Security Engineer

Hybrid (London)

£77,000 + Bonus

A well-established eComm business is looking for a Security Engineer to take real ownership of its security engineering function. This is a rare opportunity to join a lean, high-trust team and shape — not just operate — security controls across a modern, cloud-first technology estate.

If you're an experienced security engineer who's ready to move from executing a playbook to writing one, this role was built for you.

Security Engineer Role

Reporting to the Information Security Manager, you'll be the engineering force behind the business's cyber resilience programme. The estate spans cloud platforms (GCP and AWS), marketplace technology, SaaS, and in-house engineering — and your remit covers all of it.

You'll design and deliver security controls, drive automation, build visibility across assets and identities, and embed security across engineering, product, and operations. AI tooling is actively encouraged as a force multiplier — this is a team that works smart, not just hard.

What You'll Work On as the Security Engineer

• Designing and operating controls across cloud, identity, endpoint, data, and application layers • Leading an Asset & Application Visibility Programme — bringing continuous, automated discovery to the full estate • Zero Trust enforcement — identity-aware access across remote and internal services • SIEM engineering, detection tuning, and vulnerability management — focused on outcomes and automation • Data Loss Prevention and Identity Lifecycle controls (JML) in Entra ID and key SaaS platforms • Supporting incident response and triage of alerts requiring business context • Influencing engineering, product, and senior stakeholders on security direction

What We're Looking For as the Security Engineer

• 5+ years in security engineering or architecture, with clear technical depth and autonomy • Proven hands-on delivery across cloud security (GCP/AWS), identity (Entra ID), SIEM/detection engineering, DLP, or zero trust — ideally three or more • Strong foundations in networking, operating systems, identity protocols, and cloud architecture • A track record of building or significantly improving security capabilities, not just maintaining them • The communication skills to influence without authority across technical and non-technical teams • Comfortable making sound security judgements in ambiguous situations and defending them clearly

Nice to Have

• Experience with Rapid7 InsightVM / InsightIDR, SentinelOne, Cloudflare, OneTrust, or Microsoft Purview • Background in eComm, marketplace, or retail technology • Scripting (Python, PowerShell), Terraform, or detection-as-code experience • Familiarity with NIST CSF, ISO 27001, OWASP LLM Top 10, or similar frameworks

What's on Offer for the Security Engineer

• Real ownership — a genuine mandate to drive change, with the tooling and trust to back it up • Modern security stack: Rapid7 (with MDR), SentinelOne, OneTrust, and AI tooling at organisation level • Remote-first working with flexible in-person time at a London office • A lean, high-trust team where your decisions have direct impact

Interested?

Please click APPLY NOW for immediate consideration for the Security Engineer