Information Security Engineer

Role Overview

• This role acts as a trusted Information Security advisor, providing consultancy and hands-on support across project-based initiatives and internal change.
• You will work closely with IT, Architecture, and Cyber teams to ensure secure design, implementation, and continuous assurance of technologies across the firm, with a strong focus on cloud environments (Azure / M365).
• As a trusted InfoSec advisor provide internal consultancy and support to your peers and the wider team working on project-based initiatives and internal changes.
• Attend and participate in the Technical Design Authority to provide expert security review and ensure assurance of new designs and initiatives.
• Work closely with all IT teams (Cloud, Network, Infrastructure, Data etc.) to ensure continuous risk assessment is undertaken for changes and ensure additions to the environment are assessed against industry best practice.
• Work closely with Solution Architects to ensure high and low-level designs consider security control requirements against industry standards.
• Where required audit final implementations against the approved designs.
• Lead the security assurance capability for the cloud services in use at the firm with a focus on Azure / MS 365 initially.
• Advise on the continuous health of the environments and propose security control improvements as required.
• Ensure all designs and platform configurations are in compliance with Cyber Essentials Plus, CIS standards and technical requirements agreed with clients.
• Work with the teams to update or create hardening standards for existing or new technologies as they are onboarded.
• This role requires an element of hands-on approach for evaluation, design and risk assessment to ensure security outcomes can be fully defined and progressed effectivity.
• As external security testing is required (PEN / Web App testing etc) liaise with testing providers and project teams to ensure the scope is well defined and testing is successfully completed.
• Work with the project teams to ensure remediation actions are completed and retesting takes place.
• Support the Cyber Defence team with ensuing all new technologies are onboarded successfully by identifying the correct data sources, event type and alerts to be captured.
• Work with the Cyber Defence team and the managed security service provider to build suitable use cases.
• Stay current and up to date on new emerging technologies and associated vulnerabilities and risk.
• Assist the Cyber Solutions Lead with developing the Cyber Solution Strategy for the firm.
• Ensure the firm continues to have robust and effective security controls in place whilst maximising utilisation of existing technologies and synergies.
• Work with the Enterprise Architect team to ensure Security Architecture considerations are embedded into existing design and assurance processes.
• Work with the Cyber Solutions Lead to mature existing Security Architecture Polices and Standards documentation and ensure alignment to current best practices.

Requirements

• Proven experience of working in an Information Security / Cyber Security role with a technical focus.
• Experience within the legal or professional services industry is ideal, but not essential.
• Proven experience of undertaking risk assessments and technical design reviews with the ability to absorb information quickly across a broad and diverse environment whilst identifying key areas for further scrutiny.
• Working knowledge of SIEM (CrowdStrike / MS Sentinel), Endpoint Detection & Response (CrowdStrike / MS Defender), Vulnerability Management (Rapid7), Firewalls, and industry standard security tools.
• Proven experience working with the Azure / MS365 E5 security suite (Defender, Conditional Access Policies, CASB etc.).
• Demonstrable knowledge of the security controls available and how to pragmatically implement them to maximize the firm’s security posture.
• Experience working with AI technologies, implementing or risk assessing agentic AI agents and MCP Server / Client implementations.
• Open AI / Co Pilot focused skills desirable.
• Demonstrable knowledge of implementing MS Purview and its various capabilities such as Information Protection, DLP, Insider Risk Management is desirable but not essential.
• Good overall knowledge of IT technologies and processes i.e., Networking, Server (Windows / Linux), Storage, Virtualisation, Desktop etc.
• Good working knowledge of the Kusto Query Language (KQL) or CrowdStrike Query Language (CQL) and ability to construct queries for investigations and reporting would be advantageous.
• Experience working with SAST / DAST technologies, CI/CD pipelines, cloud orchestration and automation tools, PowerShell or Python scripting would be desirable but not essential.
• As a Subject Matter Expert be able to support, advise, guide and mentor other members of the InfoSec and IT teams as required.
• Strong organisational skills and the ability to handle multiple conflicting priorities.
• Able to work to very tight deadlines under pressure and to assimilate information quickly.
• Strong interpersonal skills including confidence, positivity, diplomacy, and the ability to gain credibility quickly.
• Excellent verbal and written communication skills, with the ability to explain technical terms in a way that non-technical persons would understand.
• Demonstrates attention to detail with a high level of accuracy.
• Positive and tenacious with the ability to pro-actively drive initiatives forward and motivate resources within and outside their team to perform.

Tech Stack

• Azure
• Cloud
• Cyber Security
• Firewalls
• Linux
• Python

Benefits

• Modern, flexible working
• A minimum of 2 days each week required from the office, 3 days from home.
• Join an award-winning global firm with strong career progression opportunities, structured development programmes, and internal mobility.
• Recognised for inclusivity, pro bono work, and global DEI initiatives.
• Benefits include life assurance from day one, wellbeing support, lifestyle discounts, and more.