Job Specifications
We are looking for a Security Engineer to design, implement, and operate security controls across a hybrid environment spanning Microsoft Azure, on-prem infrastructure, SaaS platforms, and a large UK retail footprint.
This is a hands-on technical role with architectural influence, focused on identity security, cloud security posture, threat detection, endpoint and server hardening, data protection, and compliance. You’ll work closely with Network Engineering, Infrastructure, Cloud, and Application teams to ensure security is embedded by design across the organisation.
£80,000-£100,000
London Based
What You’ll Be Doing
Design and operate security controls across Azure, on-prem servers, and SaaS applications
Define and maintain security baselines aligned to Microsoft, CIS, NIST, and Zero Trust principles
Govern cloud security using Azure Policy and Defender for Cloud
Provide security requirements and oversight for identity and access management, implemented by IAM teams
Own and operate SIEM, SOAR, and detection tooling (Microsoft Sentinel, Defender XDR)
Investigate and support incident response across identity, endpoints, servers, and cloud workloads
Implement and oversee endpoint and server security (hardening, EDR, vulnerability remediation)
Operate data protection controls including encryption, Key Vault, PKI, DLP, and sensitivity labels
Support compliance and audit activities (ISO 27001, PCI DSS, Cyber Essentials Plus, NIST)
Produce security documentation, runbooks, and audit artefacts
Collaborate closely with Network Engineering on segmentation, firewall governance, and secure connectivity
Provide security guidance across projects, platform changes, and operational teams
Essential Experience
Strong hands-on experience securing Azure environments
Deep knowledge of Microsoft Entra ID, Active Directory, MFA, Conditional Access, PIM, and RBAC
Experience with SIEM/SOAR, EDR, CSPM, and vulnerability management tools
Practical experience securing Windows Server, domain controllers, PKI/ADCS, and hybrid identity
Solid understanding of Zero Trust and secure-by-design architecture
Working knowledge of PCI DSS, ISO 27001, Cyber Essentials Plus, and NIST
Strong investigation, log analysis, and incident response skills
Desirable Experience
AWS security fundamentals (IAM, GuardDuty, Security Hub, KMS)
DevSecOps or CI/CD security practices
Infrastructure-as-Code security (Terraform, Bicep)
Container or AKS security
PowerShell or Python automation
About the Company
We are a global recruitment solutions company with four decades of experience. The idea of partnership is at the heart of everything we do at Sanderson.
Working with clients and candidates alike, we deliver permanent or contract hires, executive search assignments, fully outsourced recruitment solutions, including RPO and MSP and deploy high-performing project teams. We strive to deliver with personality and a passion for service excellence.
Our services are built on collaboration, understanding and flexibility. Our breadt...
Know more