The Information Security Engineer will work closely with the Head of Security and Infrastructure, as well as the wider IT and Governance teams, to ensure the ongoing protection of RLB’s IT environments.

This is a critical role responsible for protecting infrastructure, cloud, software, and data against unauthorised use, modification, exfiltration, or damage. This role identifies threats, manages projects and engineers solutions.

An ideal candidate for this role is dedicated to learning new things, security-minded, strong initiative, and able to manage projects autonomously across diverse topics.

Responsibilities

Security Operations & Monitoring

• Management of day-to-day security operations and act as the primary contact for the third-party SOC.
• Analyse and interpret logs, alerts, and threat data to identify potential security incidents.
• Ensure security alerts and incidents are managed and remediated.
• Ensure security tooling is correctly configured, operational, and fully utilised.

Threat Detection, Incident Response & Vulnerability Management

• Support or lead security incident investigations, including root cause analysis and remediation.
• Conduct vulnerability assessments and maturity scans, ensuring risks are clearly communicated and mitigated.
• Oversee third party penetration tests, manage remediation plans, and maintain strong vendor relationships.

Security Engineering & Technology

• Work with Microsoft security technologies such as Microsoft Purview, Defender, M365, Entra ID, and Azure security tools, email security solutions and endpoint protection solutions.
• Oversee configuration changes, ensure tools are effectively integrated, and monitor identity and access management to detect potential misuse of credentials or privileges.
• Apply technical expertise to support improvements to security configuration, identity management, and endpoint security.
• Support internal teams when changes to systems may impact SOC monitoring or defensive controls.

Governance, Audit & Compliance

• Help ensure alignment with standards such as Cyber Essentials Plus, NIST 800-171, ISO 27001, and UK GDPR.
• Carry out security audits and respond to DSAR requests
• Assist with internal/external audits and maintain documentation to demonstrate compliance with RLB’s security requirements.
• Assist with the completion of supply-chain risk assessments
• Provide support for the secure onboarding of software, ensuring adherence to data security protocols, software development best practices, and all relevant requirements.

Security Culture & Continuous Improvement

• Develop and support awareness initiatives, phishing simulations, and internal training.
• Stay ahead of new threats and emerging technologies, recommending ongoing improvements.
• Promote best practice security behaviours.

Requirements

Qualifications:

• Certifications such as CEH, CISSP, Security+
• Relevant Microsoft certifications (SC-900, SC-200, AZ-140)
• Ability to obtain Security Clearance (essential)

Experience:

• Extensive experience configuring and managing M365, Microsoft Purview, Defender, and the broader Microsoft cloud security ecosystems.
• Experience working with information classification systems and Data Loss Prevention techniques.
• Experience working with or managing third party SOC, SIEM, and security vendors
• Background in overseeing penetration tests and coordination of remediation activities
• Solid understanding of incident response, vulnerability management, and general cyber defence principles
• Demonstrable experience in NIST 800-171 & ISO 27001-compliant environments

Behaviours:

• Excellent interpersonal skills with the ability to influence peers and seniors on matters concerning protective security.
• Excellent organisational skills with the ability to prioritise workload and deliver to tight time scales.
• Possesses a professional and confident manner and maintains confidentiality at all times.
• A highly motivated and driven individual who adopts a flexible and adaptable approach.

Desirable:

• Exposure to secure software development and implementation practises.

About RLB

Contact