Senior Security Engineer

1         Role Purpose

Working as a Senior Security Engineer within our DSS team, you will use your expertise to facilitate the detection and response to a multitude of threats of differing capability and sophistication. You will use, administer, and maintain our SIEM, EDR, SOAR, bespoke tooling, and Threat Intelligence solutions to enable the triage of suspicious events, provide context and assessment of risk/threat to our customers.

The purpose of this role is to ensure the efficient, error-free performance of the SOC Platform. You will take a supporting role in ensuring the continuous monitoring of customer environments via both SIEM and SOC Monitor infrastructure.

You will develop technical solutions to improve the operational capability of the Platform and to support the wider SOC Monitor team.

You will also get involved in projects that maintain and enhance the capability of our services, and ensure we are providing innovative detection & response services to our clients. This includes threat hunting, supporting the implementation of new cutting-edge technology, malware analysis, recommending detections and getting involved in strategic cross-team projects as part of your wider role within our award-winning Security Operations Centre.

 

2         Key Role Responsibilities

LRQA is an award-winning provider of Cyber Security, Assurance, Incident Response and Managed Security Services provider to organisations across the world.  Due to continued expansion, we are seeking a Senior Security Engineer to support LRQA in continuing to be a renowned market leading managed provider of Managed Security and Support Services.

Key responsibilities for the role include:

 

• Monitor and maintain the technology stack, creating and tuning alerts where necessary.
• Support the implementation of any required upgrades to the Security Engineering technology stack.
• Ensure each customer’s operational health is maintained and respond to all requests within agreed SLAs.
• Train and mentor new starters and junior members of the team.
• Ensure customer environments are onboarded in a timely manner with risk ratings applied.
• Work with our Threat Detection team to develop solutions to improve detections and operational capability.
• Maintain an awareness of the latest Defensive Monitoring technologies and trends.
• Maintain an up-to-date understanding of current threats and trends in Cyber Crime and apply this information as part of your daily duties when creating custom use cases and altering the SOC Monitor infrastructure.
• Assist both Infrastructure Support and Network Operations in a wide range of duties ranging from security best practice recommendations through to analysing suspicious activity on infrastructure devices.
• Liaise with Account Managers across the business and assist with the presentation of SOC Monitor technology demonstrations to both current and prospective customers.
• Maintain regular written and verbal communication with customers, suppliers, and internally as required.

 

 

3         Role Requirements

• Extensive, hands-on experience with Microsoft Sentinel and Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps), including deployment, configuration, and day-to-day operational management within an enterprise environment.
• Strong background in SIEM and EDR/EPP technologies, with a particular focus on leveraging Microsoft Sentinel and Defender to deliver threat detection, investigation, and response capabilities.
• Proven ability to operate within a complex, high-performing service management enterprise environment, using Microsoft’s security tools to enhance visibility, resilience, and incident response effectiveness.
• Demonstrable experience in conducting security investigations using large datasets, with advanced knowledge of Kusto Query Language (KQL) to develop custom Sentinel queries and analytics rules.
• Proficient in Python, PowerShell, and RegEx, with hands-on experience developing automation scripts and integrations to support Microsoft Sentinel and Defender use cases.
• Solid understanding of enterprise IT infrastructure, including Windows and Linux operating systems, networking, and third-party security tools — and how these integrate with the Microsoft security ecosystem.
• Strong capability in analysing complex security data within Sentinel and Defender portals, identifying patterns, prioritizing threats, and presenting actionable recommendations as part of continuous service improvement initiatives.
• In-depth understanding of attack vectors, MITRE ATT&CK framework, and adversary behaviours, with the ability to distinguish between normal and abnormal activity using Microsoft security insights.
• Excellent communication skills, with experience in customer-facing roles and the ability to clearly convey technical findings and security risk to both technical and non-technical stakeholders, using Microsoft dashboards and reporting tools.

 

3.1         Desirable

• Microsoft certifications such as AZ-500, SC-300, SC-100
• Crowdstrike certifications such as CCFA