Job Specifications
IT Security Engineer (Hybrid: 3 days on-site in Hertfordshire / 2 days remote) | £45–50k | Permanent
SR2 is partnering with a well-established, member-owned UK organisation to hire an IT Security Engineer to strengthen cyber resilience and improve day-to-day security operations. This is a hands-on role sitting within IT, working closely with infrastructure and support teams to embed security into BAU and projects.
What you’ll be doing
Own day-to-day vulnerability monitoring and remediation, including maintaining a vulnerability register and tracking actions to closure
Triage, categorise and prioritise vulnerabilities based on risk, exposure and business impact
Support patching, configuration hardening and decommissioning activities to reduce risk exposure
Monitor and respond to security alerts and incidents, contributing to investigation and improvement actions
Help improve detection and response capability (more proactive monitoring and response workflows)
Work with external providers (e.g., SOC / security vendors) to reduce high-priority risks
Develop and maintain security playbooks (phishing, ransomware, account compromise, etc.)
Provide security input into projects, changes and supplier reviews so security is built-in from the start
Support audits / assessments (e.g., vulnerability assessments, pen tests, configuration benchmarks, PCI where relevant)
Contribute to awareness initiatives and practical security guidance across the business
Support progress against NIST CSF focus areas and maturity improvements
What we’re looking for
3+ years in security operations / cybersecurity engineering (or strong IT ops experience with security ownership)
Strong understanding of vulnerability management processes and risk-based prioritisation
Familiarity with email + endpoint security controls (e.g., Defender-style toolsets, phishing controls, email security)
Awareness of IAM concepts: MFA, conditional access, privileged access/PIM
Comfortable working with technical teams to get remediation delivered (patching cycles, change, infrastructure support)
Clear communicator who can explain risk to both technical and non-technical stakeholders
Bonus points for: SIEM exposure, threat hunting, cloud security, automation/scripting, infrastructure/networking
Package
£45–50k salary range
Private medical insurance, life assurance, permanent health insurance
Staff discount, interest-free loan scheme, sports & social club
Working pattern
Hybrid: 3 days per week on-site in Hertfordshire, 2 days remote
Full-time: 37.5 hours/week
About the Company
Built to Make an Impact.
We exist to harness the power of recruitment to create meaningful change across the world.
Our mission is simple but profound: to connect purpose-driven talent with industries that shape a better future.
From driving innovation in Tech for Impact, advancing the global Clean Energy transition, to empowering Central Government Public Services, we are a Global Recruitment Group committed to making an impact and leaving a positive legacy.
Why We Exist
We believe recruitment should do more than fil...
Know more