Information Security Engineer

Type: Full Time
Duration: Permanent
Location: Glasgow
Working Pattern: +2 days working from the office, 3 days remote
Department: Information Security

The Role

This role acts as a trusted Information Security advisor, providing consultancy and hands-on support across project-based initiatives and internal change. You will work closely with IT, Architecture, and Cyber teams to ensure secure design, implementation, and continuous assurance of technologies across the firm, with a strong focus on cloud environments (Azure / M365).

Key Responsibilities

• As a trusted InfoSec advisor provide internal consultancy and support to your peers and the wider team working on project-based initiatives and internal changes.
• Attend and participate in the Technical Design Authority to provide expert security review and ensure assurance of new designs and initiatives.
• Work closely with all IT teams (Cloud, Network, Infrastructure, Data etc.) to ensure continuous risk assessment is undertaken for changes and ensure additions to the environment are assessed against industry best practice.
• Work closely with Solution Architects to ensure high and low-level designs consider security control requirements against industry standards. Where required audit final implementations against the approved designs.
• Lead the security assurance capability for the cloud services in use at the firm with a focus on Azure / MS 365 initially.  Advise on the continuous health of the environments and propose security control improvements as required.
• Ensure all designs and platform configurations are in compliance with Cyber Essentials Plus, CIS standards and technical requirements agreed with clients.
• Work with the teams to update or create hardening standards for existing or new technologies as they are onboarded.
• This role requires an element of hands-on approach for evaluation, design and risk assessment to ensure security outcomes can be fully defined and progressed effectivity.
• As external security testing is required (PEN / Web App testing etc) liaise with testing providers and project teams to ensure the scope is well defined and testing is successfully completed.  Work with the project teams to ensure remediation actions are completed and retesting takes place.
• Support the Cyber Defence team with ensuing all new technologies are onboarded successfully by identifying the correct data sources, event type and alerts to be captured.  Work with the Cyber Defence team and the managed security service provider to build suitable use cases.
• Stay current and up to date on new emerging technologies and associated vulnerabilities and risk.
• Assist the Cyber Solutions Lead with developing the Cyber Solution Strategy for the firm.  Ensure the firm continues to have robust and effective security controls in place whilst maximising utilisation of existing technologies and synergies.
• Work with the Enterprise Architect team to ensure Security Architecture considerations are embedded into existing design and assurance processes. 
• Work with the Cyber Solutions Lead to mature existing Security Architecture Polices and Standards documentation and ensure alignment to current best practices.  

·          

Essential Skills & Experience

• Proven experience of working in an Information Security / Cyber Security role with a technical focus. Experience within the legal or professional services industry is ideal, but not essential.
• Proven experience of undertaking risk assessments and technical design reviews with the ability to absorb information quickly across a broad and diverse environment whilst identifying key areas for further scrutiny.
• Working knowledge of SIEM (CrowdStrike / MS Sentinel), Endpoint Detection & Response (CrowdStrike / MS Defender), Vulnerability Management (Rapid7), Firewalls, and industry standard security tools.
• Proven experience working with the Azure / MS365 E5 security suite (Defender, Conditional Access Policies, CASB etc.). Demonstrable knowledge of the security controls available and how to pragmatically implement them to maximize the firm’s security posture.
• Experience working with AI technologies, implementing or risk assessing agentic AI agents and MCP Server / Client implementations.  Open AI / Co Pilot focused skills desirable.
• Demonstrable knowledge of implementing MS Purview and its various capabilities such as Information Protection, DLP, Insider Risk Management is desirable but not essential.
• Good overall knowledge of IT technologies and processes i.e., Networking, Server (Windows / Linux), Storage, Virtualisation, Desktop etc
• Good working knowledge of the Kusto Query Language (KQL) or CrowdStrike Query Language (CQL) and ability to construct queries for investigations and reporting would be advantageous. 
• Experience working with SAST / DAST technologies, CI/CD pipelines, cloud orchestration and automation tools, PowerShell or Python scripting would be desirable but not essential.
• As a Subject Matter Expert be able to support, advise, guide and mentor other members of the InfoSec and IT teams as required.  
• Strong organisational skills and the ability to handle multiple conflicting priorities.
• Able to work to very tight deadlines under pressure and to assimilate information quickly.
• Strong interpersonal skills including confidence, positivity, diplomacy, and the ability to gain credibility quickly.
• Excellent verbal and written communication skills, with the ability to explain technical terms in a way that non-technical persons would understand.
• Demonstrates attention to detail with a high level of accuracy.
• Positive and tenacious with the ability to pro-actively drive initiatives forward and motivate resources within and outside their team to perform.

What sets this role apart

• Opportunity to shape and mature security architecture in a global firm
• Exposure to modern cloud, AI, and security technologies
• A highly collaborative environment with influence across IT and business teams

What’s in it for you

• Modern, flexible working - A minimum of 2 days each week required from the office, 3 days from home.
• Join an award-winning global firm with strong career progression opportunities, structured development programmes, and internal mobility.
• Recognised for inclusivity, pro bono work, and global DEI initiatives.
• Benefits include life assurance from day one, wellbeing support, lifestyle discounts, and more.
  
  

The Firm

When you work at Clyde & Co, you join a team of 500 partners, 2,400 lawyers, 3,200 legal professionals and 5,500 people in nearly 70 offices and associated offices worldwide. Our values are the principles that guide the decisions we make, unite us in our endeavours and strengthen our delivery, for both our clients and our firm. We work as one, excel with clients, celebrate difference and act boldly. We are committed to operating in a responsible way by progressing towards a diverse and inclusive workforce that reflects the communities and clients it serves. We are devoted to providing an environment in which everyone can realise their potential, using its legal and professional skills to support its communities. We do this through pro bono work, volunteering and charitable partnerships, and minimising the impact it has on the environment, including through our commitment to the SBTi Net-Zero standard and the setting of ambitious emissions reduction targets.

Our Commitment

Clyde & Co is proud to be an equal opportunities employer. Our values encourage us to support fairness, celebrate diversity and prohibit all forms of discrimination in the workplace to allow everyone to excel at work. Therefore, we welcome and encourage all applications from suitably qualified individuals, regardless of background or identity. Learn more about our interview process.

A Note on Privacy

Please take a moment to read our privacy notice. This describes what personal information Clyde & Co (we) may hold about you, what it’s used for, how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting a candidate as a Recruitment Agency Partner, it is an essential requirement and your responsibility to ensure that candidates applying to Clyde & Co are aware of this privacy notice.

This is the job description as constituted at present; however, Clyde & Co reserves the right to reasonably amend it in accordance with the changing needs of the business.