Security Engineer Lead (Cybersecurity)

TL;DR

Security Engineer Lead (Cybersecurity): Leading the technical direction, delivery, and operation of Privilege Access Workstations, Privilege Access Management, and Identity Access Management platforms with an accent on ensuring secure access to business-critical TSA environments. Focus on translating security requirements into auditable technical controls, leading threat modeling, and driving continuous improvement across security engineering practices.

Location: Hybrid (3 days in office) & can be based in 1 of the following sites: Birmingham, Belfast, Bristol, Glasgow, London, Manchester, Sheffield

Company

hirify.global was the world’s first telco and our heritage in the sector is unrivalled.

What you will do

• Own the technical direction, delivery, and operation of Privilege Access Workstations, Privilege Access Management, and Identity Access Management platforms to deliver secure access to business-critical TSA environments.
• Translate TSA and BT security requirements into implemented, auditable technical controls, embedding security by design.
• Lead threat modeling, security assessments, and resilience testing to inform platform design and investment decisions.
• Provide authoritative security engineering leadership to architecture, service, and operations teams.
• Lead incident response and recovery for PAW, PAM, and IAM services, including on-call escalation where required.
• Drive continuous improvement across security engineering practices, automation, and tooling.

Requirements

• Strong experience leading the design and operation of PAW, PAM, and/or IAM platforms in complex, live environments.
• Deep understanding of identity, authentication, authorization, and privileged access technologies.
• Proven ability to embed security controls by design and manage security risk pragmatically.
• Hands-on background across Windows, Linux, identity services, networking, and secure access technologies.
• Experience operating in 24/7 production environments, managing incidents, and restoring service safely.
• Strong documentation skills, producing design artifacts and compliance evidence suitable for audit.

Nice to have

• Knowledge of Windows/Linux server ecosystem.
• Knowledge of PKI.
• Knowledge of Identity Access Management.
• Knowledge of Firewalls/ VPN / ZTNA.
• Knowledge of Proxy servers.

Culture & Benefits

• On-target 15% on-target bonus.
• Health Care.
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%.
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate.
• 25 days annual leave (not including bank holidays), increasing with service.
• World-class training and development opportunities.