The Corporate IT Security Operations team is responsible for securing the enterprise IT environment and supporting global business operations. The team delivers core security capabilities across endpoints, identity, monitoring, and incident response to reduce cyber risk and strengthen organizational resilience.

​

The Security Engineer is responsible for driving the effectiveness of security operations, leading incident response activities, and enhancing detection and response capabilities across the enterprise.

​

The team also explores the responsible use of automation and AI-assisted workflows to improve detection quality, response speed, and operational efficiency.

• Lead investigation and response for complex or high-impact security incidents, including coordination across cross-functional teams.
• Oversee daily security operations to ensure timely detection, triage, and resolution of security alerts and incidents.
• Drive improvements in detection coverage, including tuning alerts, queries, and dashboards across SIEM (Elastic) and EDR platforms.
• Develop and enhance incident response processes, playbooks, and operational workflows.
• Work with IT and business stakeholders to implement remediation actions and strengthen security controls.
• Oversee vulnerability management prioritisation and remediation tracking with system owners.
• Identify and implement automation, AI-assisted analysis, and workflow improvements to improve operational efficiency, alert triage, and response consistency.
• Evaluate and apply AI-enabled tools or techniques to support security operations, including alert enrichment, incident summarisation, detection tuning, reporting, and knowledge management, while ensuring appropriate governance and data protection.
• Mentor and guide engineers, supporting knowledge sharing and capability development within the team.
• Ensure accurate incident documentation, reporting, and post-incident reviews are conducted.
• Oversee and contribute to weekly and monthly security operations reporting, including metrics, incident trends, and improvement actions.
• Participate in on-call escalation support for critical incidents.

• Degree in information security, computer science, IT, or equivalent practical experience.
• Proven experience in security operations, incident response, or security engineering roles.
• Strong hands-on experience with SIEM, preferably Elastic, and EDR platforms.
• Solid experience with CrowdStrike Falcon EDR, including RTR, IOA detections, investigation, and response actions.
• Strong understanding of incident response methodologies, attack techniques, and threat detection.
• Experience coordinating incident response across multiple teams.
• Strong knowledge of operating systems, including Windows, Linux, and macOS, and networking fundamentals.
• Ability to analyse complex security events and drive resolution.
• Familiarity with AI-assisted security operations, automation, or data analysis use cases, with an understanding of responsible AI usage, data confidentiality, and validation of AI-generated outputs.
• Experience using scripting, SOAR, workflow automation, or AI-assisted tools to streamline security investigations, reporting, or operational knowledge capture is advantageous.