Security Engineer

Senior Security Engineer

Incident Response & Vulnerability Management

Summary

This role sits at the sharp end of security engineering, handling complex incidents and high-risk vulnerabilities across a broad enterprise estate.

You’ll be responsible for identifying how things actually break and get compromised, not just responding to alerts. The focus is on deep technical investigation, understanding attack paths, and fixing root causes properly, across endpoint, identity, network, and cloud layers.

What You’ll Be Doing

You’ll operate as a senior escalation point for security issues that require genuine technical depth. That means taking ownership of live incidents, working through ambiguity, and driving problems through to full resolution.

Alongside incident work, you’ll handle vulnerability remediation end-to-end, ensuring issues are not only fixed but validated and prevented from reoccurring.

Responsibilities

Own the investigation and resolution of security incidents across endpoints, identity systems, networks, and cloud platforms, including malware, ransomware, account compromise, unauthorised access, and configuration weaknesses; analyse attacker behaviour, determine root cause, and define effective containment and eradication strategies; drive incidents through full recovery, ensuring fixes address underlying issues rather than symptoms; assess and prioritise vulnerabilities based on exploitability, exposure, and business impact; coordinate remediation across infrastructure, network, and third-party teams; validate that fixes have been correctly implemented and stand up to audit scrutiny; produce clear technical documentation covering root cause and corrective actions; contribute to post-incident reviews and identify patterns or systemic weaknesses; and act as a senior escalation point, bringing structure and technical direction during high-pressure situations.

About You / Candidate Requirements

Experience

• Background in a senior security engineering or incident response role (L3 or equivalent)
• Proven experience handling incidents across endpoint, identity, network, and cloud layers
• Strong understanding of modern attack patterns including ransomware and identity compromise
• Comfortable working within structured incident or major incident environments

Technical Capability

• Able to move beyond surface-level symptoms and identify true root cause
• Strong troubleshooting skills across multiple systems and technologies
• Hands-on experience with EDR/XDR, SIEM, and vulnerability tooling (e.g. Defender stack or similar)

Nice to Have

• Experience in complex, distributed, or multi-site environments
• Exposure to regulated or audit-heavy environments
• Relevant security certifications or equivalent practical experience