Senior Cyber Security Engineer

You will provide expert technical security oversight across enterprise IT platforms, acting as a trusted authority that identifies security risks, control gaps, and design weaknesses that operational teams may overlook. This is an individual contributor role with technical authority but no line management responsibilities. Your value lies in independent judgement, validation, and challenge, with only limited day-to-day operational ownership. Remediation and platform management remain with specialist infrastructure, network, endpoint, or OT teams. You will work alongside experienced engineers to assess security implications of designs, changes, and incidents, providing clear, evidence-based advice and escalating risks where controls fall short of agreed standards. The role focuses primarily on corporate IT environments, with limited OT involvement centred on collaboration and alignment to central security standards. Key Responsibilities Include, but are not limited to

• Provide expert technical security assurance across enterprise IT platforms, identifying control gaps, design weaknesses, and hidden risks that may be missed during operational delivery.
• Assess the security impact of technical designs, changes, and exceptions, providing independent challenge and clear, evidence-based recommendations.
• Support security incident response by validating technical impact, root cause, and remediation effectiveness, working alongside operational teams rather than always owning execution.
• Conduct and review vulnerability and control assessments, validating remediation outcomes and escalating unresolved or systemic risks where appropriate.
• Act as a trusted technical advisor to infrastructure, network, endpoint, and cloud teams, balancing security requirements with operational realities.
• Review and advise on firewall rules, network segmentation, and access controls, ensuring alignment with security standards and risk tolerance.
• Educate and influence IT colleagues by raising security awareness through practical, technically grounded guidance, not just policy enforcement.
• Operate autonomously, using professional judgement and experience to assess risk, document findings, and escalate where controls fall short.
  
  Essential:
• Proven experience in IT security engineering or technical security assurance, operating across enterprise infrastructure.
• Strong knowledge of endpoint protection (SentinelOne preferred), with the ability to assess configuration quality and control effectiveness rather than just operate tooling.
• Experience reviewing and assuring enterprise firewall configurations and network security controls (e.g. Palo Alto, Cisco).
• A solid understanding of encryption, certificates, and trust models as used within enterprise IT systems.
• Experience assessing security patching effectiveness and remediation outcomes across Windows and Linux platforms.
• Significant experience working with Windows and Linux environments, including legacy platforms.
• Experience conducting or reviewing vulnerability assessments using tools such as Nessus, with the ability to interpret results in context.
• Ability to analyse logs and technical evidence to identify security issues and validate root cause.
• Strong technical communication and documentation skills, able to explain risk and findings clearly to experienced engineers and non-specialists.
Desirable:
• Certifications such as CompTIA Security+, CISSP, CEH, or GIAC are beneficial but not essential; demonstrable technical assurance experience is valued over certifications.
• Understanding of OT / ICS security principles and legacy constraints, with the ability to align OT risks to enterprise security standards.
• Experience with SIEM tools, network monitoring, or threat intelligence platforms, particularly in support of investigation and assurance activities.
• Knowledge of NIST, Cyber Assessment Framework (CAF), Cyber Essentials(+) or ISO 27001, with the ability to apply standards pragmatically rather than mechanically.
• Scripting or data analysis skills to support investigation, validation, or evidence gathering.
  
  British Steel is a leading European steel manufacturer, supplying premium long products around the world.
We take great pride in our history and heritage. Not many companies can claim to have generations of families dedicating their working lives to one company, one industry. Steel gets into your blood, and this drives the passion of our people. And these 2 values deliver our third value of performance - making the products our customers want now and in the future. British Steel has a bright future and we want you to be part of it. British Steel is an armed forces friendly company, and we actively encourage applications from ex-Armed Forces Personnel, Reservists, Armed Forces Veterans and military spouses/partners. We may close this vacancy sooner than planned if we receive a high volume of suitable applications. To ensure your application is considered, we encourage you to submit it as soon as possible

We know our employees are our greatest asset and alongside the great benefits packages we offer, we continue to invest in their careers by providing a huge range of training and development opportunities. Whatever your stage in life, you'll find a range of benefits to complement your work-life balance. The benefits you'll enjoy include:
• Defined contribution company pension scheme
• 27 personal annual leave days + statutory bank holidays
• Life Assurance
• A comprehensive Company sick pay scheme
• Health Cash Plan via our partnership with Simply health
• Employee Assistance Programme