Rodeo
ResourcesPartnersSign in

Fortegra

Information Security Engineer

London
€65k – €110k/yr
Posted 1 day ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Job Summary

Responsible for safeguarding the confidentiality, integrity, and availability of data, applications, infrastructure, and AI systems across the organization. The Security Engineer leads day-to-day operations of the company’s security tooling across on-premises, cloud, and SaaS environments, drives the identification, investigation, and resolution of security events, and partners with engineering and operations teams to embed security throughout the software development and deployment lifecycle. The role also helps the organization securely adopt, deploy, and govern AI technologies.

Education

Minimum Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or a related technical field, OR equivalent professional experience.
  • 4+ years of experience in an information security, security engineering, or closely related role.

Experience

  • Working knowledge of common cybersecurity frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls, MITRE ATT&CK).
  • Hands-on experience securing at least one major cloud provider (AWS, Azure, or GCP), including identity, network, and workload controls.
  • Experience with vulnerability management, patching, and remediation across servers, endpoints, containers, and cloud workloads.
  • Experience integrating security into CI/CD pipelines (SAST, DAST, SCA, secret scanning, IaC scanning).
  • Incident response experience, including triage, containment, eradication, recovery, and post-incident review.
  • Familiarity with AI/LLM security concepts (prompt injection, data leakage, model and supply-chain risks) and emerging frameworks such as the OWASP LLM Top 10, MITRE ATLAS, and the NIST AI Risk Management Framework.

Licensure, Certification, and/or Registration

  • One or more of the following preferred: CISSP, CCSP, Security+, CISM, GIAC (e.g., GSEC, GCIH, CGFA, GCSA), OSCP
  • AI/ML security credentials (e.g., AI Security/Governance certifications) a plus

Primary Job Functions

Security Operations & Incident Response

  • Monitor and tune in-place security solutions (SIEM, EDR/XDR, SOAR, email security, DLP, CSPM) for efficient and appropriate operation.
  • Lead investigations into security incidents escalated beyond Tier 1, including triage, forensic analysis, containment, eradication, and recovery.
  • Develop, maintain, and tune detections (e.g., SIEM rules, EDR custom detections) aligned to MITRE ATT&CK and the organization’s threat model.
  • Conduct and participate in tabletop exercises, purple-team engagements, and incident management drills at least annually.
  • Maintain runbooks and playbooks for common incident types, including cloud, identity, ransomware, and AI/LLM-related incidents.

Vulnerability & Threat Management

  • Lead vulnerability remediation across endpoints, servers, cloud workloads, containers, and SaaS applications, working with infrastructure and engineering teams to drive risk down.
  • Design and execute vulnerability assessments, penetration tests, red-team exercises, and security audits; manage findings through to closure.
  • Maintain hardened, up-to-date baselines (CIS Benchmarks or equivalent) for workstations, servers, cloud resources, containers, and network devices.
  • Consume and operationalize threat intelligence to anticipate and defend against new attacks and threat vectors.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Cloud & Infrastructure Security

  • Design, implement, and review security controls across cloud environments including IAM, network segmentation, encryption, logging, and posture management (CSPM/CNAPP).
  • Advance the organization’s Zero Trust strategy across identity, device, network, application, and data layers.
  • Review Infrastructure-as-Code manifests for security misconfigurations; help maintain policy-as-code guardrails.
  • Partner with IT and identity teams on IAM, SSO, MFA, privileged access management, and conditional access policies.

Application & Software Supply Chain Security

  • Partner with the CISO and engineering leadership to enforce secure coding practices; deliver annual secure-development training, including OWASP Top 10 and OWASP LLM Top 10 content.
  • Integrate and tune security testing in CI/CD pipelines: SAST, DAST, SCA, secret scanning, container image scanning, and IaC scanning.
  • Establish and maintain software supply chain controls, including SBOM generation, dependency review, and alignment with frameworks such as SLSA.
  • Lead threat-modeling sessions for new products, services, and AI-enabled features.

AI Security & Governance

  • Help define and enforce policies for the safe adoption and use of AI tools within the organization, including LLM-based assistants, agentic systems, and Model Context Protocol (MCP) or similar tool integrations.
  • Assess and mitigate risks specific to AI/ML systems the organization builds or consumes, including prompt injection, jailbreaks, insecure output handling, training-data and model integrity, sensitive-data leakage, and model/identity supply-chain risks.
  • Apply AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI Risk Management Framework, ISO/IEC 42001 concepts) when evaluating AI vendors, internal AI products, and AI-generated code.
  • Review AI-generated code for security vulnerabilities and licensing issues before it reaches production.
  • Partner with Legal, Privacy, and Engineering on AI data handling, retention, and disclosure practices.

AI-Augmented Security Operations & Tooling

  • Evaluate and deploy AI-assisted security tooling (e.g., LLM-powered alert triage, log summarization, threat-intel enrichment, phishing analysis, AI-assisted code review) to improve analyst productivity and reduce mean time to detect/respond.
  • Build lightweight automations and scripts (Python, PowerShell, or similar), leveraging AI coding assistants where appropriate, to streamline detection, response, and reporting workflows.
  • Continuously validate the accuracy and safety of AI-driven security tooling and document its operating envelope (where it can and cannot be trusted).

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Compliance, Risk & Audit

  • Prepare for and respond to internal and external IT audits and risk assessments (GDPR, DORA, PCI DSS, HIPAA, GDPR/CCPA, as applicable).
  • Maintain awareness of applicable laws and regulations related to security, data privacy, and AI (including emerging AI regulation).
  • Recommend new or enhanced security solutions and assist with their deployment, integration, and configuration in line with the organization’s security standards.
  • Maintain up-to-date knowledge of the security industry, including new attack techniques, defensive tooling, and AI-related threats and defenses.

The duties and responsibilities above describe the general nature and level of work performed. They are not intended to be an exhaustive list of all duties and responsibilities that the incumbent may be expected or asked to perform.

Periodic Job Functions

  • Periodic on-call support for security incidents.
  • Other duties as assigned.

Skills & Competencies Required

  • Hands-on experience with modern security tooling: SIEM, EDR/XDR, SOAR, WAF, CSPM/CNAPP, vulnerability management, DLP, email security, and identity-centric controls.
  • Working knowledge of cloud-native security and container security.
  • Experience with at least one scripting or automation language (Python, PowerShell, Bash, or Go).
  • Familiarity with secure software development practices, CI/CD security, and software supply chain risk.
  • Working knowledge of identity and access management concepts (SSO, MFA, PAM, Zero Trust).
  • Awareness of AI/LLM security risks and frameworks, and practical familiarity with using AI tooling responsibly to support security work.
  • Working knowledge of applicable laws and regulations as they relate to security, data privacy, and AI.
  • Strong analytical, communication, and documentation skills; able to explain technical risk to non-technical stakeholders.

Salary Range

€65,000 - €110,000 base salary, commensurate with experience.

Additional Information

Full benefit package including medical, dental, life, vision, company paid short/long term disability, 401(k), tuition assistance, and more

Job Posting Disclaimer

Fortegra has recently been made aware of unauthorized communications regarding career opportunities by individuals not associated with Fortegra or our recruitment team. Fortegra will only contact you from the Fortegra domain address (@fortegra.com). If you receive a message from someone posing as a Fortegra recruiter via text message, WhatsApp, Telegram, or other messaging platform, please report it as phishing and block the sender.

Fortegra is not accepting unsolicited resumes from search firms for this position.

Internal Notice: As part of our commitment to talent development, this position is open for internal promotion applications at the time of public posting.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Security Engineering
Cloud Security
Incident Response
Vulnerability Management
AI Security
CI/CD Security
Threat Intelligence
Identity Management
Secure Coding Practices
Python
PowerShell
SIEM
EDR/XDR
CSPM
DLP

Location

London, England, United Kingdom

Sign up to applySee more jobs like this