Cyber Security Engineer

About CFP Energy

We are not just any energy and sustainability group; we're a dynamic, award-winning powerhouse. At the forefront of environmental innovation, we lead the charge in providing cutting-edge solutions for large-scale energy consumers.

From guiding small businesses to corporate giants on their journey to achieve net zero emissions to expertly managing risks and supplying vital power and gas resources, we do it all. But wait, there's more! We're not content with just excelling in our current ventures - we thrive on pioneering new businesses and seizing energy investment opportunities.

The Role

This is a hands-on technical role focused on enhancing and maintaining the organisation's security capabilities, emphasising Azure infrastructure. This role supports the maturity of SIEM, SOC, and EDR capabilities while actively addressing emerging threats and vulnerabilities. The security engineer will also play a critical role in incident response, compliance, and implementing innovative security technologies to strengthen the organisation’s defenses.

Essential functions of the job:

• SOC operations: perform incident triaging, threat detection, and response activities.

• SIEM & EDR management: advance and configure SIEM and EDR systems to optimise threat detection and response in Azure environments.

• Incident response: investigate and mitigate security incidents, applying root cause analysis and remediation.

• Security testing: conduct regular application and network security assessments to identify vulnerabilities.

• Threat intelligence: monitor the cybersecurity landscape for emerging threats and develop innovative defensive strategies.

• Development security: monitor version control systems, identify vulnerabilities, and collaborate with DevOps and app teams to address risks and enforce secure coding practices.

• Technology integration: evaluate, test, and integrate new security tools into the organisation's tech stack.

• Compliance support: assist in technical evidence gathering during audits and ensure adherence to compliance standards.

• Risk assessments: conduct assessments on corporate environments to identify and mitigate risks.

• Awareness and training: manage the security awareness platform and execute social engineering campaigns to improve staff vigilance.

SOC operations: perform incident triaging, threat detection, and response activities.

SIEM & EDR management: advance and configure SIEM and EDR systems to optimise threat detection and response in Azure environments.

Incident response: investigate and mitigate security incidents, applying root cause analysis and remediation.

Security testing: conduct regular application and network security assessments to identify vulnerabilities.

Threat intelligence: monitor the cybersecurity landscape for emerging threats and develop innovative defensive strategies.

Development security: monitor version control systems, identify vulnerabilities, and collaborate with DevOps and app teams to address risks and enforce secure coding practices.

Technology integration: evaluate, test, and integrate new security tools into the organisation's tech stack.

Compliance support: assist in technical evidence gathering during audits and ensure adherence to compliance standards.

Risk assessments: conduct assessments on corporate environments to identify and mitigate risks.

Awareness and training: manage the security awareness platform and execute social engineering campaigns to improve staff vigilance.