Cybersecurity (Infrastructure) Engineer
Hybrid
London, United Kingdom
Full Time
25-04-2025
Job Specifications
Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness unrelenting technological change to deliver innovations that provide a competitive advantage and improve everyday life worldwide.
As part of the Expleo Digital and Emerging Technology (DET) team, you will report to the Head of Cybersecurity and play an integral role in our growing Cybersecurity Practice. You will support the delivery of cybersecurity solutions across the Energy and Utilities sector, working with clients to protect critical infrastructure and improve their security posture in line with industry and regulatory expectations.
This delivery-focused role centres on infrastructure security, OT/IT boundary protection, and implementation of technical controls across regulated environments. You will contribute to assurance activities, support security design reviews, and assist in deploying cybersecurity measures that enable compliance and operational resilience.
The role provides the opportunity to work on complex infrastructure challenges, supporting the protection of nationally significant services through practical, standards-aligned cybersecurity delivery.
Responsibilities
Deliver and support the implementation of cybersecurity solutions within the Energy and Utilities sector, focusing on infrastructure security and regulatory alignment.
Perform security assessments and system hardening activities across cloud, on-premises, and hybrid infrastructure, including servers, endpoints, and network layers.
Support the design, implementation, and validation of security controls at the OT/IT boundary, addressing segmentation, access control, logging, and monitoring.
Contribute to security architecture and design reviews, providing input to ensure compliance with relevant regulations.
Assisted in identifying risks and gaps in current security postures and developing actionable remediation plans in collaboration with client stakeholders.
Support assurance activities by preparing technical documentation, implementation evidence, and audit artefacts.
Collaborate with multidisciplinary teams, including infrastructure engineers, platform specialists, and client security personnel, to ensure integrated, secure solutions.
Stay informed on sector-specific threats, vulnerabilities, and defensive techniques relevant to critical infrastructure and industrial environments.
Operate professionally in regulated environments, maintaining a delivery-focused mindset across varied client contexts and stakeholder groups.
Contribute to continuously improving internal methodologies, tooling, and knowledge sharing to strengthen Expleo’s Cybersecurity Practice and promote delivery excellence across all engagements.
Operate effectively in remote and on-site client environments, maintaining professionalism, delivery discipline, and stakeholder trust.
Qualifications
A degree (or equivalent experience) in Cybersecurity, Information Security, Computer Science, Network Engineering, or a related technical discipline.
Recognised industry certifications in cybersecurity or infrastructure security (CompTIA, ISACA, ISC2, GIAC, Microsoft, CREST, Cisco Security, or equivalent).
Certifications in security governance and frameworks: ISO/IEC 27001, NIST CSF, CAF, or CIS Controls.
Additional vendor or platform-specific certifications (AWS, Azure, Microsoft, GCP, Palo Alto, CrowdStrike, Tenable) are advantageous.
OT/ICS/SCADA-focused certifications: IEC 62443, GRID/GRID+ (SANS/GIAC), GICSP, or equivalent industrial cybersecurity training are desirable.
Demonstrable commitment to continuous professional development aligned with emerging technologies, infrastructure security, and evolving cyber threat landscapes.
Essential Skills
Strong understanding of core cybersecurity principles, risk management, and control implementation in critical infrastructure environments.
Hands-on experience with infrastructure security across cloud, on-premises, and hybrid environments.
Proven ability to implement and assess security controls at the OT/IT boundary, including segmentation, firewalls, monitoring, and remote access safeguards.
Familiarity with enterprise security tooling, including vulnerability management platforms, endpoint protection, SIEM, identity and access management, and logging solutions.
Knowledge of regulatory frameworks and industry standards relevant to the E&U sector.
Ability to conduct technical risk assessments, identify security gaps, and support the development of remediation and improvement plans.
Strong analytical and troubleshooting skills, with the ability to work independently and respond effectively in live delivery environments.
Excellent communication skills, with the ability to clearly explain technical findings to technical and non-technical stakeholders.
High-quality documentation skills for producing implementation artefacts, assurance evidence, and technical guidance for client use.
Professionalism, adaptability, and reliability in delivering within regulated, multi-stakeholder client environments.
Desired Skills
Understanding of operational technology (OT) and industrial control systems (ICS), including common architectures, protocols, and associated security challenges.
Familiarity with security practices in SCADA environments and industrial networks, including secure remote access, DMZ configurations, and asset visibility solutions.
Experience with regulatory engagement, audits, and providing evidence to demonstrate compliance with frameworks.
Exposure to IT/OT convergence challenges and experience implementing or advising on segmentation and trust zone strategies.
Awareness of sector-specific threat actors, attack techniques, and vulnerability trends.
Ability to contribute to security design and architecture discussions within complex programs and technical environments.
Experience
Hands-on experience in cybersecurity engineering, infrastructure security, or a related technical role, ideally within regulated or critical infrastructure sectors.
Demonstrable experience implementing technical controls and supporting system hardening across IT infrastructure, including cloud, on-premises, and hybrid environments.
Experience contributing to security assurance, compliance, or risk management activities in Energy and Utilities or other regulated domains.
Proven delivery of security support at the OT/IT boundary, including collaboration with operations, engineering, or control system teams.
Familiarity with the deployment and operational use of enterprise security tooling, vulnerability management, and identity/access management platforms.
Track record of working directly with clients or internal stakeholders to identify security risks, support solution implementation, and produce high-quality technical documentation.
Experience operating in multi-stakeholder environments, balancing priorities across delivery ...
About the Company
Expleo is a global engineering, technology and consulting service provider that partners with leading organisations to guide them through their business transformation, helping them achieve operational excellence and future-proof their businesses. Expleo benefits from more than 50 years of experience developing complex products, optimising manufacturing processes, and ensuring the quality of information systems. Leveraging its deep sector knowledge and wide-ranging expertise in fields including AI engineering, digitalis... Know more
Related Jobs
- Company Name
- Crone Corkill
- Job Title
- Security Analyst
- Job Description
- Security Analyst Full Time | Hybrid | Central London £65,000 - £75,000 per annum Is this the Security Analyst role for you? Crone Corkill are assisting a Central London based client as they look to add their first EU based Security Analyst to the team. Collaborating closely with the Security team in the US, you'll be responsible for incident response, vulnerability management, risk analysis and detection, with a particular focus on Europe and APAC. This is a brand new hire for a mid-level Analyst who has a passion for Information & Cyber Security, is eager to learn & collaborate, but also enjoys working independently with a good level of autonomy. What will you do as a Security Analyst? Monitor the Security estate, network traffic and systems to detect and respond to incidents, breaches and suspicious activity Investigate incidents, discover root cause and implement measures to prevent them happening again Analyse, propose and implement risk, vulnerability and threat solutions Install Security measures and use Security software to protect the business' infrastructure, firewalls, systems and data encryption programmes Analyse and manage systems to enhance the Security posture Assist with security awareness training and conduct desktop exercises for staff to ensure systems are configured and tested Develop & maintain documentation for systems, procedures, processes and more What skills do you need to be a Security Analyst? Rapid7 IDR (open to other SIEM tools) CrowdStrike Microsoft Defender Understanding of networking (Cisco Umbrella & Fortinet, IDS/IPS, etc) Experience with Vulnerability Management tools Experience with Password Management tools Experience with Security Awareness software tools Experience with Email Security tools Bachelor's in Computer Science, Cyber, etc (ideal but not essential) What's in it for you? Due to this being the first hire of its kind in Europe, there's a genuine opportunity to make this role your own, whilst also receiving a healthy amount of guidance from the CISO. Expansion in Europe and APAC is expected, so this position will also assist in leading the way from a Security perspective as the business grows.
- Company Name
- CyberCrowd
- Job Title
- Senior Security Consultant
- Job Description
- Who we are CyberCrowd is an independent cybersecurity and information services provider, based in Newbury, Berkshire. We offer a full range of top-tier security services to protect critical digital infrastructures. By combining advanced technology and expert human insight, we provide a portfolio of comprehensive services, including 24/7 Managed Security Operations Centre (SOC), Incident Response, Penetration Testing, Cyber Risk Assessments, CISO/CIO as a service, and Training. Our certified security experts and consultants offer tailored solutions for both small businesses and large enterprises across the UK, ensuring robust protection in the digital-first era. At the heart of our success lies an exceptional team. We prioritise the development of our team, providing comprehensive learning paths and opportunities for growth. Recently recognised in The Sunday Times Best Places to Work 2024, affirming our dedication to employee engagement and workplace culture. What we're looking for We are looking for a client facing security professional, with substantial experience within security who can deliver complex projects, whilst developing and maintaining client relationships at a senior level. This is a pivotal role at CyberCrowd, responsible for assisting businesses in safeguarding their digital assets, intellectual property, and driving security transformation. The consultant will utilise a deep understanding of cyber security threats, technologies, and countermeasures to design, implement, and advise on best practices to our clients. What you'll be doing This role sits in our Consulting team, meaning you’ll get to work with a wide variety of clients across a range of industries. As a Senior Consultant, you will be delivering a range of projects that could include single risk assessments through to the development of a full ISMS ensuring our clients gain accreditations in accordance with the appropriate standards. To be successful in the role you will need to demonstrate comprehensive expertise in key activities enabling you to be seen as a subject matter expert when leading engagements. • Security Assessment & Recommendations on behalf of our clients: Conduct regular security assessments, risk analyses, and incident response guidance. Recommend and prioritise remediation efforts based on findings. • Security Solutions Design: Architect and design cybersecurity solutions for a wide range of challenges, integrating both off-the-shelf and custom-developed tools. • Regulatory Compliance: Assist in ensuring compliance with industry and regulatory standards such as GDPR, ISO 27001, NIST, Cyber Essentials and NIS Directive. Offer guidance on data protection and cybersecurity practices in line with local and international standards. • Incident Response: Assist in developing and maintaining an incident response plan; provide expertise when responding to and investigating security incidents. Deliver tabletop exercises to clients. • Stakeholder Engagement: Communicate effectively with both technical and non-technical stakeholders, ensuring that security measures are understood and accepted. • Continuous Learning: Stay abreast of the latest cybersecurity threats, solutions, and best practices. Attend workshops, webinars, and conferences to expand professional knowledge. • Security Awareness Training: Develop and conduct security training sessions for our own staff as well as clients’, helping to foster a culture of security mindfulness. • Documentation: Prepare clear and comprehensive reports, guidelines, and documentation related to security policies, protocols, and incidents. • Report writing – document key findings in reports and presentations, articulating the security risks in business language. What you bring to the role • Degree in Information Security, Computer Science, or a related field (or suitable experience in the field) • Recognised security certifications (e.g., CISSP, CISM, CEH). • More than 3 years of experience in security consulting • Familiarity with UK-specific regulations and standards related to information security. • Strong analytical, problem-solving, and organisational skills. • Excellent verbal and written communication skills. • A commitment to maintaining the highest ethical standards. • Ability to work collaboratively with diverse teams and departments. • Proactive and self-motivated, with the ability to work independently. • Detail-oriented with an unwavering commitment to accuracy.
- Company Name
- Albany Beck
- Job Title
- Security Governance Consultant
- Job Description
- Security Governance Consultant Location: London (Hybrid) Overview Albany Beck is partnering with an investment bank currently enhancing its Security Risk Management capabilities. As part of this transformation, we are seeking an experienced Security Governance Consultant to support the build-out of a mature, regulatory-aligned BAU security function. This is a hands-on, delivery-focused role ideal for a seasoned Security Practitioner with deep regulatory understanding and a passion for operational excellence in cybersecurity governance. About the Role You will play a key role in formalising and managing the client’s security governance framework, working closely with the Security Director. Your work will underpin risk management, regulatory compliance, and enterprise control maturity—helping the organisation evolve from project-based security to embedded BAU operations. Key Responsibilities Maintain and regularly update security policies, standards, and procedures. Assess compliance against a broad regulatory landscape, including GDPR, FRB/OCC, and PRA (BoE). Oversee governance of control changes and support accountability mapping across services. Support the development and rollout of the enterprise risk management strategy. Contribute to security awareness and training initiatives across the organisation. Skills & Experience Required Hands-on experience in cybersecurity governance, risk, or assurance. Strong knowledge of NIST SP 800-53 and deep familiarity with GDPR and financial regulations. Experience managing service catalogues and aligning BAU controls with regulatory expectations. Proficiency in cyber legislation, data privacy, and IT change governance. Ability to operate effectively in a fast-paced, maturing environment with minimal oversight.
- Company Name
- hackajob
- Job Title
- Security Manager
- Job Description
- hackajob is collaborating with LexisNexis Risk Solutions to connect them with exceptional tech professionals for this role. Manager Security Join Us as a Security Manager and Safeguard Our Systems Are you able to operate on an operational, tactical and strategic level? About The Business At Cirium, our goal is to keep the world connected. We are the industry leader in aviation analytics; helping our customers understand the past, present, and predicting what will happen tomorrow. Our mission is to transform the aviation industry by enabling airlines, airports, travel companies, tech giants, aircraft manufacturers, financial institutions and many more accelerate their own digital transformation. About Our Team The team you will be working with spans the UK and India, including internal customers and stakeholders. You will be responsible for providing strategic and technical security direction for multiple teams of stakeholders in these regions. Additionally, you will manage your team and drive the organization towards a high-performance security culture. You will also work with Cirium’s Business Information Security Officer (BISO) to ensure security priorities are accounted for and negotiated successfully. About The Role As Manager of Information Security for Cirium, you will be responsible and accountable for safeguarding information systems and assets by identifying and solving potential and actual security concerns. Utilizing your management experience, you will work with several engineering teams spanning the UK and India, including internal customers and stakeholders. Reporting to the VP of Technology, this tactical and strategic role is pivotal to our ability to operate as an efficient and effective Tech organization. Responsibilities Providing strategic and technical security direction for multiple teams of stakeholders in the UK and India Managing your team and drive the organization towards a high-performance security culture Evangelizing the Incident Process, Business Continuity Planning (BCP), and Disaster Recovery practices to ensure all teams are aware and supportive Utilizing your experience migrating businesses and teams into using industry security best practices and frameworks. ISO 27001, NIST 800-53, and AWS Well-Architected Framework Identifying opportunities for improvement and standardization of technology, risk register, and security dashboards. Working with Business and Tech stakeholders to deliver initiatives with tangible value. Tracking and reporting on the progress of security projects and initiatives to senior leadership using a data-driven approach Requirements Experience of solving complex information security concerns in both a technical and strategic role. You can speak knowledgeably and with authority to both technical and non-technical audiences about Information Security. Be able to work with teams that build platform components securely. You can effectively apply risk mitigation strategies that align with the business and deliver large-scale security projects and improvements. Experience of managing/coaching teams to be a success. Influencing best practice security concepts with Engineering managers, Directors, and C-Level staff. Have experience of productively demanding deliverables if they compromise the overall security of Cirium. You thrive on improving the collective security knowledge both within Cirium and your team. Have an understanding that being heavy-handed with security does not drive a business towards success. You know how to balance well-established global security frameworks and influence the business and teams into their adoption over time. Possess excellent verbal and written communication skills to be effective across global diverse teams At LexisNexis Risk Solutions, having diverse employees with different perspectives is key to creating innovative new products for our global customers. We have 30 diversity employee networks globally and prioritize inclusive leadership and equitable processes as part of our culture. Our aim is for every employee to be the best version of themselves. We would actively welcome applications from candidates of diverse backgrounds and underrepresented groups. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form: https://forms.office.com/r/eVgFxjLmAK .