Senior Cybersecurity Engineer

Location & Salary

• Location: United Kingdom (Fully remote reporting to the Hiring Manager in Ireland)
• Salary: Euro/GBP/ZAR negotiable + 2 × annual bonuses + benefits (contract or permanent depending on location)

About the Role

An established international organisation is seeking a hands‑on Senior Cybersecurity Engineer to strengthen and mature its security capabilities across cloud, identity, and operational environments. You will work across Cloudflare, Microsoft 365, endpoint and infrastructure security, and will play a key role in integrating with an external SOC provider. As the security function grows, this position offers a clear progression path toward Cybersecurity Architect or Security Lead.

What You'll Do

Security Monitoring & Detection

• Design and implement centralised security monitoring (SIEM or equivalent).
• Prepare systems and environments for managed SOC integration.
• Manage Cloudflare security (WAF, bot protection, traffic analysis).
• Strengthen Microsoft 365 visibility (identity, email, audit logs).
• Develop and refine detection use cases to improve alert quality.

Managed SOC Integration

• Act as the primary technical contact for the managed SOC provider.
• Support onboarding, log ingestion, tuning, and use‑case development.
• Validate SOC alerts, incidents, and reporting outputs.
• Continuously improve detection fidelity and reduce false positives.

Cloudflare Security

• Optimise WAF rules, bot protection, and traffic filtering.
• Manage DDoS protection and rate‑limiting policies.
• Analyse traffic patterns to identify threats and anomalies.

Microsoft 365 Security & Identity

• Strengthen Entra ID security (identity protection, conditional access).
• Enhance email security and anti‑phishing controls.
• Improve audit logging, monitoring, and investigation workflows.
• Support investigations into user activity and account compromise.

Incident Response & Operational Security

• Establish internal incident response processes aligned with SOC workflows.
• Define runbooks, escalation paths, and operational responsibilities.
• Support investigations and post‑incident reviews.

Vulnerability Management & Security Testing

• Implement vulnerability scanning across infrastructure and endpoints.
• Integrate security scanning into CI/CD pipelines.
• Drive remediation efforts and track risk reduction.

Security Engineering & Architecture

• Improve security controls across cloud, on‑prem, and hybrid environments.
• Embed security into both online and land‑based operational environments.
• Support secure design and architecture reviews.

Risk & Compliance

• Support implementation of controls aligned with DORA, ISO 27001, and similar frameworks.
• Contribute to risk identification and mitigation.
• Assist with audit readiness and evidence collection.

Stakeholder Engagement

• Build strong relationships with business and IT teams.
• Improve awareness of security risks and responsibilities.
• Act as an internal security point of contact alongside the SOC provider.

What You Bring

• 5+ years in cybersecurity or security engineering.
• Hands‑on experience with:
  • SIEM/log management
  • Cloudflare (WAF, bot protection, traffic filtering)
  • Microsoft 365 security (Entra ID, Defender, audit logs)
  • Endpoint protection
  • ISO 27001 / NIST experience
• Experience working with or integrating managed SOC services (preferred).
• Strong troubleshooting, debugging, and threat‑hunting skills.
• Ability to operate across distributed, complex environments.

Nice to Have

• Experience with the Palo Alto security ecosystem.
• Experience onboarding logs into SOC/SIEM platforms.
• Familiarity with DORA, ISO 27001, NIST CSF, or PCI‑DSS.
• Experience securing CI/CD pipelines.
• Microsoft and/or Azure certifications.

What Success Looks Like (6‑12 Months)

• Centralised visibility established and SOC‑ready.
• Managed SOC successfully onboarded and tuned.
• High‑quality detection use cases implemented (low noise, high signal).
• Cloudflare and Microsoft 365 security posture significantly improved.
• Incident response aligned with SOC workflows.
• Vulnerability management process fully operational.
• Clear progress toward DORA and audit readiness.