectation of 2 days per week in the office in South Wales.