The Citation Group
Cyber Security Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Role: Cyber Security Engineer
Location: Hybrid (Wilmslow)
We are The Citation Group - a collective of businesses dedicated to supporting small and medium-sized enterprises across a range of essential services. We know that running a business means juggling a lot. Our mission is to ease these pressures by providing expertise, guidance, and solutions that enable business leaders to focus on what they do best. From HR and Health & Safety to Cybersecurity, E-Learning, and ISO compliance, we’ve got you covered.
Citation has achieved strong growth through a combination of organic expansion and strategic acquisitions, continually broadening our expertise, services, and reach to create a one-stop shop that supports businesses across the UK, Canada and Australia.
Role Purpose
The Cyber Security Engineer is a hands-on technical owner of cyber security operations across Citation Group and its brands. The role covers security monitoring and incident response, vulnerability management, identity and endpoint hardening, cloud security, web application security, and audit representation. Acting as an internal technical authority and the primary point of contact for security matters with IT Operations, development teams, auditors, and the wider business.
Key Responsibilities
Security Monitoring & Incident Response
- Triage and respond to Defender and SIEM alerts, including phishing, anomalous logons, and data exfiltration indicators
- Provide incident response end-to-end: investigation, containment, remediation, root cause analysis, and stakeholder reporting
- Conduct proactive threat hunting using available technologies including the MS Defender stack
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Vulnerability & Patch Management
- Own vulnerability identification and escalation across cloud, server, endpoint, and application layers (Tenable, Defender for Endpoint, PatchMyPC, internal VMP)
- Prioritise vulnerabilities with active exploits or affecting critical systems
- Coordinate remediation via automated patching, MDM (Jamf/Intune) deployment, or direct user support
Web Application Security
- Review and tune Cloudflare, Imperva, and Azure WAF configurations across proxied applications
- Identify control gaps and false positives; adjust rulesets as applications are onboarded
Identity & Access Management
- Administer Conditional Access, MFA, PIM, Defender for Identity, and SSO
- Conduct periodic access reviews and remediate stale or overprivileged accounts
- Manage the Dashlane enterprise password vault and oversee secrets management within Azure Key Vaults
Cloud & Endpoint Security
- Maintain security baselines and Zero Trust controls across Azure (multiple tenants/subscriptions) and AWS
- Manage endpoint hardening: Autopilot, ASR rules, AppLocker, Intune/Jamf configuration, Defender for Endpoint across MacOS, Windows and Linux


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Audit & Compliance
- Act as primary contact for ISO 27001 and Cyber Essentials+ audits
- Present to auditors, resolve non-conformities, and maintain framework alignment across teams
Documentation & Automation
- Author security standards, baselines, and runbooks, including defining and documenting Gold Standards for security configuration and hardening
- Automate operational security processes using PowerShell and Python, leveraging AI to improve performance and provide efficiencies
Required Experience and Skills
- 3+ years in a hands-on cyber security or infrastructure engineering role, ideally in a multi-entity or PE-backed environment
- Strong Microsoft security stack experience: Defender XDR, Entra ID, Conditional Access, Intune
- Vulnerability management tooling experience (Tenable, Qualys, or equivalent)
- Cloud security experience across Azure or AWS, including policy and Zero Trust concepts
- Web application security and WAF management experience (Cloudflare, Imperva, or Azure WAF)
- Scripting/automation ability in PowerShell or Python
- Incident response experience, including root cause analysis and stakeholder communication
- Audit exposure: ISO 27001 and Cyber Essentials+ preferred
- Relevant certification desirable: CySA+, AZ-500, Security+, or equivalent
- Emerging interest/exposure to AI automation, security and governance a strong plus
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills