1,796 Microsoft Security Engineer jobs in the United Kingdom

We're working on an exciting opportunity with one of our clients with a rapidly transforming technical environment with lots of investment. They're looking to bring in an Azure Cyber Security Analyst to help drive their mission forward by protecting critical systems and embedding a robust security culture throughout the business.

Key responsibilities for the Azure Cyber Security Analyst:

As an Azure Cyber Security Analyst, you'll join a collaborative and multi-disciplinary security team that works across operations, assurance, and governance. This is a highly cross-functional role, perfect for someone with broad security expertise who enjoys variety and continual development.

As the Azure Cyber Security Analyst y ou wi ll take the lead on:

• Driving the use of Azure Cloud based security tools such as Defender and Sentinel
• Configure and manage alerts through Defender
• First and second line security operations, including vulnerability management
• Investigating and responding to security incidents
• Ensuring policies and procedures remain aligned to industry best practice
• Promoting security awareness and education throughout the organisation particularly in relation to Cloud security best practice
• Mentoring junior analysts and supporting team leadership initiatives

Key skills for the Azure Cyber Security Analyst:

• Azure environment - Essential
• Defender and Sentinel commercial experience - Essential
• Proven experience in a security-focused role, ideally across several of the following areas: security operations, vulnerability management, security assurance, risk management, or project consultancy
• A clear enthusiasm for cybersecurity, with a proactive attitude and eagerness to learn
• Solid understanding of risk assessment frameworks and methodologies
• Strong communication skills and the ability to translate complex technical issues for non-technical audiences
• A detail-oriented, self-starting mindset and a strong customer service focus

If you're ready to bring your security expertise to a team that's passionate about purpose and innovation, we'd love to hear from you.

Apply now or get in touch to learn more.

Job Title: Cyber & Information Security Lead

Type: Full Time & Permanent

Location: Hybrid/Bath, England

About the Role:

Seeking a senior cyber and information security professional to lead on safeguarding critical healthcare technology platforms. This role is ideal for someone with strong expertise in compliance, risk management, and security governance—particularly within public sector or regulated environments—who’s has been working at CISO level, or is ready to step into a strategic leadership position.

A global, forward-thinking organisation, they prioritise staff wellbeing (with flexible hybrid working offered) and are driven by a passion for creating impactful healthcare technology, with a strong commitment to quality and compliance.

Key Responsibilities:

• Security Strategy : Define and maintain a robust security strategy aligned with business goals and growth.
• Compliance : Ensure adherence to key standards including DSPT, Cyber Essentials Plus, and ISO27001:2022.
• Risk Management : Lead the identification and mitigation of information security risks across all operations.
• Security Architecture : Oversee secure system and software design throughout the development lifecycle.
• Incident Response : Manage the full lifecycle of security incidents, including reporting to relevant authorities.
• Awareness & Training : Drive a strong security culture through staff training and awareness initiatives.
• Regulatory Compliance : Support ongoing compliance with UK and EU data protection laws and regulations.
• Leadership : Provide strategic leadership and mentorship within the governance, risk, and compliance team.

Essential Skills:

• Security Leadership : Senior-level experience in information security, ideally in a CISO or equivalent role within software or health tech.
• Healthcare Standards : Strong knowledge of UK healthcare security frameworks like DSPT, DTAC, and NCSC CAF.
• ISO 27001 : Proven track record in implementing and maintaining ISO 27001:2022-certified ISMS.
• Secure by Design : Deep understanding of secure SDLC and embedding security into product and system architecture.
• Risk Management : Expertise in building and managing security risk frameworks using methodologies like OCTAVE or FAIR.
• Incident Response : Hands-on experience leading incident response, including regulatory reporting and crisis management.
• Policy & Governance : Skilled in developing and enforcing comprehensive security policies and governance structures.
• Regulatory Compliance : Strong grasp of GDPR, the Data Protection Act, and NIS Directive within a health tech context.

How to Apply:

If this sounds like an environment in which you would excel, please send your CV and a covering letter outlining your suitability, salary requirements, and availability to

Position Overview

We are seeking a Azure Security Engineer to join our UK-based team. This role will be responsible for implementing and maintaining robust security solutions across our Azure cloud infrastructure. You’ll play a key role in ensuring compliance, hardening environments, and leveraging Microsoft’s security tools to protect our systems and data.

Key Responsibilities

Security Architecture & Implementation

• Implement and maintain secure Azure architectures in line with best practices
• Develop and support cloud security policies and technical standards
• Conduct security assessments, risk analysis, and contribute to security roadmaps
• Collaborate with teams to integrate security into CI/CD and cloud-native applications

Microsoft Security Stack

• Configure and manage Microsoft Defender for Cloud, Defender for Endpoint, and Sentinel
• Deploy Microsoft Purview for compliance and information protection
• Manage Microsoft 365 Defender (Office 365, Identity, Endpoint)
• Support Conditional Access, Entra ID, and Identity Governance setups
• Implement Data Loss Prevention (DLP) and sensitivity labels
• Work with Azure Key Vault and manage encryption and certificate strategies
• Collaborate with our SOC and managed Sentinel provider on incident handling

Compliance & Governance

• Help ensure compliance with ISO 27001, SOC 2, GDPR, and NIS2
• Support configuration and monitoring in Microsoft Compliance Manager
• Maintain security documentation and assist in audit preparation
• Configure insider risk management, audit, and eDiscovery capabilities
• Track Secure Score and recommend improvements

Incident Response & Monitoring

• Configure monitoring and alerts using Microsoft tools (Sentinel, Defender)
• Participate in incident response and post-incident reviews
• Contribute to the development of business continuity and disaster recovery plans
• Track KPIs and generate reports using Microsoft compliance and security solutions

Collaboration & Support

• Work closely with DevOps, infrastructure, and application teams
• Provide technical security guidance to colleagues
• Communicate technical risks and recommendations to key stakeholders

Requirements

• Bachelor’s degree in Computer Science, Information Security, or similar
• 2+ years in cloud security roles, with at least 1 years in Microsoft Azure environments
• Experience in enterprise-level cloud environments, preferably in regulated industries

• Deep expertise in Azure security and Microsoft Defender suite
• Advanced skills in Microsoft Sentinel, Purview, Intune, and Defender for Endpoint
• Strong experience with Entra ID/Active Directory, Conditional Access, and PIM
• Hands-on with PowerShell and Microsoft Graph API for security automation
• Familiarity with M365 security, Zero Trust models, and Microsoft Information Protection
• Knowledge of compliance tools and frameworks (e.g. GDPR, ISO 27001, NIS2)
• Experience with Azure Firewall, NSGs, ASGs, and endpoint management

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Cybersecurity Architect Expert (SC-100) or working toward it
• One or more of: MS-500, SC-400, SC-900

Certifications (Desirable)

• CISSP, CISM, CCSP, or similar

• Excellent communication and technical documentation skills
• Strong problem-solving and analytical thinking
• Ability to work independently and as part of cross-functional teams
• Comfortable presenting findings and recommendations to non-technical stakeholders

Benefits

• 24 days annual leave rising to 29 days
• Enhanced parental leave
• Medicash (Health Cash Plans)
• Wellness Days
• Flexible Fridays (Opportunity to finish early)
• Birthday day off
• Employee assistance program
• Travel loan scheme
• Charity days
• Breakfast provided
• Social Events throughout the year
• Hybrid Working

Our Company:

With Intelligence is based at One London Wall, London EC2Y 5EA. We offer amazing benefits, free breakfast daily and drinks provided all day, every day. We actively encourage social networks that oversee activities from sports, book reading to rock climbing, that you are free to join.

As part of our company, you will enjoy the benefits of an open plan office and working with a social and energetic team. With Intelligence provides exclusive editorial, research, data and events for senior executives within the asset management industry. These include hedge funds, private credit, private equity, real estate and traditional asset management, and our editorial brands are seen as market leaders in providing asset manager sales and IR execs with the actionable information they require to help them raise and retain assets. To maintain and grow our position in the market we need to continue to hire highly motivated, thoughtful and to ensure our subscribers are getting the exclusive intelligence they need first, and most comprehensively, through our range of services. If you are interested so far in what you have read, please apply, we look forward to hearing from you.

We are an Equal Opportunity Employer. Our policy is not to discriminate against any applicant or employee based on actual or perceived race, age, sex or gender (including pregnancy), marital status, national origin, ancestry, citizenship status, mental or physical disability, religion, creed, colour, sexual orientation, gender identity or expression (including transgender status), veteran status, genetic information, or any other characteristic protected by applicable law.

Company description:

Water Utility Company based in Yorkshire region of England.

Job description:

Senior Cyber & Information Security Analyst

Hello! Thanks for stopping by. Let us tell you about all the great reasons to join us here at Yorkshire Water:

• We offer a competitive salary, depending on experience (£44,942 -£6,178)
• Annua incentive related bonus ( 000 maximum bonus opportunity for the perfor.

WHJS1_UKTJ

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

Information Security Officer

Hybrid – Home & London | Permanent | £68,000 | 35 hrs/week (flexible)

A rare and brilliant opportunity to join this international development children’s charity, as their new Information Security Officer . You'll be the expert, working closely with the Chief Information Officer and other senior leaders to embed security practices across systems, suppliers, and staff. You’ll be joining a small but impactful Technology team where the culture is collaborative and down-to-earth. You’ll have the autonomy to get stuck in, alongside the backing to develop professionally, whether that’s through security qualifications or broader leadership skills.

What you will be doing

As Information Security Officer , you’ll lead the implementation of the organisation’s cyber security plans.

• Act as subject matter expert on information security across the organisation
• Ensure compliance with standards like Cyber Essentials Plus and CIS .
• Oversee third-party security providers and outsourced ICT services.
• Manage incident response planning, investigations, and reporting.
• Deliver engaging training to build a strong security culture.
• Collaborate with Legal and Data Protection teams to ensure GDPR compliance.
• Stay ahead of evolving threats and technologies to drive continuous improvement.
• Opportunity to influence at board level without people management responsibilities

What we are looking for

What matters most is your hands-on experience navigating real-world security challenges and your ability to see both the technical and human side of data protection.

You should have:

• Proven experience in ICT security management and incident response (CIS and Cyber Essential Plus).
• Strong technical knowledge of Microsoft 365, Azure, and cloud security.
• Familiarity with frameworks like ISO 27001, NIST, and CIS.
• Excellent communication skills and a pragmatic, risk-based mindset.
• Relevant certifications (e.g. AZ-500, CISSP, CISM, CCSP) are highly desirable.

This role offers hyrbid working (1-2 days/week in office) as well as open discussion around different working patterns i.e 9-day fortnight and varied start/finish times. The organisation values professional development and had a learning & development fund for certifications and career growth. A strong emphasis on wellbeing and work-life balance within a supportive, inclusive culture that welcomes applicants from all backgrounds.

To apply, please submit your up-to-date CV by the 26th of August 2025 at 5.00 PM . Cover letters are not required.

Please note, only successful applicants will be contacted with further information.

We want you to have every opportunity to demonstrate your skills, ability and potential; please contact us if you require any assistance or adjustment so that we can help with making the application process work for you.

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform

• £70–80k base + 10% bonus
• Hybrid in London
• Training budget for certifications + conference attendance
• Strong emphasis on professional autonomy and ethical leadership

A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.

This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.

What you’ll bring:

• 5+ years in InfoSec, IT Security or Ops within a regulated environment
• Certification required: CISSP, CISM, CRISC, or equivalent
• Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
• Confident with security risk assessments, audit responses, and policy governance
• Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
• Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
• Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice

What you’ll be doing:

• GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
• Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
• Security awareness & training: manage phishing simulations and content using Proofpoint
• Security architecture reviews: support technical assessments of new systems and services
• Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
• Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
• Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews

Tech & tools you’ll use:

• Protecht – Enterprise risk and audit management
• Panorays – Third-party risk tooling
• Rapid7 / Armis – Vulnerability management and threat detection
• Proofpoint – Phishing and awareness platform
• Microsoft Purview – Data governance and compliance
• Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform