As a Security Engineer, you'll help design, build, and deliver secure digital solutions in highly secure environments. You'll work alongside engineers, architects, and delivery specialists to develop technology that enables faster, safer decision-making for critical operations.
Key Responsibilities Include
Credential Lifecycle Management:
Manually creating or bulk-importing passwords, SSH keys, and API keys
Configuring and verifying Remote Password Changing (RPC) to ensure credentials rotate on a set schedule without service interruption.
Checking our servers can successfully communicate with target systems to validate that stored credentials are still correct.Discovery & Network Visibility:
Running regular Discovery scans across Active Directory and network segments to identify new privileged accounts, service accounts, and dependencies.
Mapping how service accounts are used by Windows Services, Scheduled Tasks, or IIS Application Pools to ensure rotation doesn't break critical systems.System Maintenance & Performance:
Proactive management of technical vulnerabilities and system security.
Monitoring the status of Distributed Engines (DE) to ensure they are online and processing tasks like heartbeats and password changes without latency.
Monitor and improve performance and ensure all secrets are bound to launchers, and secret templates are used and updated as required.
Configuring and verifying automated database backups (full, differential, and log) to meet Recovery Point Objectives (RPO).
Applying security patches and upgrades to our platforms
Maintain the Licenses / certifications and update where required
Check the results of recent Discovery scans to see if new privileged accounts, service accounts, or dependencies were found.Access Governance:
Managing Role-Based Access Control (RBAC) by creating roles, defining folder structures, and setting granular permissions for users and groups.Audit & Compliance:
Generating and reviewing audit logs and reports (e.g., most active users, failed heartbeats) to detect unusual activity and prove compliance.
Configuring launchers to record privileged sessions, allowing or disallowing for full keystroke and video audits of administrative work.Technical Troubleshooting:
Resolving issues related to firewall requests, load balancer configuration. Security Oversight:
Monitor Active Sessions: Session Monitoring for any currently active privileged sessions, particularly on high-value assets like Domain Controllers.
Troubleshoot any Remote Password Changing (RPC) failures from the previous 24 hours to prevent account lockouts or "stale" credentials.
Correlate server alerts with your SIEM to investigate suspicious activity, such as multiple failed login attempts or large-scale secret exports. Key Skills Required
Deploying and managing security tooling (vulnerability scanning, EDR Agents, etc);
Deploying and managing identity solutions (Directory services, IdPs, Privileged Access Management solutions);
Basic understanding of threat frameworks (such as ATT&CK).
High standards in written report and/or design documentation;
Working at a technical low level design level with the project team;
Knowledge and experience of Agile, DevSecOps, CI/CD principles and their application in secure environments;
Understanding of MOD assurance and policies;Due to the nature of the organisation and the projects worked, successful applicants must hold the highest level of Security Clearance.
Security Engineer - Farnborough - Hybrid(4 Days) - £75,000 - Highest Security Clearance Required
Salary description
£60000.00 - £75000.00 per year