Security Engineer- Cardiff

This role is Cardiff based

We are Kocho

Kocho recognise that technology on its own does not deliver change and offers technology adoption services alongside excellent technical consulting to enable our clients to achieve their business goals on their journey to Become Greater.  

Our head office is in the heart of London’s West End and provides a comfortable working environment with flexible collaboration spaces that encourage our people to Become Greater with the aim to Do What’s Right. We now have offices in Cardiff and Cape Town which follow the style of our London space.  

Kocho is an equal opportunities employer. We make recruitment decisions based on qualifications, skill set and experiences. We consider all suitable candidates regardless of their age, sex, gender reassignment, race, religious beliefs, or lack thereof, marital status, disability or sexual orientation or any other protected characteristic. This is mindset aligns with our company values as we understand that we are Better Together.

The role

As a Security Engineer, you will play a critical role in safeguarding our organisation, clients, and partners from cyber threats. You will apply your experience in Security Engineering or as a Senior Security Analyst to design, implement, and optimise security measures that protect systems, networks, and data from unauthorised access, attacks, and breaches. Working closely within the Security Operations team and directly with clients, you will ensure that security controls remain effective, aligned to best practice, and continuously improved.

This role is primarily remote but you may be asked to come into the Cardiff at your manager’s discretion, we would expect a successful candidate to always attend when required. We anticipate this to be a couple times a month. In this role, you will deliver hands-on expertise across the Microsoft Security Stack, particularly Microsoft Defender XDR and Microsoft Sentinel. You will build, maintain, and enhance detection capabilities by deploying KQL analytical rules, developing Content Hub solutions, and tuning threat policies to ensure strong protection and high-quality signal. Your responsibilities will include managing phishing simulation campaigns, leading vulnerability scans, and producing accurate, well-structured reports with clear, actionable recommendations.

You will regularly engage with clients, presenting findings and guiding them through remediation activities alongside a Cyber Security Project Manager. You will also provide Incident Response support by handling escalations from the triage team, performing advanced investigations, and contributing to playbook automation using Azure Logic Apps to streamline processes and improve response consistency. Your Incident Response involvement is only from an Escalation Standpoint and you are not expected to regularly be involved in Analyst related activities. Additionally, you will audit and uplift client environments across the Microsoft 365 Security Suite, focusing on areas such as Secure Score improvements, Device Tagging, Defender policy management, Exchange configuration hardening, and other lifecycle-related security tasks. Where applicable, you may also leverage Kocho | 0800 044 5009 | [email protected] Kocho Registered in England and Wales Company Registration No: 04574934 scripting or automation skills (e.g., Python, Bicep, ARM, JSON, YAML) and contribute to Logic Apps, Azure Functions, or codeless playbooks to further enhance operational efficiencies.

This is what we need from you:

• A degree in Computer Science, Cyber Security or a related field/ Or equivalent and demonstrable experience

• Extensive experience in Security Engineering or Senior Security Analysis

• Strong knowledge of security protocols and industry standards

• Experience with vulnerability testing and risk analysis

• SME in Microsoft Defender XDR

• Strong proven knowledge of KQL & Advanced Hunting

• Experience using common vulnerability scanning tools and interpreting their results

• Strong client‑facing skills, including the ability to translate technical findings into clear, actionable recommendations.

• You will regularly prepare well‑structured reports, present security insights to both technical and non‑technical stakeholders, and provide guidance that helps clients strengthen their security posture 

Would be great if you have:

• Proficiency in certain languages, standards and assemblies/tools such as Python, Bicep, ARM, JSON, YAML

• Familiarity with Jinja2, Codeless Playbooks, Azure Functions, Azure Logic Apps

• Professional certifications such as AZ-500, SC-100, SC-200, CISSP, CEH, CYSA+

• GitHub Portfolio of solutions you’ve built.