Skills

Communication Penetration Testing Incident Response Cloud Security Microsoft 365 Monitoring Training Compliance and Regulatory Risk Assessment Azure AWS GCP Microsoft Azure

Job Specifications

Senior Information Security Engineer

Galliford Try are seeking a highly skilled and experienced Senior Information Security Engineer to join our cyber security team. The role will provide hands-on technical expertise in the management of information security operations, ensuring the organisation’s security posture is maintained and aligned with strategic objectives.

This role reports into and supports the Head of Information Security & Compliance, driving the operational execution of the security programme while mentoring others and managing third-party providers. This role is pivotal in safeguarding our organisation’s digital assets, infrastructure, and sensitive data against evolving cyber threats. You will assist technical security initiatives, support compliance efforts, and collaborate across departments to embed security into our operations and development lifecycle.

Responsibilities

Threat Detection and Monitoring

Take ownership of daily security operations, working closely with the outsourced SOC / SIEM provider to monitor networks, systems, and applications for indicators of compromise or malicious activity.

Risk Assessment and Vulnerability Management

Assess the organisation’s overall security posture by identifying vulnerabilities and evaluating potential risks. Conduct regular security assessments, vulnerability and maturity scans, and reporting to highlight weaknesses that could be exploited. Evaluate the impact of emerging and zero-day threats, advising on mitigation and remediation strategies.

Incident Response and Investigation

Lead or support security incident investigations to determine the scope, root cause, and business impact of events such as breaches or cyberattacks. Coordinate containment and remediation activities with internal and external stakeholders. Maintain thorough incident documentation, produce post-incident reports, and communicate findings and trends to management.

Security Policy and Governance Support

Contribute to the development, review, and implementation of security policies, standards, and procedures. Collaborate with business units to ensure alignment with organisational and regulatory security requirements.

Security Awareness and Training

Promote a strong security culture by supporting the delivery of awareness campaigns and training programmes. Design and execute phishing simulations and other cyber-security exercises, and assist with the creation and maintenance of training materials to improve staff understanding of information security best practices.

Security Tools and Technology Management

Administer and optimise key security technologies, including Microsoft Azure, Entra ID, Microsoft 365, Microsoft Defender stack, email security solutions and endpoint protection solutions (AV/EDR). Oversee configuration changes, ensure tools are effectively integrated, and monitor identity and access management to detect potential misuse of credentials or privileges.

Compliance and Regulatory Alignment

Support compliance with relevant frameworks and regulations, including Cyber Essentials, ISO 27001, UK GDPR, and NIST best practices. Assist in internal and external audits, ensuring evidence and documentation are maintained to demonstrate ongoing compliance and continuous improvement.

Continuous Improvement and Professional Development

Stay informed on emerging threats, vulnerabilities, and security trends. Proactively recommend enhancements to tools, processes, and controls to strengthen the organisation’s overall security posture. Maintain your own professional knowledge through ongoing learning and certification.

Business-as-Usual (BAU) Activities

Contribute to day-to-day operational tasks such as reviewing quarantined emails, mentoring junior team members, handling escalated security tickets, attending meetings, and supporting or leading assigned projects.

Required Skills & Experience

• Minimum 5 years’ experience in information security or related technical roles.

• Proven track record managing or collaborating with outsourced SOC and SIEM providers.

• Hands-on experience with incident response, vulnerability management, and risk assessment.

• Skilled in maintaining and supporting an ISMS aligned to ISO 27001 and Cyber Essentials.

• Strong understanding of Microsoft 365, Azure, and related cloud security controls (AWS/GCP exposure advantageous).

• Experience planning or coordinating penetration testing and managing remediation activities.

• Knowledge of UK data protection regulations (UK GDPR, DPA 2018).

• Excellent documentation, communication, and stakeholder engagement skills.

• Adaptable, proactive, and able to manage changing priorities in a fast-paced environment.

• Collaborative team player with high ethical standards and a continuous learning mindset.

• Experience in the construction industry would be beneficial.

• Experience in regulated industries (e.g., finance, healthcare, government).

• ISO / IEC 27001 Auditing experie

About the Company

Galliford Try is a leading UK contractor passionate about providing high quality buildings and infrastructure for communities across the nation. With expertise in providing whole life solutions to both private and public clients, we have a strong track record in our chosen sectors of Building, Highways and Environment. Our network of offices across England and Scotland, provide local delivery to their regional markets, all underpinned by the strength of a nationwide FTSE business. Know more