Senior Security Engineer en Pexa

The Senior Security Engineer will provide hands-on technical leadership within the UK, ensuring that cyber security strategy and architecture defined by AU are implemented effectively across UK subsidiaries, aligned with local jurisdictional compliance requirements.  This role bridges between AU Security, outsourced partners, and UK subsidiaries (Optima, Smoove, Legal Eye, Amity Law), ensuring successful delivery of projects, uplift initiatives, and BAU operational excellence.  This position will own UK technical approvals, impact assessments, and project-specific security delivery, acting as the local escalation point for incidents and implementations.

Key Responsibilities

Control Effectiveness: Ensure all security solutions (e.g., firewalls, EDR, WAF, posture management) remain operationally effective through regular checks and coordination with cross-functional teams.

Patch & Vulnerability Management: Ensure technical teams timely patch applications, systems, software, and hardware; address findings from vulnerability scans or penetration tests, remediating directly where possible or coordinating with system owners.

Configuration Management: Maintain and audit secure configurations for devices, applications, and cloud environments, ensuring alignment with approved baselines and CIS benchmarks.

Reviews: Conduct regular user and privileged account reviews, ensuring least-privilege principles and appropriate role-based access control.

Monitoring: Manage and monitor Privileged Identity Management (PIM) profiles and elevated access accounts.

 JML: Coordinate with IT and HR for onboarding/offboarding to ensure access consistency and policy compliance.

Maintain and optimise security infrastructure and tools, including firewalls, antivirus, WAF, cloud security posture management, and endpoint protection solutions.

Oversee encryption key and certificate management, ensuring secure communication and data protection across systems.

Work with vendors and internal teams to ensure tools remain current, licensed, and integrated effectively.

Design, configure, and maintain secure VPN and Zero-Trust network solutions for remote access and inter-site connectivity.

Manage access controls, MFA policies, and authentication mechanisms (certificates, SAML, device posture checks).

Administer and maintain network firewalls, including policy creation, rule optimisation, segmentation, and change management.

Collaborate with the SOC to investigate network-related incidents and participate in periodic penetration testing and remediation.

Document network topology, firewall rules, and VPN configurations; ensure compliance with internal standards.

Deploy, manage, and monitor Endpoint Detection & Response (EDR) and associated endpoint controls.

Maintain secure endpoint baselines covering patching, encryption, and vulnerability remediation.

Integrate endpoint compliance and posture assessments with MDM platforms (e.g., Intune).

Work with the SOC on endpoint incident investigations and automate endpoint configuration workflows where possible.

Provide hands-on security guidance to development teams throughout the software lifecycle.

Embed security into CI/CD pipelines (“shift-left”) — including SAST/DAST, dependency management, and IaC security reviews.

Contribute to secure cloud architecture and application design, ensuring alignment with global reference architectures.

Support application security testing, sign-offs, and remediation of vulnerabilities across development and cloud environments.

Collaborate with the SOC team to monitor, investigate, and triage security alerts and incidents.

Conduct log and event analysis to support proactive detection and response.

Participate in incident response, root cause analysis, and post-incident reviews to strengthen preventive controls.

Maintain accurate documentation of network, endpoint, and security control configurations.

Support compliance efforts against frameworks such as ISO 27001, SOC 2, CIS benchmarks, and Cyber Essentials Plus.

Participate in change management, risk assessments, and architecture reviews to identify potential security impacts.

Identify process optimisation opportunities, automate repetitive tasks, and drive continuous control improvement.

Assist with internal security awareness initiatives, including phishing simulations and staff training programs.

Promote a culture of security accountability across business units through practical engagement and education.

Serve as the primary UK liaison with third-party security partners for 24/7 SOC, firewall, and network operations.

Ensure outsourcing arrangements deliver effective outcomes while maintaining internal ownership and oversight.

Collaborate with AU procurement and security leadership on vendor performance and contractual governance.

Provide security consultancy and expertise to IT, DevOps, and Infrastructure teams during system upgrades and new deployments.

Contribute to vulnerability management and remediation planning across diverse technology stacks.

Evaluate emerging tools, frameworks, and security technologies, leading proofs of concept and advising on procurement.

Support penetration testing, application reviews, and other proactive security improvement initiatives.

Skills & Experience Required:

Proactive, can-do attitude to get things done quickly and efficiently.

Strong collaboration and communication skills.

Willingness to contribute ideas to the security programme.

Demonstratable first-hand experience in achieving organisational adherence to security best practices.

Experience in the practical protection of a remote working laptop estate and SaaS cloud solutions.

Experience in the security aspects of cloud web application hosting and defence measures like WAF.

Palo Alto Cortex ERD

Palo Alto Global Protect VPN

Palo Alto Prisma Cloud Firewall

Nucleus vulnerability management

Airlocker application whitelisting

Trend Micro and Abnormal email security

OKTA / Entra IDAM

Solicitar ahora