Security Engineering Lead

About The Position

Requirements

• Hands-on experience implementing and operating Microsoft Sentinel (SIEM) in a production environment
• Strong experience across the Microsoft Defender suite, including Endpoint, Identity, M365, and Cloud
• Proven experience in incident response, including leading or contributing to real-world security incidents
• Experience building or significantly improving detection and monitoring capabilities
• Comfortable operating in a build-stage or evolving environment, with the ability to take ownership from the ground up
• Strong understanding of detection engineering principles, including building and tuning high-quality alerts
• Experience working with cloud-native environments, ideally within Azure
• Familiarity with logging, monitoring, and security telemetry across distributed systems
• Ability to define and implement practical, effective security controls
• Takes ownership of outcomes and follows through to resolution
• Able to make sound decisions under pressure, often with incomplete information
• Focuses on delivering practical, effective solutions rather than theoretical approaches
• Comfortable challenging assumptions and improving existing processes
• Works collaboratively across engineering, infrastructure, and IT team

Nice To Haves

• Experience building or scaling a SIEM or detection capability from scratch
• Experience working with or onboarding external SOC providers
• Exposure to financial services or regulated environments
• Understanding of threats relevant to payments, fraud, and account security

Responsibilities

• Detection and Security Stack Design, implement, and operate Microsoft Sentinel (SIEM) end-to-end
• Own and operate the Microsoft Defender stack, including Endpoint, Identity, M365, and Cloud
• Define logging requirements and ensure critical data sources are onboarded
• Build and maintain detection coverage aligned to real-world threats using MITRE ATT&CK
• Continuously improve signal quality, reducing noise and false positives
• Build, tune, and maintain high-quality detection rules within Microsoft Sentinel
• Leverage and extend Microsoft Defender detections
• Focus on producing high-confidence, actionable alerts
• Lead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.
• Oversee attack surface monitoring, penetration testing, and red team activities.
• Ensure vulnerabilities are prioritized based on business risk.
• Act as the internal lead during security incidents, owning decision-making and response
• Drive triage, containment, and recovery across Engineering and Infrastructure teams
• Make risk-based decisions under pressure, often with incomplete information
• Lead post-incident reviews and ensure corrective actions are implemented
• Lead onboarding of an outsourced SOC provider once SIEM capability is established
• Define runbooks, escalation paths, and operational expectations
• Own the outcomes of SOC performance, including detection quality and response effectiveness
• Hold external providers accountable for delivery and continuous improvement
• Define and enforce risk-based prioritisation of vulnerabilities
• Drive remediation with Engineering and IT teams
• Escalate where remediation timelines or SLAs are not met
• Own and maintain the IT security risk register
• Define and track key operational metrics, including MTTD, MTTR, and remediation SLAs
• Ensure risks are actively reduced over time, not simply documented
• Define requirements, validate implementation, and enforce remediation
• Escalate directly to the CTO where required

Benefits

• Generous Profit Share Plan (PSP)
• Equity via the Company Share Option Plan (CSOP)
• Competitive salary
• Annual all-expenses paid company incentive trip abroad
• Flexible learning & development budget