Role Overview

We are seeking a Security Engineer with SC clearance to implement the findings from an Azure Well-Architected Framework Security Pillar review. The organisation has a predominantly on-premise application estate, with a growing number of services hosted in Microsoft Azure. This role will ensure that security controls, governance, and monitoring are applied consistently across both environments, with a particular focus on embedding Azure security best practices.

Key Responsibilities

• Implement Security Recommendations: Deliver technical changes based on the Azure Well-Architected Framework (Security Pillar) findings, ensuring they are applied across both Azure and on-premise workloads.
• Azure Security Controls: Deploy, configure, and optimise services such as Microsoft Defender for Cloud, Azure Policy, Azure Key Vault, RBAC, and Privileged Identity Management (PIM).
• Hybrid Security Integration: Align on-premise security practices (Active Directory, firewalls, SIEM) with Azure equivalents to create a unified security posture.
• Identity & Access Management: Enhance integration between on-prem Active Directory and Azure AD, strengthening MFA, conditional access, and privileged access policies.
• Network Security: Apply recommended configurations for Azure networking (NSGs, firewalls, private endpoints) and integrate with existing on-prem perimeter defences.
• Data Protection: Implement encryption strategies, secure key management, and data classification across hybrid data stores.
• Monitoring & Threat Detection: Configure logging, monitoring, and alerting through Azure Monitor, Defender, and on-prem SIEM tooling.
• Compliance & Governance: Ensure that security implementations meet regulatory, audit, and government security standards.
• Collaboration: Partner with infrastructure, DevOps, and application teams to ensure security is embedded into ongoing operations and change initiatives.
• Documentation & Knowledge Transfer: Produce runbooks, design documentation, and knowledge-sharing sessions to uplift in-house capability.

Essential Skills & Experience

• Current SC clearance.
• Strong hands-on Azure security experience (must-have), including Defender for Cloud, Security Center, Key Vault, RBAC, and Azure AD.
• Experience securing hybrid cloud and on-prem environments.
• Understanding of the Azure Well-Architected Framework Security Pillar and ability to translate recommendations into actions.
• Familiarity with security standards and frameworks (NCSC guidance, CIS benchmarks, ISO 27001, NIST).
• Experience with identity federation, hybrid AD environments, and MFA enforcement.
• Competence with infrastructure-as-code tooling (Bicep, or Terraform) for secure deployments.
• Strong communication and stakeholder engagement skills within regulated/government settings.

Desirable Skills

• Microsoft certifications (AZ-500, SC-100, or AZ-305).
• Familiarity with other Azure Well-Architected Framework pillars.
• Experience of secure design in enterprise environments with critical national infrastructure or public sector systems.
• Background in implementing hybrid monitoring and incident response.

Roles & Reporting

• Reports to: Lead Architect / Programme Security Lead.
• Works with: On-prem Infrastructure team, Azure Platform team, DevOps Engineers, Governance & Compliance Officers, Application Owners.