Information Security Engineer

About the role

This role acts as a trusted Information Security advisor, providing consultancy and hands-on support across project-based initiatives and internal change. You will work closely with IT, Architecture, and Cyber teams to ensure secure design, implementation, and continuous assurance of technologies across the firm, with a strong focus on cloud environments (Azure / M365).

Responsibilities

• As a trusted InfoSec advisor provide internal consultancy and support to your peers and the wider team working on project-based initiatives and internal changes.
• Attend and participate in the Technical Design Authority to provide expert security review and ensure assurance of new designs and initiatives.
• Work closely with all IT teams (Cloud, Network, Infrastructure, Data etc.) to ensure continuous risk assessment is undertaken for changes and ensure additions to the environment are assessed against industry best practice.
• Work closely with Solution Architects to ensure high and low-level designs consider security control requirements against industry standards. Where required audit final implementations against the approved designs.
• Lead the security assurance capability for the cloud services in use at the firm with a focus on Azure / MS 365 initially. Advise on the continuous health of the environments and propose security control improvements as required.
• Ensure all designs and platform configurations are in compliance with Cyber Essentials Plus, CIS standards and technical requirements agreed with clients.
• Work with the teams to update or create hardening standards for existing or new technologies as they are onboarded.
• This role requires an element of hands-on approach for evaluation, design and risk assessment to ensure security outcomes can be fully defined and progressed effectivity.
• As external security testing is required (PEN / Web App testing etc) liaise with testing providers and project teams to ensure the scope is well defined and testing is successfully completed. Work with the project teams to ensure remediation actions are completed and retesting takes place.
• Support the Cyber Defence team with ensuing all new technologies are onboarded successfully by identifying the correct data sources, event type and alerts to be captured. Work with the Cyber Defence team and the managed security service provider to build suitable use cases.
• Stay current and up to date on new emerging technologies and associated vulnerabilities and risk.
• Assist the Cyber Solutions Lead with developing the Cyber Solution Strategy for the firm. Ensure the firm continues to have robust and effective security controls in place whilst maximising utilisation of existing technologies and synergies.
• Work with the Enterprise Architect team to ensure Security Architecture considerations are embedded into existing design and assurance processes.
• Work with the Cyber Solutions Lead to mature existing Security Architecture Polices and Standards documentation and ensure alignment to current best practices.
• -
• Essential Skills & Experience
• Proven experience of working in an Information Security / Cyber Security role with a technical focus. Experience within the legal or professional services industry is ideal, but not essential.
• Proven experience of undertaking risk assessments and technical design reviews with the ability to absorb information quickly across a broad and diverse environment whilst identifying key areas for further scrutiny.
• Working knowledge of SIEM (CrowdStrike / MS Sentinel), Endpoint Detection & Response (CrowdStrike / MS Defender), Vulnerability Management (Rapid7), Firewalls, and industry standard security tools.
• Proven experience working with the Azure / MS365 E5 security suite (Defender, Conditional Access Policies, CASB etc.). Demonstrable knowledge of the security controls available and how to pragmatically implement them to maximize the firm's security posture.
• Experience working with AI technologies, implementing or risk assessing agentic AI agents and MCP Server / Client implementations. Open AI / Co Pilot focused skills desirable.
• Demonstrable knowledge of implementing MS Purview and its various capabilities such as Information Protection, DLP, Insider Risk Management is desirable but not essential.
• Good overall knowledge of IT technologies and processes i.e., Networking, Server (Windows / Linux), Storage, Virtualisation, Desktop etc
• Good working knowledge of the Kusto Query Language (KQL) or CrowdStrike Query Language (CQL) and ability to construct queries for investigations and reporting would be advantageous.
• Experience working with SAST / DAST technologies, CI/CD pipelines, cloud orchestration and automation tools, PowerShell or Python scripting would be desirable but not essential.
• As a Subject Matter Expert be able to support, advise, guide and mentor ot

Benefits

Additional Information

Type: Full Time Duration: Permanent Location: Glasgow Working Pattern: +2 days working from the office, 3 days remote Department: Information Security

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at clydeco? Share your experience