Senior Operational Security Engineer

The Senior Operational Security Engineer owns and operates the firm’s core protective and detective security controls across endpoint, network, identity and data security domains, converting multiple best-efforts operational security activities into sustainable, auditable and scalable services.

A critical and deliberate outcome of this role is the capacity it releases across the wider CISO team. By absorbing the day-to-day operational security workload, the role frees the CISO and other senior team members to properly resource strategic, governance and management responsibilities that were previously being delivered on a best-efforts basis.

Security Operations — Endpoint & Network

• Own and operate Endpoint Detection & Response (EDR) tooling including alert triage, threat containment and endpoint health monitoring across all firm devices.
• Enforce endpoint security baselines, compliance checks and hardening standards across the estate.
• Manage anti-malware controls including policy configuration, update management and alert response.
• Configure and manage firewall and Web Application Firewall (WAF) controls, network segmentation, and remote access security.
• Working closely with the SD and Workspace team to maintain baseline security standards across endpoint environments.
• Own email security controls including anti-spam, anti-phishing, DMARC/DKIM/SPF and attachment scanning.
• Manage web filtering, proxy controls and malicious URL/content blocking.

Identity & Access Management

• Administer and manage multi-factor authentication (MFA) and single sign-on (SSO) solutions across the firm.
• Manage Privileged Access Management (PAM/PIM) controls including PAM/PIM platform administration and privileged session management.
• Own joiner, mover and leaver (JML) processes across all systems, ensuring timely and accurate access changes.
• Run periodic access review and recertification cycles, ensuring least-privilege is maintained across the estate.
• Support customer-facing access controls and authentication governance.

Data Security

• Manage Data Loss Prevention (DLP) controls including policy configuration, alert triage and response for data exfiltration events.
• Oversee data classification, retention, archiving and disposal controls within M365 and across the estate.
• Support insider threat monitoring controls and escalation procedures.
• Manage encryption standards and certificate lifecycle including monitoring, renewal and revocation

Detection & Response

• Triage and analyse security alerts from across the tooling estate, coordinating with the SOC to ensure timely detection and response.
• Lead threat hunting activities using XDR telemetry and threat intelligence to proactively identify attacker activity.
• Own and maintain the XDR platform including rule management, integrations and telemetry quality.
• Investigate security incidents, anomalous activity and SOC escalations, producing clear findings and recommendations.
• Develop and maintain incident response runbooks covering key threat scenarios and response procedures.
• Own ransomware readiness and business resilience testing activities, including backup validation and playbook maintenance.
• Manage security automation and SOAR playbook development to improve detection and response efficiency.
• Provide operational interface with the SOC, supporting SLA management and technical escalation.

Operational Reporting

• Produce clear, accurate and timely reporting covering endpoint health, network control status, DLP alert volumes, IAM control health and incident metrics.
• Contribute security operations data and metrics to the master CISO reporting pack.

Degree or equivalent professional experience in a relevant technical discipline. Relevant industry certification desirable, such as SC-200, AZ-500, CompTIA Security+, GIAC (GCIA, GCED, GCIH) or CISSP. Candidates with strong hands-on experience and demonstrable technical capability will be considered regardless of formal qualification.

• Significant hands-on experience in an operational information security or security engineering role.
• Demonstrable experience managing EDR/AV, SIEM/XDR platforms, and network security controls including firewalls, WAF and segmentation.
• Practical experience with identity and access management including MFA, PAM/PIM and access review processes.
• Experience with the enterprise security solutions suites (Endpoint, Cloud, XDR, Identity, etc) and Purview/DLP.
• Working knowledge of  PAM tooling.
• Experience in a regulated financial services environment preferred but not essential; working knowledge of ISO 27001, NIST CSF, DORA or NYDFS Part 500 beneficial.

Ability to produce clear technical documentation, reports and evidence suitable for audit and regulatory review.