Sivara GmbH is looking for a full-time Cloud IAM Support Engineer to work onsite in Inverness with a competitive salary of up to £50,000. You will support the administration and operations of Microsoft Entra ID and Okta, manage Conditional Access, and assist in integrating Enterprise Applications. The ideal candidate has proven experience with SSO integrations like SAML and OIDC, and a solid background in IAM environments. This is a pivotal role in establishing a new Identity & Access Management function.
23/06/2026
Full time
Sivara GmbH is looking for a full-time Cloud IAM Support Engineer to work onsite in Inverness with a competitive salary of up to £50,000. You will support the administration and operations of Microsoft Entra ID and Okta, manage Conditional Access, and assist in integrating Enterprise Applications. The ideal candidate has proven experience with SSO integrations like SAML and OIDC, and a solid background in IAM environments. This is a pivotal role in establishing a new Identity & Access Management function.
Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead application systems analysis and programming activities. The role is to provide senior, low latency systems and application framework engineering (skilled in Java, C++, Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA) team. The team requires a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization is a high skilled enablement group of subject matter experts who produce application frameworks and engage with application engineers to enable application modernisation to over 100 teams across Citi with a concentration on low latency e trading platforms in Markets Technology. This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. Responsibilities (but not limited to): 90% hands on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes. Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems. Provide world class expertise in Java low latency development. Utilise advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals. Consult with end users to identify system function specifications and incorporate into overall system design. Influence and negotiate with senior leaders and communicate with external parties. Mentor junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated subject matter expert (SME) in applications development. In depth experience with algorithmic trading application development, preferably in a low latency environment. Detailed comprehension and experience with market data handling and associated technologies (such as time series databases e.g. KDB). Demonstrated leadership, project management, and development skills. Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux operating system, system calls and the kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass (e.g. Solarflare OpenOnload). Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects. Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills. Nice to have Background in C++. What we'll provide you 27 days annual leave (plus bank holidays) Discretionary annual performance related bonus Private medical care & life insurance Employee assistance program Pension plan Paid parental leave Special discounts for employees, family, and friends Access to an array of learning and development resources Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
22/06/2026
Full time
Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead application systems analysis and programming activities. The role is to provide senior, low latency systems and application framework engineering (skilled in Java, C++, Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA) team. The team requires a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization is a high skilled enablement group of subject matter experts who produce application frameworks and engage with application engineers to enable application modernisation to over 100 teams across Citi with a concentration on low latency e trading platforms in Markets Technology. This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. Responsibilities (but not limited to): 90% hands on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes. Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems. Provide world class expertise in Java low latency development. Utilise advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals. Consult with end users to identify system function specifications and incorporate into overall system design. Influence and negotiate with senior leaders and communicate with external parties. Mentor junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated subject matter expert (SME) in applications development. In depth experience with algorithmic trading application development, preferably in a low latency environment. Detailed comprehension and experience with market data handling and associated technologies (such as time series databases e.g. KDB). Demonstrated leadership, project management, and development skills. Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux operating system, system calls and the kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass (e.g. Solarflare OpenOnload). Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects. Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills. Nice to have Background in C++. What we'll provide you 27 days annual leave (plus bank holidays) Discretionary annual performance related bonus Private medical care & life insurance Employee assistance program Pension plan Paid parental leave Special discounts for employees, family, and friends Access to an array of learning and development resources Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
Senior Low Latency Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities. The role is to provide senior, low latency systems and application framework engineering (skilled in Java, C++, Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA) team. The team requires a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization is a high skilled enablement group of subject matter experts who produce application frameworks and engage with application engineers to enable application modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities (but not limited to) 90% hands in the Java or Rust codebase: building microservices based event sourcing systems on a low latency in house framework. Response times of 10 microseconds to 100 microseconds. Lead integration of functions to meet goals, deploy new products, and enhance processes. Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems. Provide world class expertise in area of Java low latency development. Utilise advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals. Consult with end users to identify system function specifications and incorporate into overall system design. Influence and negotiate with senior leaders and communicate with external parties. Happy to work with and educate and support/mentor junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated SME in area(s) of Applications Development. In depth experience with Algorithmic Trading application development, preferably in a low latency environment. Detailed comprehension and experience with Market Data handling and associated technologies (such as time series databases e.g. KDB). Demonstrated leadership, project management, and development skills. Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux operating system, system calls, and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload. Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects. Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills. Nice to have Background in C++. What we'll provide you Competitive base salary (annually reviewed) and 27 days annual leave (plus bank holidays). Discretionary annual performance related bonus. Private Medical Care & Life Insurance. Employee Assistance Program. Pension Plan. Paid parental leave. Special discounts for employees, family, and friends. Access to an array of learning and development resources. This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. Legal Statements Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
22/06/2026
Full time
Senior Low Latency Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities. The role is to provide senior, low latency systems and application framework engineering (skilled in Java, C++, Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA) team. The team requires a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization is a high skilled enablement group of subject matter experts who produce application frameworks and engage with application engineers to enable application modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities (but not limited to) 90% hands in the Java or Rust codebase: building microservices based event sourcing systems on a low latency in house framework. Response times of 10 microseconds to 100 microseconds. Lead integration of functions to meet goals, deploy new products, and enhance processes. Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems. Provide world class expertise in area of Java low latency development. Utilise advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals. Consult with end users to identify system function specifications and incorporate into overall system design. Influence and negotiate with senior leaders and communicate with external parties. Happy to work with and educate and support/mentor junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated SME in area(s) of Applications Development. In depth experience with Algorithmic Trading application development, preferably in a low latency environment. Detailed comprehension and experience with Market Data handling and associated technologies (such as time series databases e.g. KDB). Demonstrated leadership, project management, and development skills. Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux operating system, system calls, and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload. Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects. Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills. Nice to have Background in C++. What we'll provide you Competitive base salary (annually reviewed) and 27 days annual leave (plus bank holidays). Discretionary annual performance related bonus. Private Medical Care & Life Insurance. Employee Assistance Program. Pension Plan. Paid parental leave. Special discounts for employees, family, and friends. Access to an array of learning and development resources. This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. Legal Statements Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
Salary: £30,000 - 55,000 per year Requirements We are looking for at least 2 years of experience in IT support, service desk, infrastructure support, systems administration, or a similar technical role. We need strong technical aptitude and the ability to understand how systems, users, infrastructure, and business processes connect. We require good diagnostic and analytical ability, with a structured approach to identifying causes rather than only treating symptoms. We need sound judgement when assessing priority, urgency, business impact, risk, and the most appropriate way forward. We need the ability to make progress independently when dealing with unfamiliar issues, incomplete information, or technical uncertainty. We need working knowledge of Microsoft desktop environments, Microsoft 365, identity and access management, networking fundamentals, and common business IT systems. We require strong written and verbal communication skills, with the ability to explain technical information clearly to both technical and non-technical users. We need good organisational ability, attention to detail, accountability for own work, and the discipline to follow through on tasks properly. We need a professional, calm, team-minded, and customer-focused approach, especially when dealing with pressure, interruptions, or frustrated users. Desirable: exposure to ERP, CRM, reporting systems, PowerShell, endpoint management, VoIP, Hyper V, Linux, ITSM tools, or Microsoft certification. Responsibilities We provide responsive, professional IT support to colleagues and, where required, external customers. We provide 1st and 2nd line IT support to users across hardware, software, networks, Microsoft 365, business systems, and user accounts. We proactively monitor, triage, prioritise, and take ownership of service desk tickets and IT tasks, ensuring timely progress and resolution in line with business impact, urgency, and service expectations. We communicate clearly with users, keeping them informed of progress, delays, workarounds, resolutions, and next steps. We support the administration of Microsoft 365, Entra ID, Active Directory, Teams, SharePoint, OneDrive, Exchange Online, endpoint devices, security groups, permissions, and user access. We assist with infrastructure support, maintenance, and troubleshooting, including network and telecoms, servers, virtual environments, desktops, laptops, mobile devices, printers, peripherals, storage, backups, and other IT equipment. We support core business systems, including ERP, CRM, reporting, logistics, stock, order processing, and accounting related systems. We maintain accurate IT asset records, including hardware, software, licences, peripherals, user equipment, and access rights. We liaise with suppliers, service providers, and internal stakeholders to progress incidents, service requests, changes, and technical issues. We create and maintain documentation, knowledge base articles, procedures, checklists, asset records, and support notes where gaps or improvements are identified. We identify recurring issues, operational risks, inefficiencies, and opportunities for permanent fixes or service improvements. We assist with IT projects, system changes, device deployments, upgrades, maintenance tasks, and internal IT process improvements. Technologies Active Directory Azure CRM ERP Hardware Hyper V Support ITSM LAN Linux Microsoft 365 Mobile Network PowerShell SAP Security SharePoint Windows Office 365 Cloud TCP/IP VPN More We are a small, hands on IT team supporting around 200 users across 6 businesses, 14 UK locations, and our Ireland operation. Our environment is broad and practical, covering Windows desktop and server environments, Linux, Hyper V clustered hosts, Microsoft 365, Entra ID, Azure services, Active Directory, ERP, CRM, SAP BusinessObjects / Crystal Reports Server, LAN/WAN/Wi Fi networking, firewalls, VoIP/SIP telecoms, endpoint management, IT asset management, service desk, and ITSM processes. We value helpfulness, common sense, quality, and getting things done properly, and we support ongoing development where relevant to the role and business needs, including Microsoft certification, technical training, systems knowledge, and specialist areas. We are makers, gamers, craftors, creators and engineers, inspired by transforming our clients businesses through experience and design, and we take pride in designing better customer experiences and solving business problems with creativity and care. last updated 25 week of 2026
21/06/2026
Full time
Salary: £30,000 - 55,000 per year Requirements We are looking for at least 2 years of experience in IT support, service desk, infrastructure support, systems administration, or a similar technical role. We need strong technical aptitude and the ability to understand how systems, users, infrastructure, and business processes connect. We require good diagnostic and analytical ability, with a structured approach to identifying causes rather than only treating symptoms. We need sound judgement when assessing priority, urgency, business impact, risk, and the most appropriate way forward. We need the ability to make progress independently when dealing with unfamiliar issues, incomplete information, or technical uncertainty. We need working knowledge of Microsoft desktop environments, Microsoft 365, identity and access management, networking fundamentals, and common business IT systems. We require strong written and verbal communication skills, with the ability to explain technical information clearly to both technical and non-technical users. We need good organisational ability, attention to detail, accountability for own work, and the discipline to follow through on tasks properly. We need a professional, calm, team-minded, and customer-focused approach, especially when dealing with pressure, interruptions, or frustrated users. Desirable: exposure to ERP, CRM, reporting systems, PowerShell, endpoint management, VoIP, Hyper V, Linux, ITSM tools, or Microsoft certification. Responsibilities We provide responsive, professional IT support to colleagues and, where required, external customers. We provide 1st and 2nd line IT support to users across hardware, software, networks, Microsoft 365, business systems, and user accounts. We proactively monitor, triage, prioritise, and take ownership of service desk tickets and IT tasks, ensuring timely progress and resolution in line with business impact, urgency, and service expectations. We communicate clearly with users, keeping them informed of progress, delays, workarounds, resolutions, and next steps. We support the administration of Microsoft 365, Entra ID, Active Directory, Teams, SharePoint, OneDrive, Exchange Online, endpoint devices, security groups, permissions, and user access. We assist with infrastructure support, maintenance, and troubleshooting, including network and telecoms, servers, virtual environments, desktops, laptops, mobile devices, printers, peripherals, storage, backups, and other IT equipment. We support core business systems, including ERP, CRM, reporting, logistics, stock, order processing, and accounting related systems. We maintain accurate IT asset records, including hardware, software, licences, peripherals, user equipment, and access rights. We liaise with suppliers, service providers, and internal stakeholders to progress incidents, service requests, changes, and technical issues. We create and maintain documentation, knowledge base articles, procedures, checklists, asset records, and support notes where gaps or improvements are identified. We identify recurring issues, operational risks, inefficiencies, and opportunities for permanent fixes or service improvements. We assist with IT projects, system changes, device deployments, upgrades, maintenance tasks, and internal IT process improvements. Technologies Active Directory Azure CRM ERP Hardware Hyper V Support ITSM LAN Linux Microsoft 365 Mobile Network PowerShell SAP Security SharePoint Windows Office 365 Cloud TCP/IP VPN More We are a small, hands on IT team supporting around 200 users across 6 businesses, 14 UK locations, and our Ireland operation. Our environment is broad and practical, covering Windows desktop and server environments, Linux, Hyper V clustered hosts, Microsoft 365, Entra ID, Azure services, Active Directory, ERP, CRM, SAP BusinessObjects / Crystal Reports Server, LAN/WAN/Wi Fi networking, firewalls, VoIP/SIP telecoms, endpoint management, IT asset management, service desk, and ITSM processes. We value helpfulness, common sense, quality, and getting things done properly, and we support ongoing development where relevant to the role and business needs, including Microsoft certification, technical training, systems knowledge, and specialist areas. We are makers, gamers, craftors, creators and engineers, inspired by transforming our clients businesses through experience and design, and we take pride in designing better customer experiences and solving business problems with creativity and care. last updated 25 week of 2026
About The Role Hippo is a rapidly growing digital consultancy passionate about building and delivering transformative digital solutions for a diverse range of Public and Private sector clients. We are recruiting for a Principal Business Analyst (Identity) to support our mission of solving complex problems at the intersection of strategy, design, and technology. As a Principal Business Analyst (Identity), you will play an important role in making Hippo the best consultancy out there. You will work as part of a multi disciplinary team combining data, design, product, delivery, analysis and engineering to deliver bespoke digital services that make a positive and meaningful impact on organisations and society. You will act as a Principal Consultant to deliver Business Analysis services to our clients. A Principal Business Analyst (Identity) at Hippo is all about bringing deep business analysis expertise, strong product thinking, and practical Identity experience to frame complex problems, shape service direction, and scale our internal capability. Our solutions empower our customers to build and support secure, scalable, and well engineered systems beyond traditional boundaries, allowing them to understand and get the most from their data and digital services. The Principal Business Analyst (Identity) will be a key player and implementer in this. Your Role in a Nutshell Identity is a growing service line for Hippo, with increasing demand for expertise across bids, discoveries and active delivery work. This role needs someone who can operate confidently with clients from day one, look beneath stated requirements, challenge assumptions and guide teams towards clear outcomes, options and delivery priorities. You will need a strong background to work credibly with senior clients, product teams, architects and technical specialists, and to lead Identity related discovery, assessment and delivery work. You'll also help build Hippo's internal Identity capability by sharing knowledge, supporting other BAs and fostering a community that helps us develop this capability in house. Lead Strategic Analysis: Lead business analysis across Identity discovery, assessment, and delivery work, helping senior clients frame complex problems and agree on outcomes. Shape Product Direction: Guide product and service direction, managing high level scope, backlogs, strategic risks, and delivery approaches across complex accounts. Senior Stakeholder Mediation: Build trusted relationships with senior client executives, successfully mediating conflicting priorities and guiding teams toward clear options. Growth and Commercial Support: Support bids, proposals, RFPs, and pre build assessments where technical Identity knowledge is required to secure new work. Build the Practice: Line manage, coach, and mentor other BAs while fostering and scaling Hippo's internal Identity capability through community activity and guidance. Skills and Experience that You Need Essential Experience Identity and IAM Expertise Deep Domain Knowledge: Strong practical experience in IAM, digital identity, architectures, and industry acronyms to guide requirements and product decisions. Identity Types: Covered across customer, workforce, and non human identity (including Agentic AI). Security Methods and Patterns: Confident handling verification (GPG45), authentication (MFA), authorisation (RBAC/ABAC/PBAC), lifecycle management (JML), governance (IGA), SSO/Federation, and Zero Trust fraud prevention. Vendor Platforms: Familiar with major identity tools (Okta, Ping, SailPoint, iProov, Entrust, OneLogin) and native cloud capabilities (Microsoft Entra, AWS, Google). Consultancy and Client Leadership Client and Stakeholder Management: Confident from day one in building senior relationships and translating complex technical concepts for non technical audiences. Problem Solving and Delivery: Skilled at turning ambiguity into clear recommendations, managing risks/dependencies, and supporting product prioritisation trade offs. Cross Functional Collaboration: Adapts analysis approaches to collaborate effectively with cross functional teams (Product, Delivery, Architecture, Engineering) to align them around key outcomes. Capability and Practice Development Mentorship and Coaching: Acts as a practice leader by coaching other Business Analysts and supporting recruitment. Community and Knowledge Sharing: Fosters internal identity capabilities by sharing project learnings, defining BA identity standards, and contributing to the wider BA community. Desirable Experience Experience establishing an Identity focused BA framework or competency matrix within a growing consultancy practice. Exposure to Fraud Prevention approaches, Zero Trust network architectures, and broader Cyber Security contexts. Benefits Contributory Pension Scheme (Hippo 6% and Employee 2%) 25 Days Holiday plus UK Public Holidays Perkbox access for a wide range of discounts Critical illness cover Life assurance and death in service cover Volunteer days Cycle to work scheme for avid cyclists Salary sacrifice electric vehicles scheme Season ticket loans Financial and general wellbeing sessions Flexible benefits scheme with options of: Private health cover Private dental cover Additional company pension contributions Additional holidays (up to an extra 2 days) Wellbeing contribution Charity contributions Tree planting Diversity, Inclusion and Belonging at Hippo At Hippo, we're dedicated to creating a diverse, equitable and inclusive workplace that works for everyone. We understand that having a diverse team unlocks our capacity for innovation, creativity and problem solving. Only by building a community of diverse perspectives, cultures and socio economic backgrounds can we create an environment where all can contribute and thrive. We actively encourage applications from underrepresented groups including women, ethnic minorities, LGBTQ+, neurodivergent and people with disabilities. We are committed to providing an inclusive and accessible recruitment process that reflects our workplace culture. We are a registered Disability Confident Employer, Mindful Employer, Endometriosis Friendly Employer and a member of the Armed Forces Covenant. Hippo continually strives to remove barriers, provide accommodations and offer reasonable adjustments to ensure equity throughout our practices. Locations We are headquartered in Leeds and have offices across the UK in Glasgow, Manchester, Birmingham, London and Bristol. We are looking for talent nationwide but you need to be located within reasonable travelling distance from one of our offices. Given the dynamic nature of a consulting business, you may be required to work on site at a Hippo office or at an in/out of town client location for a number of days per week (client dependent) and therefore candidates will need to be open/flexible to travel and working on one of those sites at least 2 days per week. We offer a generous relocation support package of up to £8,000 (please ask for terms and conditions) to help make your move a smooth one.
21/06/2026
Full time
About The Role Hippo is a rapidly growing digital consultancy passionate about building and delivering transformative digital solutions for a diverse range of Public and Private sector clients. We are recruiting for a Principal Business Analyst (Identity) to support our mission of solving complex problems at the intersection of strategy, design, and technology. As a Principal Business Analyst (Identity), you will play an important role in making Hippo the best consultancy out there. You will work as part of a multi disciplinary team combining data, design, product, delivery, analysis and engineering to deliver bespoke digital services that make a positive and meaningful impact on organisations and society. You will act as a Principal Consultant to deliver Business Analysis services to our clients. A Principal Business Analyst (Identity) at Hippo is all about bringing deep business analysis expertise, strong product thinking, and practical Identity experience to frame complex problems, shape service direction, and scale our internal capability. Our solutions empower our customers to build and support secure, scalable, and well engineered systems beyond traditional boundaries, allowing them to understand and get the most from their data and digital services. The Principal Business Analyst (Identity) will be a key player and implementer in this. Your Role in a Nutshell Identity is a growing service line for Hippo, with increasing demand for expertise across bids, discoveries and active delivery work. This role needs someone who can operate confidently with clients from day one, look beneath stated requirements, challenge assumptions and guide teams towards clear outcomes, options and delivery priorities. You will need a strong background to work credibly with senior clients, product teams, architects and technical specialists, and to lead Identity related discovery, assessment and delivery work. You'll also help build Hippo's internal Identity capability by sharing knowledge, supporting other BAs and fostering a community that helps us develop this capability in house. Lead Strategic Analysis: Lead business analysis across Identity discovery, assessment, and delivery work, helping senior clients frame complex problems and agree on outcomes. Shape Product Direction: Guide product and service direction, managing high level scope, backlogs, strategic risks, and delivery approaches across complex accounts. Senior Stakeholder Mediation: Build trusted relationships with senior client executives, successfully mediating conflicting priorities and guiding teams toward clear options. Growth and Commercial Support: Support bids, proposals, RFPs, and pre build assessments where technical Identity knowledge is required to secure new work. Build the Practice: Line manage, coach, and mentor other BAs while fostering and scaling Hippo's internal Identity capability through community activity and guidance. Skills and Experience that You Need Essential Experience Identity and IAM Expertise Deep Domain Knowledge: Strong practical experience in IAM, digital identity, architectures, and industry acronyms to guide requirements and product decisions. Identity Types: Covered across customer, workforce, and non human identity (including Agentic AI). Security Methods and Patterns: Confident handling verification (GPG45), authentication (MFA), authorisation (RBAC/ABAC/PBAC), lifecycle management (JML), governance (IGA), SSO/Federation, and Zero Trust fraud prevention. Vendor Platforms: Familiar with major identity tools (Okta, Ping, SailPoint, iProov, Entrust, OneLogin) and native cloud capabilities (Microsoft Entra, AWS, Google). Consultancy and Client Leadership Client and Stakeholder Management: Confident from day one in building senior relationships and translating complex technical concepts for non technical audiences. Problem Solving and Delivery: Skilled at turning ambiguity into clear recommendations, managing risks/dependencies, and supporting product prioritisation trade offs. Cross Functional Collaboration: Adapts analysis approaches to collaborate effectively with cross functional teams (Product, Delivery, Architecture, Engineering) to align them around key outcomes. Capability and Practice Development Mentorship and Coaching: Acts as a practice leader by coaching other Business Analysts and supporting recruitment. Community and Knowledge Sharing: Fosters internal identity capabilities by sharing project learnings, defining BA identity standards, and contributing to the wider BA community. Desirable Experience Experience establishing an Identity focused BA framework or competency matrix within a growing consultancy practice. Exposure to Fraud Prevention approaches, Zero Trust network architectures, and broader Cyber Security contexts. Benefits Contributory Pension Scheme (Hippo 6% and Employee 2%) 25 Days Holiday plus UK Public Holidays Perkbox access for a wide range of discounts Critical illness cover Life assurance and death in service cover Volunteer days Cycle to work scheme for avid cyclists Salary sacrifice electric vehicles scheme Season ticket loans Financial and general wellbeing sessions Flexible benefits scheme with options of: Private health cover Private dental cover Additional company pension contributions Additional holidays (up to an extra 2 days) Wellbeing contribution Charity contributions Tree planting Diversity, Inclusion and Belonging at Hippo At Hippo, we're dedicated to creating a diverse, equitable and inclusive workplace that works for everyone. We understand that having a diverse team unlocks our capacity for innovation, creativity and problem solving. Only by building a community of diverse perspectives, cultures and socio economic backgrounds can we create an environment where all can contribute and thrive. We actively encourage applications from underrepresented groups including women, ethnic minorities, LGBTQ+, neurodivergent and people with disabilities. We are committed to providing an inclusive and accessible recruitment process that reflects our workplace culture. We are a registered Disability Confident Employer, Mindful Employer, Endometriosis Friendly Employer and a member of the Armed Forces Covenant. Hippo continually strives to remove barriers, provide accommodations and offer reasonable adjustments to ensure equity throughout our practices. Locations We are headquartered in Leeds and have offices across the UK in Glasgow, Manchester, Birmingham, London and Bristol. We are looking for talent nationwide but you need to be located within reasonable travelling distance from one of our offices. Given the dynamic nature of a consulting business, you may be required to work on site at a Hippo office or at an in/out of town client location for a number of days per week (client dependent) and therefore candidates will need to be open/flexible to travel and working on one of those sites at least 2 days per week. We offer a generous relocation support package of up to £8,000 (please ask for terms and conditions) to help make your move a smooth one.
Protect identities at global scale. We're hiring a hands-on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity-based threats across Microsoft Entra ID/Azure AD, on prem Active Directory, and connected SaaS/IaaS. You'll serve as the enterprise SME/administrator for CrowdStrike Identity Protection, tune high-fidelity detections, integrate dark web intelligence, and orchestrate automation that measurably reduces MTTD/MTTR and risk.What you'll doLead identity threat monitoring and triageOperate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign ins, MFA fatigue, and session hijackingValidate true/false positives, prioritize by business impact, and escalate per playbooks/SLAsDrive rapid containment and remediationExecute containment actions (disable accounts, revoke sessions/tokens, isolate hosts)Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closureOwn identity-focused incident responseLead IR for credential compromise, privilege escalation, directory persistence, and lateral movementEnsure evidence handling, root cause analysis, post incident reviews, and lessons learnedEngineer detections and hunt for threatsBuild and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CKClose visibility gaps, reduce false positives, and expand privileged activity monitoringStrengthen privileged access controlsDetect anomalous privileged behavior via SIEM/UEBA and Netskope telemetryRecommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAMRespond to dark web/credential exposureIntegrate sources like CyberInt; assess exposure and targeted campaignsOrchestrate takedowns, forced resets, token revocation, and Conditional Access updatesAdminister platforms and sustain hygieneMaintain coverage/health for identity monitoring; manage upgrades and changes via CABKeep operational runbooks, SOPs, and playbooks currentAutomate and orchestrate at scaleUse PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) to automate enrichment and response, standardize workflows, and improve signal fidelityShape identity policy and controlsAdvise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAMReport outcomes and support auditsProduce executive-ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time)Maintain audit-ready evidence and support internal/external auditsWhat you'll bringBachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on prem AD, MFA, Conditional Access, SSO/SCIM)Hands-on enterprise experience administering/operating CrowdStrike Identity ProtectionProficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigationsDemonstrated experience in identity centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma)Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOARClear communication and documentation skills; comfortable producing executive ready reports and audit evidenceOperates effectively within change control/CAB and under pressure during high severity incidentsBonus pointsCertifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalentDeep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow)Experience with JIT/JEA, PAM concepts, and global on call rotationsLocation, work style, and travelOpportunities in the United States, United Kingdom, and DenmarkOnsite or hybrid depending on location and business needsOccasional on call coverage may be requiredWhy you'll love it hereOwn a mission critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygieneSolve complex problems from dark web exposure to directory persistence and lateral movementCollaborate with experienced global teams and leading vendors to continuously raise the barGrow your career in a modern, data driven security operations environmentThis is a global position that will support all our FUJIFILM Biotechnologies sites. This position can be based at any of our locations around the globe. Benefits and compensation will be governed by the location that you are based from and considered your home site.As part of any recruitment process, FUJIFILM Diosynth Biotechnologies collects and processes personal data relating to job applicants. The organization is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations and may share this as part of the global recruitment process with hiring managers in Europe and the United States.Please, no phone calls or emails to any employee of FUJIFILM about this requisition. All resumes submitted by search firms/employment agencies to any employee at FUJIFILM via-email, the internet or in any form and/or method will be deemed the sole property of FUJIFILM, unless such search firms/employment agencies were engaged by FUJIFILM for this requisition and a valid agreement with FUJIFILM is in place. In the event a candidate who was submitted outside of the FUJIFILM agency engagement process is hired, no fee or payment of any kind will be paid.
21/06/2026
Full time
Protect identities at global scale. We're hiring a hands-on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity-based threats across Microsoft Entra ID/Azure AD, on prem Active Directory, and connected SaaS/IaaS. You'll serve as the enterprise SME/administrator for CrowdStrike Identity Protection, tune high-fidelity detections, integrate dark web intelligence, and orchestrate automation that measurably reduces MTTD/MTTR and risk.What you'll doLead identity threat monitoring and triageOperate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign ins, MFA fatigue, and session hijackingValidate true/false positives, prioritize by business impact, and escalate per playbooks/SLAsDrive rapid containment and remediationExecute containment actions (disable accounts, revoke sessions/tokens, isolate hosts)Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closureOwn identity-focused incident responseLead IR for credential compromise, privilege escalation, directory persistence, and lateral movementEnsure evidence handling, root cause analysis, post incident reviews, and lessons learnedEngineer detections and hunt for threatsBuild and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CKClose visibility gaps, reduce false positives, and expand privileged activity monitoringStrengthen privileged access controlsDetect anomalous privileged behavior via SIEM/UEBA and Netskope telemetryRecommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAMRespond to dark web/credential exposureIntegrate sources like CyberInt; assess exposure and targeted campaignsOrchestrate takedowns, forced resets, token revocation, and Conditional Access updatesAdminister platforms and sustain hygieneMaintain coverage/health for identity monitoring; manage upgrades and changes via CABKeep operational runbooks, SOPs, and playbooks currentAutomate and orchestrate at scaleUse PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) to automate enrichment and response, standardize workflows, and improve signal fidelityShape identity policy and controlsAdvise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAMReport outcomes and support auditsProduce executive-ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time)Maintain audit-ready evidence and support internal/external auditsWhat you'll bringBachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on prem AD, MFA, Conditional Access, SSO/SCIM)Hands-on enterprise experience administering/operating CrowdStrike Identity ProtectionProficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigationsDemonstrated experience in identity centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma)Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOARClear communication and documentation skills; comfortable producing executive ready reports and audit evidenceOperates effectively within change control/CAB and under pressure during high severity incidentsBonus pointsCertifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalentDeep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow)Experience with JIT/JEA, PAM concepts, and global on call rotationsLocation, work style, and travelOpportunities in the United States, United Kingdom, and DenmarkOnsite or hybrid depending on location and business needsOccasional on call coverage may be requiredWhy you'll love it hereOwn a mission critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygieneSolve complex problems from dark web exposure to directory persistence and lateral movementCollaborate with experienced global teams and leading vendors to continuously raise the barGrow your career in a modern, data driven security operations environmentThis is a global position that will support all our FUJIFILM Biotechnologies sites. This position can be based at any of our locations around the globe. Benefits and compensation will be governed by the location that you are based from and considered your home site.As part of any recruitment process, FUJIFILM Diosynth Biotechnologies collects and processes personal data relating to job applicants. The organization is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations and may share this as part of the global recruitment process with hiring managers in Europe and the United States.Please, no phone calls or emails to any employee of FUJIFILM about this requisition. All resumes submitted by search firms/employment agencies to any employee at FUJIFILM via-email, the internet or in any form and/or method will be deemed the sole property of FUJIFILM, unless such search firms/employment agencies were engaged by FUJIFILM for this requisition and a valid agreement with FUJIFILM is in place. In the event a candidate who was submitted outside of the FUJIFILM agency engagement process is hired, no fee or payment of any kind will be paid.
Group Head of IT Department: IT Employment Type: Full Time Location: London Reporting To: Angus Beaumont Description Harmony is on a mission to be the best life safety partner to work with and for. Rated an 'Outstanding Employer' by Best Companies in 2025, we are only getting bigger and stronger - and we're looking for A-players to help us get there. We are passionate about making a difference and obsessed with quality. Our goal is to build a world where every resident can sleep safely at night, knowing their home is 100% safe. This is a security first leadership role. You will own cyber security and data protection across the Harmony group (Harmony Fire, Solidcor, Auro Technology) end to end - strategy, delivery and BAU - acting as the most senior security voice in the business below the Group IT Director. Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001 sit with you. UK GDPR compliance sits with you as the group's Data Protection Lead (a non statutory role distinct from a formal DPO appointment). The group's security posture, risk register, incident response and audit defensibility all sit with you. If something has a security or data protection dimension, it lands on your desk first. Security cannot exist in isolation, so you will also run the day to day IT function - line managing the IT Technician, overseeing the helpdesk, vendor stack and infrastructure resilience for around 250 users across three trading entities. Operations exist to deliver a secure platform, not the other way around. IT Project Managers will deliver new systems into the group; you will accept those handovers and operationalise them into BAU only once they meet your security bar. Reporting to the Group IT Director, you will be the security leader the group trusts to keep its people productive, its data protected and its certifications intact through 30% year on year growth. This is more than an IT role. It is about bringing the right energy, accountability and resilience to our mission of saving lives through fire and height safety. Key Responsibilities Own the group's cyber security strategy, posture and risk register - the most senior security accountability in the business below the Group IT Director. Lead all formal security certifications end to end: Cyber Essentials Plus annual recertification, IASME Cyber Assurance alignment and ISO 27001 ISMS - scoping, risk treatment, Statement of Applicability, internal audits, management review and external audit defence. Apply additional frameworks where they strengthen the group's posture - NIST CSF, CIS Controls, NCSC Cyber Assessment Framework - and embed them into operational practice. Act as the group's Data Protection Lead (not a statutory DPO under UK GDPR Article 37) - own UK GDPR and DPA 2018 compliance, ROPA, DPIAs, retention schedules, DSARs, breach notification, processor agreements and supplier due diligence. Run security operations day to day - endpoint protection (Bitdefender GravityZone), conditional access, MFA, identity governance, vulnerability management, and security awareness and phishing simulation programmes via KnowBe4. Lead incident response - triage, containment, recovery, post incident review and reporting, with playbooks kept current and tested. Oversee security across Auro Technology's software stack - IoT device firmware, cloud platforms, mobile and web applications - partnering with the Auro engineering team on secure SDLC, code review, dependency management, secrets handling and product security posture. Act as the security gatekeeper for IT project handovers - accept newly delivered systems from IT Project Managers into BAU only once documentation, monitoring, support runbooks and security controls meet the group's bar. Run vendor and licensing relationships across the IT and security stack - renewals, commercial negotiation and security due diligence on every new supplier before they are onboarded. Run the day to day IT function in service of the security mission - line manage the IT Technician, oversee the Atera helpdesk, own SLAs and personally take the hardest tickets when they have a security dimension. Maintain infrastructure resilience - backups, disaster recovery, business continuity, identity, network and connectivity - owned, documented and tested. Run secure onboarding and offboarding at scale, keeping identity hygiene and asset control airtight as the group grows. Skills, Knowledge and Expertise An A-player mindset - high standards, extreme ownership and the drive to do things properly, the first time. A security professional first and foremost - your career identity is cyber security and information assurance, not IT generalism that happens to include security. Proven track record leading Cyber Essentials Plus and ISO 27001 (or actively driving towards certification) in a real organisation - not a tabletop exercise. Strong working knowledge of UK GDPR and the Data Protection Act 2018, with hands on experience of DSARs, DPIAs, breach response and supplier DPAs. Deep, hands on Microsoft 365 and Entra ID security experience - conditional access, Intune, identity governance, the Defender stack and security baselines. Demonstrable security operations experience - EDR/XDR, vulnerability management, incident response and security awareness programmes. Pragmatic, hands on operator - comfortable running a helpdesk and line managing an IT Technician alongside the security and compliance remit. Confident commercial mindset - budget ownership, vendor negotiation and the ability to challenge supplier security claims with evidence. Excellent written and verbal communication, able to translate technical risk plainly for non technical leadership and field staff. Right to work in the UK and able to travel between London, Yeovil, Chesterfield, Edinburgh and other group sites as required. Recognised certification - CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, Microsoft SC 100 / SC 200 / SC 300. IASME Cyber Assurance experience. Formal Data Protection Officer training or qualification (e.g. PC.dp, BCS Practitioner Certificate in Data Protection). Experience in fire safety, construction, manufacturing or field engineering environments. Familiarity with our wider stack - Salesforce, SimPRO, Unleashed, Supabase, Cloudflare, Microsoft Fabric. Hands on experience with KnowBe4 (or equivalent security awareness and phishing simulation platforms). NIST CSF, CIS Controls or NCSC CAF practical experience. Benefits This is a chance to own cyber security and data protection end to end for a three entity group at one of the UK's fastest growing safety specialists - with the autonomy to set the security bar, hold certifications and shape the group's posture as we grow 30% year on year. At Harmony, we ask a lot - and we give a lot back. The hours are real, the standards are high and the work is demanding, but for those who show up, deliver and go the extra mile, the rewards follow. A players here enjoy a competitive salary, a performance bonus tied to successful, on time delivery against roadmap milestones and delivery KPIs, a Personal Development Plan with ongoing training and leadership mentoring, unlimited holiday, private medical insurance, enhanced maternity and paternity, lunch, snacks and refreshments on us every day (fresh fruit and Takeaway Fridays included), a team social budget, cycle to work, an auto enrolment pension, two major company events a year and our Reward and Recognition scheme - including European mini breaks for those who go above and beyond. It is a collaborative, high energy environment focused on doing things the right way - technically, ethically and practically - and none of it is a perk for showing up; it's what we share with the people pulling the business forward. Harmony is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. We want everyone who works with us to feel valued and to make a difference.
20/06/2026
Full time
Group Head of IT Department: IT Employment Type: Full Time Location: London Reporting To: Angus Beaumont Description Harmony is on a mission to be the best life safety partner to work with and for. Rated an 'Outstanding Employer' by Best Companies in 2025, we are only getting bigger and stronger - and we're looking for A-players to help us get there. We are passionate about making a difference and obsessed with quality. Our goal is to build a world where every resident can sleep safely at night, knowing their home is 100% safe. This is a security first leadership role. You will own cyber security and data protection across the Harmony group (Harmony Fire, Solidcor, Auro Technology) end to end - strategy, delivery and BAU - acting as the most senior security voice in the business below the Group IT Director. Cyber Essentials Plus, IASME Cyber Assurance and ISO 27001 sit with you. UK GDPR compliance sits with you as the group's Data Protection Lead (a non statutory role distinct from a formal DPO appointment). The group's security posture, risk register, incident response and audit defensibility all sit with you. If something has a security or data protection dimension, it lands on your desk first. Security cannot exist in isolation, so you will also run the day to day IT function - line managing the IT Technician, overseeing the helpdesk, vendor stack and infrastructure resilience for around 250 users across three trading entities. Operations exist to deliver a secure platform, not the other way around. IT Project Managers will deliver new systems into the group; you will accept those handovers and operationalise them into BAU only once they meet your security bar. Reporting to the Group IT Director, you will be the security leader the group trusts to keep its people productive, its data protected and its certifications intact through 30% year on year growth. This is more than an IT role. It is about bringing the right energy, accountability and resilience to our mission of saving lives through fire and height safety. Key Responsibilities Own the group's cyber security strategy, posture and risk register - the most senior security accountability in the business below the Group IT Director. Lead all formal security certifications end to end: Cyber Essentials Plus annual recertification, IASME Cyber Assurance alignment and ISO 27001 ISMS - scoping, risk treatment, Statement of Applicability, internal audits, management review and external audit defence. Apply additional frameworks where they strengthen the group's posture - NIST CSF, CIS Controls, NCSC Cyber Assessment Framework - and embed them into operational practice. Act as the group's Data Protection Lead (not a statutory DPO under UK GDPR Article 37) - own UK GDPR and DPA 2018 compliance, ROPA, DPIAs, retention schedules, DSARs, breach notification, processor agreements and supplier due diligence. Run security operations day to day - endpoint protection (Bitdefender GravityZone), conditional access, MFA, identity governance, vulnerability management, and security awareness and phishing simulation programmes via KnowBe4. Lead incident response - triage, containment, recovery, post incident review and reporting, with playbooks kept current and tested. Oversee security across Auro Technology's software stack - IoT device firmware, cloud platforms, mobile and web applications - partnering with the Auro engineering team on secure SDLC, code review, dependency management, secrets handling and product security posture. Act as the security gatekeeper for IT project handovers - accept newly delivered systems from IT Project Managers into BAU only once documentation, monitoring, support runbooks and security controls meet the group's bar. Run vendor and licensing relationships across the IT and security stack - renewals, commercial negotiation and security due diligence on every new supplier before they are onboarded. Run the day to day IT function in service of the security mission - line manage the IT Technician, oversee the Atera helpdesk, own SLAs and personally take the hardest tickets when they have a security dimension. Maintain infrastructure resilience - backups, disaster recovery, business continuity, identity, network and connectivity - owned, documented and tested. Run secure onboarding and offboarding at scale, keeping identity hygiene and asset control airtight as the group grows. Skills, Knowledge and Expertise An A-player mindset - high standards, extreme ownership and the drive to do things properly, the first time. A security professional first and foremost - your career identity is cyber security and information assurance, not IT generalism that happens to include security. Proven track record leading Cyber Essentials Plus and ISO 27001 (or actively driving towards certification) in a real organisation - not a tabletop exercise. Strong working knowledge of UK GDPR and the Data Protection Act 2018, with hands on experience of DSARs, DPIAs, breach response and supplier DPAs. Deep, hands on Microsoft 365 and Entra ID security experience - conditional access, Intune, identity governance, the Defender stack and security baselines. Demonstrable security operations experience - EDR/XDR, vulnerability management, incident response and security awareness programmes. Pragmatic, hands on operator - comfortable running a helpdesk and line managing an IT Technician alongside the security and compliance remit. Confident commercial mindset - budget ownership, vendor negotiation and the ability to challenge supplier security claims with evidence. Excellent written and verbal communication, able to translate technical risk plainly for non technical leadership and field staff. Right to work in the UK and able to travel between London, Yeovil, Chesterfield, Edinburgh and other group sites as required. Recognised certification - CISSP, CISM, ISO 27001 Lead Implementer or Lead Auditor, Microsoft SC 100 / SC 200 / SC 300. IASME Cyber Assurance experience. Formal Data Protection Officer training or qualification (e.g. PC.dp, BCS Practitioner Certificate in Data Protection). Experience in fire safety, construction, manufacturing or field engineering environments. Familiarity with our wider stack - Salesforce, SimPRO, Unleashed, Supabase, Cloudflare, Microsoft Fabric. Hands on experience with KnowBe4 (or equivalent security awareness and phishing simulation platforms). NIST CSF, CIS Controls or NCSC CAF practical experience. Benefits This is a chance to own cyber security and data protection end to end for a three entity group at one of the UK's fastest growing safety specialists - with the autonomy to set the security bar, hold certifications and shape the group's posture as we grow 30% year on year. At Harmony, we ask a lot - and we give a lot back. The hours are real, the standards are high and the work is demanding, but for those who show up, deliver and go the extra mile, the rewards follow. A players here enjoy a competitive salary, a performance bonus tied to successful, on time delivery against roadmap milestones and delivery KPIs, a Personal Development Plan with ongoing training and leadership mentoring, unlimited holiday, private medical insurance, enhanced maternity and paternity, lunch, snacks and refreshments on us every day (fresh fruit and Takeaway Fridays included), a team social budget, cycle to work, an auto enrolment pension, two major company events a year and our Reward and Recognition scheme - including European mini breaks for those who go above and beyond. It is a collaborative, high energy environment focused on doing things the right way - technically, ethically and practically - and none of it is a perk for showing up; it's what we share with the people pulling the business forward. Harmony is an equal opportunity employer. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. We want everyone who works with us to feel valued and to make a difference.
FLBK FUJIFILM Diosynth Biotechnologies UK Limited
Billingham, Yorkshire
Protect identities at global scale. We're hiring a hands on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity based threats across Microsoft Entra ID/Azure AD, on prem Active Directory, and connected SaaS/IaaS. What you'll do Lead identity threat monitoring and triage Operate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign ins, MFA fatigue, and session hijacking Validate true/false positives, prioritize by business impact, and expedite per playbooks/SLAs Drive rapid containment and remediation Execute containment actions (disable accounts, revoke sessions/tokens, isolate hosts) Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closure Own identity focused incident response; lead IR for credential compromise, privilege escalation, directory persistence, and lateral movement Ensure evidence handling, root cause analysis, post incident reviews, and lessons learned Engineer detections and hunt for threats Build and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CK Close visibility gaps, reduce false positives, and expand privileged activity monitoring Strengthen privileged access controls; detect anomalous privileged behavior via SIEM/UEBA and Netskope telemetry Recommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAM Respond to dark web/credential exposure; integrate sources like CyberInt; assess exposure and targeted campaigns Orchestrate takedowns, forced resets, token revocation, and Conditional Access updates Administer platforms and sustain hygiene; maintain coverage/health for identity monitoring; manage upgrades and changes via CAB Keep operational runbooks, SOPs, and playbooks current Automate and orchestrate at scale using PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) Shape identity policy and controls; advise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAM Report outcomes and support audits; produce executive ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time) Maintain audit ready evidence and support internal/external audits What you'll bring Bachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience 8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on prem AD, MFA, Conditional Access, SSO/SCIM) Hands on enterprise experience administering/operating CrowdStrike Identity Protection Proficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigations Demonstrated experience in identity centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma) Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOAR Clear communication and documentation skills; comfortable producing executive ready reports and audit evidence Operates effectively within change control/CAB and under pressure during high severity incidents Bonus points Certifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalent Deep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow) Experience with JIT/JEA, PAM concepts, and global on call rotations Location, work style, and travel Opportunities in the United States, United Kingdom, and Denmark. Onsite or hybrid depending on location and business needs. Occasional on call coverage may be required. Why you'll love it here Own a mission critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygiene Solve complex problems from dark web exposure to directory persistence and lateral movement Collaborate with experienced global teams and leading vendors to continuously raise the bar Grow your career in a modern, data driven security operations environment Benefits and compensation will be governed by the location where you are based and considered your home site. This is a global position that will support all our FUJIFILM Biotechnologies sites.
20/06/2026
Full time
Protect identities at global scale. We're hiring a hands on Senior Identity Protection Engineer/Specialist to lead detection, investigation, and response for identity based threats across Microsoft Entra ID/Azure AD, on prem Active Directory, and connected SaaS/IaaS. What you'll do Lead identity threat monitoring and triage Operate and tune CrowdStrike Identity Protection; monitor SIEM/UEBA and identity telemetry for risks like impossible travel, atypical sign ins, MFA fatigue, and session hijacking Validate true/false positives, prioritize by business impact, and expedite per playbooks/SLAs Drive rapid containment and remediation Execute containment actions (disable accounts, revoke sessions/tokens, isolate hosts) Coordinate remediation with IAM/Endpoint/Infrastructure; verify risk reduction to closure Own identity focused incident response; lead IR for credential compromise, privilege escalation, directory persistence, and lateral movement Ensure evidence handling, root cause analysis, post incident reviews, and lessons learned Engineer detections and hunt for threats Build and refine detections and hunts across SIEM/EDR/identity platforms using KQL/SQL/regex/Sigma aligned to MITRE ATT&CK Close visibility gaps, reduce false positives, and expand privileged activity monitoring Strengthen privileged access controls; detect anomalous privileged behavior via SIEM/UEBA and Netskope telemetry Recommend/enforce JIT, break glass patterns, and mover/leaver privilege hygiene with IAM Respond to dark web/credential exposure; integrate sources like CyberInt; assess exposure and targeted campaigns Orchestrate takedowns, forced resets, token revocation, and Conditional Access updates Administer platforms and sustain hygiene; maintain coverage/health for identity monitoring; manage upgrades and changes via CAB Keep operational runbooks, SOPs, and playbooks current Automate and orchestrate at scale using PowerShell/Python and REST/Graph/CrowdStrike APIs (and SOAR where applicable) Shape identity policy and controls; advise on Conditional Access, MFA exceptions, SSO/SCIM patterns, and session controls under the shared responsibility model with IAM Report outcomes and support audits; produce executive ready dashboards and KPIs (identity incident volume, MTTD/MTTR, CA/MFA efficacy, exposure/takedown cycle time) Maintain audit ready evidence and support internal/external audits What you'll bring Bachelor's degree in Cybersecurity, Computer Science, IT, or related field; or equivalent practical experience 8+ years in IT/cybersecurity, including 3+ years focused on identity security/operations (Entra ID/Azure AD, on prem AD, MFA, Conditional Access, SSO/SCIM) Hands on enterprise experience administering/operating CrowdStrike Identity Protection Proficiency with SIEM/UEBA (Splunk preferred) and cloud security platforms (e.g., Netskope) for identity telemetry, detection, and investigations Demonstrated experience in identity centric IR, threat hunting, and detection engineering (KQL/SQL/regex/Sigma) Scripting/automation with PowerShell and Python; experience with REST/Graph/CrowdStrike APIs and SOAR Clear communication and documentation skills; comfortable producing executive ready reports and audit evidence Operates effectively within change control/CAB and under pressure during high severity incidents Bonus points Certifications: Microsoft SC 200/SC 300; Okta Certified Administrator/Professional; CISSP, SSCP, Security+; GIAC (GMON, GCIH, GCDA) or equivalent Deep knowledge of identity attack paths and protocols (Kerberos/NTLM), token/session abuse, and persistence techniques (e.g., Golden/Silver Ticket, DCShadow) Experience with JIT/JEA, PAM concepts, and global on call rotations Location, work style, and travel Opportunities in the United States, United Kingdom, and Denmark. Onsite or hybrid depending on location and business needs. Occasional on call coverage may be required. Why you'll love it here Own a mission critical identity defense stack and make measurable impact on MTTD/MTTR and privilege hygiene Solve complex problems from dark web exposure to directory persistence and lateral movement Collaborate with experienced global teams and leading vendors to continuously raise the bar Grow your career in a modern, data driven security operations environment Benefits and compensation will be governed by the location where you are based and considered your home site. This is a global position that will support all our FUJIFILM Biotechnologies sites.
The role As Helsing's IT Support Lead, you will own the day to day delivery, performance, and experience of IT support across our European offices. You'll lead a distributed team of IT Support staff covering on site, on call, and triage responsibilities, making sure every Helsing employee gets fast, high quality help, and that every ticket improves our service the next time around. You will be hands on with Jira Service Management, fluent in using data to drive decisions, and an early adopter of AI agents and automation to scale the team's impact without scaling headcount linearly. You'll set the standard for what great internal IT feels like at Helsing for both the staff we support and the IT engineers doing the supporting directly enabling the engineers, AI specialists, and program managers building capabilities that protect our democracies. The day to day Own the daily operating rhythm of IT Support: ticket prioritisation, queue health, SLAs, and ensuring the right issues are being worked on by the right people at the right time. Lead, coach, and develop a distributed team of IT Support Engineers across the UK and Germany, including on site staff, triage, and on call rotations. Design and manage rotas; on call, triage, and site coverage. Balancing fairness, coverage, and team wellbeing across multiple offices and time zones. Own IT's Jira Service Management as a product: queues, request types, workflows, automation rules, SLAs, forms, customer portals, and reporting. Define, maintain, and continuously improve escalation paths between L1/L2/L3 support, IT Engineering, Security, and external vendors, including clear ownership, response expectations, and communication standards during major incidents. Build and own the IT Support performance reporting layer: dashboards, KPIs (CSAT, time to resolution, first contact resolution, backlog age, escalation rates), trend analysis, and regular reporting to IT leadership and the wider business. Identify and deploy AI agents and automation (within Jira, M365, and our wider toolchain) to deflect repetitive tickets, accelerate triage, draft responses, and surface insights from ticket data. Continuously raise the bar on the end user support experience. Clear comms, fast resolutions, great self service, and a polished, consistent feel across every interaction. Equally raise the bar on the IT staff experience. Better tooling, clearer runbooks, sensible on call load, meaningful career growth, and protection from avoidable toil. Partner with IT Engineering to turn recurring issues into permanent fixes and with Security to ensure support processes meet our compliance and audit obligations. Own and evolve our internal IT knowledge base, runbooks, and self service content. You should apply if you Have 5+ years of experience in IT Support, including 2+ years leading or managing a support team in a fast paced environment. Are highly proficient with Jira Service Management, comfortable designing workflows, automations, SLAs, queues, and reporting, not just using them. Have a strong, demonstrable track record of running support as a data driven function, defining the right KPIs, building dashboards, and using metrics to drive real operational improvements. Have hands on experience deploying AI agents, chatbots, or automation to improve ticket deflection, triage, or response quality. Have managed rotas across on call, triage, and on site responsibilities, ideally across multiple locations or time zones. Have designed and operated clear escalation processes, including major incident handling and cross team coordination. Bring a customer first mindset paired with strong operational discipline - you care equally about user experience and team health. Are a strong communicator who can translate between end users, IT engineers, security, and senior leadership. Your personal values match ours: ownership, initiative, dedication to mission, speed, and inclusiveness. Feel strongly about the right of democracies to defend their sovereignty through the fielding of capabilities that bolster deterrence and decisive action. Nice to Have Experience administering Jira Service Management at scale, including integrations with Slack, M365, identity providers, and MDM tooling. Experience with AI tooling such as Atlassian Intelligence, Microsoft Copilot, or custom LLM based agents in a support context. Familiarity with ITIL or similar service management frameworks - used pragmatically, not dogmatically. Hands on background supporting macOS, Windows, iOS, M365 (Entra ID, Exchange, SharePoint), and MDM tools like Intune, Jamf, or JumpCloud. Experience working in a regulated environment (defence, government, finance) with associated audit and compliance requirements. Experience scaling an IT Support function inside a fast growing engineering organisation. Join Helsing and work with world leading experts in their fields Helsing's work is important. You'll be directly contributing to the protection of democratic countries while balancing both ethical and geopolitical concerns. The work is unique. We operate in a domain that has highly unusual technical requirements and constraints, and where robustness, safety, and ethical considerations are vital. You will face unique Engineering and AI challenges that make a meaningful impact in the world. Our work frequently takes us right up to the state of the art in technical innovation, be it reinforcement learning, distributed systems, generative AI, or deployment infrastructure. The defence industry is entering the most exciting phase of the technological development curve. Advances in our field are not incremental: Helsing is part of, and often leading, historic leaps forward. In our domain, success is a matter of order of magnitude improvements and novel capabilities. This means we take bets, aim high, and focus on big opportunities. Despite being a relatively young company, Helsing has already been selected for multiple significant government contracts. We actively encourage healthy, proactive, and diverse debate internally about what we do and how we choose to do it. Teams and individual engineers are trusted (and encouraged) to practise responsible autonomy and critical thinking, and to focus on outcomes, not conformity. At Helsing you will have a say in how we (and you!) work, the opportunity to engage on what does and doesn't work, and to take ownership of aspects of our culture that you care deeply about. What we offer Competitive salary and VSOP options Relocation support: up to €2,500 and 4 weeks temporary accommodation Learning: €500/£450 yearly allowance Health & wellness: gym membership and mental health support (Nilo.health) Social: regular company events and monthly social allowances Enhanced parental leave: 22 weeks fully paid for primary caregivers & 6 weeks for secondary caregivers Family support: 5 days of paid family emergency leave, 100% remote work option during pregnancy and phased return to work A hands on onboarding program (affectionately labelled "Infraduction"), in which you will be building tooling and applications to be used across the company. This is your opportunity to learn our tech stack, explore the company, and learn how we get things done - all whilst working with other engineering teams from day one (Specifically for engineering and AI). These are the core benefits across all locations, there may be additional benefits in certain locations. Equal Opportunity Employer Helsing is an equal opportunities employer. We are committed to equal employment opportunity regardless of race, religion, sexual orientation, age, marital status, disability or gender identity. Please do not submit personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning your health, or data concerning your sexual orientation. Helsing's Candidate Privacy and Confidentiality Regime can be found here.
18/06/2026
Full time
The role As Helsing's IT Support Lead, you will own the day to day delivery, performance, and experience of IT support across our European offices. You'll lead a distributed team of IT Support staff covering on site, on call, and triage responsibilities, making sure every Helsing employee gets fast, high quality help, and that every ticket improves our service the next time around. You will be hands on with Jira Service Management, fluent in using data to drive decisions, and an early adopter of AI agents and automation to scale the team's impact without scaling headcount linearly. You'll set the standard for what great internal IT feels like at Helsing for both the staff we support and the IT engineers doing the supporting directly enabling the engineers, AI specialists, and program managers building capabilities that protect our democracies. The day to day Own the daily operating rhythm of IT Support: ticket prioritisation, queue health, SLAs, and ensuring the right issues are being worked on by the right people at the right time. Lead, coach, and develop a distributed team of IT Support Engineers across the UK and Germany, including on site staff, triage, and on call rotations. Design and manage rotas; on call, triage, and site coverage. Balancing fairness, coverage, and team wellbeing across multiple offices and time zones. Own IT's Jira Service Management as a product: queues, request types, workflows, automation rules, SLAs, forms, customer portals, and reporting. Define, maintain, and continuously improve escalation paths between L1/L2/L3 support, IT Engineering, Security, and external vendors, including clear ownership, response expectations, and communication standards during major incidents. Build and own the IT Support performance reporting layer: dashboards, KPIs (CSAT, time to resolution, first contact resolution, backlog age, escalation rates), trend analysis, and regular reporting to IT leadership and the wider business. Identify and deploy AI agents and automation (within Jira, M365, and our wider toolchain) to deflect repetitive tickets, accelerate triage, draft responses, and surface insights from ticket data. Continuously raise the bar on the end user support experience. Clear comms, fast resolutions, great self service, and a polished, consistent feel across every interaction. Equally raise the bar on the IT staff experience. Better tooling, clearer runbooks, sensible on call load, meaningful career growth, and protection from avoidable toil. Partner with IT Engineering to turn recurring issues into permanent fixes and with Security to ensure support processes meet our compliance and audit obligations. Own and evolve our internal IT knowledge base, runbooks, and self service content. You should apply if you Have 5+ years of experience in IT Support, including 2+ years leading or managing a support team in a fast paced environment. Are highly proficient with Jira Service Management, comfortable designing workflows, automations, SLAs, queues, and reporting, not just using them. Have a strong, demonstrable track record of running support as a data driven function, defining the right KPIs, building dashboards, and using metrics to drive real operational improvements. Have hands on experience deploying AI agents, chatbots, or automation to improve ticket deflection, triage, or response quality. Have managed rotas across on call, triage, and on site responsibilities, ideally across multiple locations or time zones. Have designed and operated clear escalation processes, including major incident handling and cross team coordination. Bring a customer first mindset paired with strong operational discipline - you care equally about user experience and team health. Are a strong communicator who can translate between end users, IT engineers, security, and senior leadership. Your personal values match ours: ownership, initiative, dedication to mission, speed, and inclusiveness. Feel strongly about the right of democracies to defend their sovereignty through the fielding of capabilities that bolster deterrence and decisive action. Nice to Have Experience administering Jira Service Management at scale, including integrations with Slack, M365, identity providers, and MDM tooling. Experience with AI tooling such as Atlassian Intelligence, Microsoft Copilot, or custom LLM based agents in a support context. Familiarity with ITIL or similar service management frameworks - used pragmatically, not dogmatically. Hands on background supporting macOS, Windows, iOS, M365 (Entra ID, Exchange, SharePoint), and MDM tools like Intune, Jamf, or JumpCloud. Experience working in a regulated environment (defence, government, finance) with associated audit and compliance requirements. Experience scaling an IT Support function inside a fast growing engineering organisation. Join Helsing and work with world leading experts in their fields Helsing's work is important. You'll be directly contributing to the protection of democratic countries while balancing both ethical and geopolitical concerns. The work is unique. We operate in a domain that has highly unusual technical requirements and constraints, and where robustness, safety, and ethical considerations are vital. You will face unique Engineering and AI challenges that make a meaningful impact in the world. Our work frequently takes us right up to the state of the art in technical innovation, be it reinforcement learning, distributed systems, generative AI, or deployment infrastructure. The defence industry is entering the most exciting phase of the technological development curve. Advances in our field are not incremental: Helsing is part of, and often leading, historic leaps forward. In our domain, success is a matter of order of magnitude improvements and novel capabilities. This means we take bets, aim high, and focus on big opportunities. Despite being a relatively young company, Helsing has already been selected for multiple significant government contracts. We actively encourage healthy, proactive, and diverse debate internally about what we do and how we choose to do it. Teams and individual engineers are trusted (and encouraged) to practise responsible autonomy and critical thinking, and to focus on outcomes, not conformity. At Helsing you will have a say in how we (and you!) work, the opportunity to engage on what does and doesn't work, and to take ownership of aspects of our culture that you care deeply about. What we offer Competitive salary and VSOP options Relocation support: up to €2,500 and 4 weeks temporary accommodation Learning: €500/£450 yearly allowance Health & wellness: gym membership and mental health support (Nilo.health) Social: regular company events and monthly social allowances Enhanced parental leave: 22 weeks fully paid for primary caregivers & 6 weeks for secondary caregivers Family support: 5 days of paid family emergency leave, 100% remote work option during pregnancy and phased return to work A hands on onboarding program (affectionately labelled "Infraduction"), in which you will be building tooling and applications to be used across the company. This is your opportunity to learn our tech stack, explore the company, and learn how we get things done - all whilst working with other engineering teams from day one (Specifically for engineering and AI). These are the core benefits across all locations, there may be additional benefits in certain locations. Equal Opportunity Employer Helsing is an equal opportunities employer. We are committed to equal employment opportunity regardless of race, religion, sexual orientation, age, marital status, disability or gender identity. Please do not submit personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning your health, or data concerning your sexual orientation. Helsing's Candidate Privacy and Confidentiality Regime can be found here.
Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities. The role is to provide senior, low-latency systems and application framework engineering (skilled in Java, C++ , Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA ) team. The team require a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization are a high skilled enablement group of Subject Matter experts - who produce application frameworks and engage with application engineers to enable application Modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities include (but not limited to): 90% hands on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems Provide world class expertise in area of Java low latency development. Utilize advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals Consult with end users to identify system function specifications and incorporate into overall system design Influence and negotiate with senior leaders and communicate with external parties Happy to work with and educate and support/mentor Junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development In-depth experience with Algorithmic Trading application development, preferably in low latency environment Detailed comprehension and experience with Market Data handling and associated technologies (such as time-series databases e.g. KDB) Demonstrated leadership, project management, and development skills Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux Operating system, system calls and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills Nice to have Background in C++ This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resources Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review. Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
18/06/2026
Full time
Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities. The role is to provide senior, low-latency systems and application framework engineering (skilled in Java, C++ , Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA ) team. The team require a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization are a high skilled enablement group of Subject Matter experts - who produce application frameworks and engage with application engineers to enable application Modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities include (but not limited to): 90% hands on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems Provide world class expertise in area of Java low latency development. Utilize advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals Consult with end users to identify system function specifications and incorporate into overall system design Influence and negotiate with senior leaders and communicate with external parties Happy to work with and educate and support/mentor Junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development In-depth experience with Algorithmic Trading application development, preferably in low latency environment Detailed comprehension and experience with Market Data handling and associated technologies (such as time-series databases e.g. KDB) Demonstrated leadership, project management, and development skills Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux Operating system, system calls and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills Nice to have Background in C++ This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resources Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review. Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
Job Description: JOB TITLE: Active Directory Support Specialist LOCATION: Client Site Aldermaston - Onsite 5 days per week (occasional WFH possible) SECURITY CLEARANCE: DV or willing to undergo DV vetting ROLE OVERVIEW: The Active Directory Specialist plays a pivotal role in supporting, maintaining, and enhancing a complex hybrid identity services environment that spans both On Prem Active Directory and Entra (Azure Active Directory). Operating within a high security, fast paced public sector setting, the role requires delivering expert 2nd/3rd line technical support while also contributing to long term service transformation, infrastructure modernisation, and operational automation initiatives.You will work at the centre of enterprise identity and access management, ensuring stability, security, and performance across critical directory services including AD DS, Group Policy, ADFS, AD Connect, PKI, and a broad range of supporting technologies. This includes managing domain controllers, maintaining DNS/DHCP integrity, overseeing Group Policy design and deployment (including AGPM), and supporting authentication and federation services across tightly controlled environments. The role is highly technical and demands rigorous troubleshooting skills, deep protocol-level understanding, and the ability to diagnose complex issues across interconnected systems and multi layered identity architectures.In addition to BAU service delivery, the Active Directory Specialist contributes significantly to project work, including design and installation of new systems, obsolescence remediation, configuration enhancements, and security driven platform improvements. You will collaborate closely with architects, service leads, and project managers to define, document, and implement scalable solutions using industry best practices, Microsoft security models, and modern automation approaches. The role supports both Agile and ITIL Continuous Service Improvement principles, ensuring that new workflows, processes, and service models are structured, resilient, and aligned to evolving business and security requirements.A major element of the role is maintaining a strong customer focused mindset. You will be expected to work directly with customer representatives, internal DXC teams, and senior IT leadership to communicate technical challenges, propose solutions, and build trust-driven relationships. This demands excellent communication skills, documentation capabilities, and the confidence to work independently without direct supervision. You will use enterprise knowledge tools, share expertise within the engineering community, and contribute to a culture of continuous learning and improvement.The position requires adaptability, initiative, and a willingness to innovate-identifying opportunities to automate, optimise, and modernise identity services to ensure long term platform stability and compliance. The Active Directory Specialist must also be committed to maintaining the highest security standards, particularly within environments requiring DV-level clearance, where meticulous attention to detail and adherence to strict operational controls are fundamental.Overall, this is a strategically significant role that blends deep technical expertise with collaborative delivery, solution design, and continuous improvement-ensuring the organisation's hybrid identity ecosystem remains secure, modern, and highly available. KEY RESPONSIBILITIES: Administer and maintain hybrid identity infrastructures across on prem Active Directory and Azure Active Directory (Entra ID), ensuring secure, reliable authentication and directory services. Troubleshoot and optimise identity platforms including AD, ADFS, Azure AD Connect/Sync, Entra ID, and LDAP, resolving complex federation, synchronisation, and authentication issues. Lead Group Policy lifecycle management, including design, implementation, and controlled deployment using AGPM to ensure consistent and secure configuration baselines. Manage core AD infrastructure components such as Domain Controllers, FSMO roles, DNS, DHCP, Sites & Services, ensuring resilience, correct topology, and high availability. Implement and enforce Azure AD security controls, including RBAC, Conditional Access, MFA, Identity Protection, PIM, and other Zero Trust aligned safeguards. Support Azure-based platforms including Azure Virtual Desktop, Azure Storage, and policy-driven automation using PowerShell to streamline operational tasks. Administer and support Windows Server environments (2016 through 2025), ensuring proper patching, performance, and service reliability. Manage Public Key Infrastructure (PKI) and certificate-based authentication, including lifecycle operations, template management, and secure issuance practices. Support and maintain Virtualisation Platforms in conjunction with Active Directory and domain architecture best practices. Contribute to the design and delivery of identity and infrastructure solutions, including installation, configuration, optimisation, and continuous service improvement initiatives. Produce comprehensive technical documentation, including HLDs, LLDs, operational guides, runbooks, and service model documentation for internal and customer use. Work within Agile and ITIL-aligned processes to drive continuous improvement, operational consistency, and service excellence. Deliver clear communication and exceptional customer service, supporting both technical and non-technical stakeholders in resolving identity and access-related issues. Configure and support enterprise integrations, including Azure Enterprise Applications, ADFS-integrated services, Single Sign-On (SSO), and user/application provisioning for SaaS and PaaS platforms. ESSENTIAL SKILLS & EXPERIENCE: 5+ years supporting hybrid AD (On Prem & Azure AD) in enterprise environments. Deep knowledge of Group Policy (inc. AGPM), ADFS, AD Connect, and LDAP. Strong grasp of Azure AD security (RBAC, Conditional Access, MFA, PIM). Proficiency across Windows Server 2016/2019/2022 (benefit: legacy familiarity from 2003+), DNS/DHCP, DFS, clustering, and Windows PKI. Operational excellence with Domain Controllers and FSMO role management. Azure PowerShell scripting for automation and support. Experience with O365/Exchange Online and Endpoint Management in identity related contexts. Strong documentation and communication skills; confident working directly with senior customer stakeholders. Familiarity with ServiceNow (Incidents, Requests, Change, Reporting). DESIRABLE SKILLS: Azure DevOps, IaC (ARM/Bicep), CI/CD pipelines; exposure to containers/Kubernetes. Azure Virtual Desktop (WVD/AVD) (Nerdio beneficial), Azure Monitoring and Log Analytics. Broader systems knowledge: SCCM, WSUS, SCOM, AGPM, Lumensions. Understanding of the Microsoft Tiered Administration Model and enterprise segmentation.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available .
18/06/2026
Full time
Job Description: JOB TITLE: Active Directory Support Specialist LOCATION: Client Site Aldermaston - Onsite 5 days per week (occasional WFH possible) SECURITY CLEARANCE: DV or willing to undergo DV vetting ROLE OVERVIEW: The Active Directory Specialist plays a pivotal role in supporting, maintaining, and enhancing a complex hybrid identity services environment that spans both On Prem Active Directory and Entra (Azure Active Directory). Operating within a high security, fast paced public sector setting, the role requires delivering expert 2nd/3rd line technical support while also contributing to long term service transformation, infrastructure modernisation, and operational automation initiatives.You will work at the centre of enterprise identity and access management, ensuring stability, security, and performance across critical directory services including AD DS, Group Policy, ADFS, AD Connect, PKI, and a broad range of supporting technologies. This includes managing domain controllers, maintaining DNS/DHCP integrity, overseeing Group Policy design and deployment (including AGPM), and supporting authentication and federation services across tightly controlled environments. The role is highly technical and demands rigorous troubleshooting skills, deep protocol-level understanding, and the ability to diagnose complex issues across interconnected systems and multi layered identity architectures.In addition to BAU service delivery, the Active Directory Specialist contributes significantly to project work, including design and installation of new systems, obsolescence remediation, configuration enhancements, and security driven platform improvements. You will collaborate closely with architects, service leads, and project managers to define, document, and implement scalable solutions using industry best practices, Microsoft security models, and modern automation approaches. The role supports both Agile and ITIL Continuous Service Improvement principles, ensuring that new workflows, processes, and service models are structured, resilient, and aligned to evolving business and security requirements.A major element of the role is maintaining a strong customer focused mindset. You will be expected to work directly with customer representatives, internal DXC teams, and senior IT leadership to communicate technical challenges, propose solutions, and build trust-driven relationships. This demands excellent communication skills, documentation capabilities, and the confidence to work independently without direct supervision. You will use enterprise knowledge tools, share expertise within the engineering community, and contribute to a culture of continuous learning and improvement.The position requires adaptability, initiative, and a willingness to innovate-identifying opportunities to automate, optimise, and modernise identity services to ensure long term platform stability and compliance. The Active Directory Specialist must also be committed to maintaining the highest security standards, particularly within environments requiring DV-level clearance, where meticulous attention to detail and adherence to strict operational controls are fundamental.Overall, this is a strategically significant role that blends deep technical expertise with collaborative delivery, solution design, and continuous improvement-ensuring the organisation's hybrid identity ecosystem remains secure, modern, and highly available. KEY RESPONSIBILITIES: Administer and maintain hybrid identity infrastructures across on prem Active Directory and Azure Active Directory (Entra ID), ensuring secure, reliable authentication and directory services. Troubleshoot and optimise identity platforms including AD, ADFS, Azure AD Connect/Sync, Entra ID, and LDAP, resolving complex federation, synchronisation, and authentication issues. Lead Group Policy lifecycle management, including design, implementation, and controlled deployment using AGPM to ensure consistent and secure configuration baselines. Manage core AD infrastructure components such as Domain Controllers, FSMO roles, DNS, DHCP, Sites & Services, ensuring resilience, correct topology, and high availability. Implement and enforce Azure AD security controls, including RBAC, Conditional Access, MFA, Identity Protection, PIM, and other Zero Trust aligned safeguards. Support Azure-based platforms including Azure Virtual Desktop, Azure Storage, and policy-driven automation using PowerShell to streamline operational tasks. Administer and support Windows Server environments (2016 through 2025), ensuring proper patching, performance, and service reliability. Manage Public Key Infrastructure (PKI) and certificate-based authentication, including lifecycle operations, template management, and secure issuance practices. Support and maintain Virtualisation Platforms in conjunction with Active Directory and domain architecture best practices. Contribute to the design and delivery of identity and infrastructure solutions, including installation, configuration, optimisation, and continuous service improvement initiatives. Produce comprehensive technical documentation, including HLDs, LLDs, operational guides, runbooks, and service model documentation for internal and customer use. Work within Agile and ITIL-aligned processes to drive continuous improvement, operational consistency, and service excellence. Deliver clear communication and exceptional customer service, supporting both technical and non-technical stakeholders in resolving identity and access-related issues. Configure and support enterprise integrations, including Azure Enterprise Applications, ADFS-integrated services, Single Sign-On (SSO), and user/application provisioning for SaaS and PaaS platforms. ESSENTIAL SKILLS & EXPERIENCE: 5+ years supporting hybrid AD (On Prem & Azure AD) in enterprise environments. Deep knowledge of Group Policy (inc. AGPM), ADFS, AD Connect, and LDAP. Strong grasp of Azure AD security (RBAC, Conditional Access, MFA, PIM). Proficiency across Windows Server 2016/2019/2022 (benefit: legacy familiarity from 2003+), DNS/DHCP, DFS, clustering, and Windows PKI. Operational excellence with Domain Controllers and FSMO role management. Azure PowerShell scripting for automation and support. Experience with O365/Exchange Online and Endpoint Management in identity related contexts. Strong documentation and communication skills; confident working directly with senior customer stakeholders. Familiarity with ServiceNow (Incidents, Requests, Change, Reporting). DESIRABLE SKILLS: Azure DevOps, IaC (ARM/Bicep), CI/CD pipelines; exposure to containers/Kubernetes. Azure Virtual Desktop (WVD/AVD) (Nerdio beneficial), Azure Monitoring and Log Analytics. Broader systems knowledge: SCCM, WSUS, SCOM, AGPM, Lumensions. Understanding of the Microsoft Tiered Administration Model and enterprise segmentation.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available .
Job Description: Active Directory Specialist - Job Specification JOB TITLE: Active Directory Support Specialist LOCATION: Client Site (Aldermaston) - Onsite 5 days per week (occasional WFH possible) SECURITY CLEARANCE: DV or willing to undergo DV vetting ROLE OVERVIEW: The Active Directory Specialist plays a pivotal role in supporting, maintaining, and enhancing a complex hybrid identity services environment that spans both On Prem Active Directory and Entra (Azure Active Directory). Operating within a high security, fast paced public sector setting, the role requires delivering expert 2nd/3rd line technical support while also contributing to long term service transformation, infrastructure modernisation, and operational automation initiatives.You will work at the centre of enterprise identity and access management, ensuring stability, security, and performance across critical directory services including AD DS, Group Policy, ADFS, AD Connect, PKI, and a broad range of supporting technologies. This includes managing domain controllers, maintaining DNS/DHCP integrity, overseeing Group Policy design and deployment (including AGPM), and supporting authentication and federation services across tightly controlled environments. The role is highly technical and demands rigorous troubleshooting skills, deep protocol-level understanding, and the ability to diagnose complex issues across interconnected systems and multi layered identity architectures.In addition to BAU service delivery, the Active Directory Specialist contributes significantly to project work, including design and installation of new systems, obsolescence remediation, configuration enhancements, and security driven platform improvements. You will collaborate closely with architects, service leads, and project managers to define, document, and implement scalable solutions using industry best practices, Microsoft security models, and modern automation approaches. The role supports both Agile and ITIL Continuous Service Improvement principles, ensuring that new workflows, processes, and service models are structured, resilient, and aligned to evolving business and security requirements.A major element of the role is maintaining a strong customer focused mindset. You will be expected to work directly with customer representatives, internal DXC teams, and senior IT leadership to communicate technical challenges, propose solutions, and build trust-driven relationships. This demands excellent communication skills, documentation capabilities, and the confidence to work independently without direct supervision. You will use enterprise knowledge tools, share expertise within the engineering community, and contribute to a culture of continuous learning and improvement.The position requires adaptability, initiative, and a willingness to innovate-identifying opportunities to automate, optimise, and modernise identity services to ensure long term platform stability and compliance. The Active Directory Specialist must also be committed to maintaining the highest security standards, particularly within environments requiring DV-level clearance, where meticulous attention to detail and adherence to strict operational controls are fundamental.Overall, this is a strategically significant role that blends deep technical expertise with collaborative delivery, solution design, and continuous improvement-ensuring the organisation's hybrid identity ecosystem remains secure, modern, and highly available. KEY RESPONSIBILITIES: Administer and maintain hybrid identity infrastructures across on prem Active Directory and Azure Active Directory (Entra ID), ensuring secure, reliable authentication and directory services. Troubleshoot and optimise identity platforms including AD, ADFS, Azure AD Connect/Sync, Entra ID, and LDAP, resolving complex federation, synchronisation, and authentication issues. Lead Group Policy lifecycle management, including design, implementation, and controlled deployment using AGPM to ensure consistent and secure configuration baselines. Manage core AD infrastructure components such as Domain Controllers, FSMO roles, DNS, DHCP, Sites & Services, ensuring resilience, correct topology, and high availability. Implement and enforce Azure AD security controls, including RBAC, Conditional Access, MFA, Identity Protection, PIM, and other Zero Trust aligned safeguards. Support Azure-based platforms including Azure Virtual Desktop, Azure Storage, and policy-driven automation using PowerShell to streamline operational tasks. Administer and support Windows Server environments (2016 through 2025), ensuring proper patching, performance, and service reliability. Manage Public Key Infrastructure (PKI) and certificate-based authentication, including lifecycle operations, template management, and secure issuance practices. Support and maintain Virtualisation Platforms in conjunction with Active Directory and domain architecture best practices. Contribute to the design and delivery of identity and infrastructure solutions, including installation, configuration, optimisation, and continuous service improvement initiatives. Produce comprehensive technical documentation, including HLDs, LLDs, operational guides, runbooks, and service model documentation for internal and customer use. Work within Agile and ITIL-aligned processes to drive continuous improvement, operational consistency, and service excellence. Deliver clear communication and exceptional customer service, supporting both technical and non-technical stakeholders in resolving identity and access-related issues. Configure and support enterprise integrations, including Azure Enterprise Applications, ADFS-integrated services, Single Sign-On (SSO), and user/application provisioning for SaaS and PaaS platforms. ESSENTIAL SKILLS & EXPERIENCE: 5+ years supporting hybrid AD (On Prem & Azure AD) in enterprise environments. Deep knowledge of Group Policy (inc. AGPM), ADFS, AD Connect, and LDAP. Strong grasp of Azure AD security (RBAC, Conditional Access, MFA, PIM). Proficiency across Windows Server 2016/2019/2022 (benefit: legacy familiarity from 2003+), DNS/DHCP, DFS, clustering, and Windows PKI. Operational excellence with Domain Controllers and FSMO role management. Azure PowerShell scripting for automation and support. Experience with O365/Exchange Online and Endpoint Management in identity related contexts. Strong documentation and communication skills; confident working directly with senior customer stakeholders. Familiarity with ServiceNow (Incidents, Requests, Change, Reporting). DESIRABLE SKILLS: Azure DevOps, IaC (ARM/Bicep), CI/CD pipelines; exposure to containers/Kubernetes. Azure Virtual Desktop (WVD/AVD) (Nerdio beneficial), Azure Monitoring and Log Analytics. Broader systems knowledge: SCCM, WSUS, SCOM, AGPM, Lumensions. Understanding of the Microsoft Tiered Administration Model and enterprise segmentation.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams
18/06/2026
Full time
Job Description: Active Directory Specialist - Job Specification JOB TITLE: Active Directory Support Specialist LOCATION: Client Site (Aldermaston) - Onsite 5 days per week (occasional WFH possible) SECURITY CLEARANCE: DV or willing to undergo DV vetting ROLE OVERVIEW: The Active Directory Specialist plays a pivotal role in supporting, maintaining, and enhancing a complex hybrid identity services environment that spans both On Prem Active Directory and Entra (Azure Active Directory). Operating within a high security, fast paced public sector setting, the role requires delivering expert 2nd/3rd line technical support while also contributing to long term service transformation, infrastructure modernisation, and operational automation initiatives.You will work at the centre of enterprise identity and access management, ensuring stability, security, and performance across critical directory services including AD DS, Group Policy, ADFS, AD Connect, PKI, and a broad range of supporting technologies. This includes managing domain controllers, maintaining DNS/DHCP integrity, overseeing Group Policy design and deployment (including AGPM), and supporting authentication and federation services across tightly controlled environments. The role is highly technical and demands rigorous troubleshooting skills, deep protocol-level understanding, and the ability to diagnose complex issues across interconnected systems and multi layered identity architectures.In addition to BAU service delivery, the Active Directory Specialist contributes significantly to project work, including design and installation of new systems, obsolescence remediation, configuration enhancements, and security driven platform improvements. You will collaborate closely with architects, service leads, and project managers to define, document, and implement scalable solutions using industry best practices, Microsoft security models, and modern automation approaches. The role supports both Agile and ITIL Continuous Service Improvement principles, ensuring that new workflows, processes, and service models are structured, resilient, and aligned to evolving business and security requirements.A major element of the role is maintaining a strong customer focused mindset. You will be expected to work directly with customer representatives, internal DXC teams, and senior IT leadership to communicate technical challenges, propose solutions, and build trust-driven relationships. This demands excellent communication skills, documentation capabilities, and the confidence to work independently without direct supervision. You will use enterprise knowledge tools, share expertise within the engineering community, and contribute to a culture of continuous learning and improvement.The position requires adaptability, initiative, and a willingness to innovate-identifying opportunities to automate, optimise, and modernise identity services to ensure long term platform stability and compliance. The Active Directory Specialist must also be committed to maintaining the highest security standards, particularly within environments requiring DV-level clearance, where meticulous attention to detail and adherence to strict operational controls are fundamental.Overall, this is a strategically significant role that blends deep technical expertise with collaborative delivery, solution design, and continuous improvement-ensuring the organisation's hybrid identity ecosystem remains secure, modern, and highly available. KEY RESPONSIBILITIES: Administer and maintain hybrid identity infrastructures across on prem Active Directory and Azure Active Directory (Entra ID), ensuring secure, reliable authentication and directory services. Troubleshoot and optimise identity platforms including AD, ADFS, Azure AD Connect/Sync, Entra ID, and LDAP, resolving complex federation, synchronisation, and authentication issues. Lead Group Policy lifecycle management, including design, implementation, and controlled deployment using AGPM to ensure consistent and secure configuration baselines. Manage core AD infrastructure components such as Domain Controllers, FSMO roles, DNS, DHCP, Sites & Services, ensuring resilience, correct topology, and high availability. Implement and enforce Azure AD security controls, including RBAC, Conditional Access, MFA, Identity Protection, PIM, and other Zero Trust aligned safeguards. Support Azure-based platforms including Azure Virtual Desktop, Azure Storage, and policy-driven automation using PowerShell to streamline operational tasks. Administer and support Windows Server environments (2016 through 2025), ensuring proper patching, performance, and service reliability. Manage Public Key Infrastructure (PKI) and certificate-based authentication, including lifecycle operations, template management, and secure issuance practices. Support and maintain Virtualisation Platforms in conjunction with Active Directory and domain architecture best practices. Contribute to the design and delivery of identity and infrastructure solutions, including installation, configuration, optimisation, and continuous service improvement initiatives. Produce comprehensive technical documentation, including HLDs, LLDs, operational guides, runbooks, and service model documentation for internal and customer use. Work within Agile and ITIL-aligned processes to drive continuous improvement, operational consistency, and service excellence. Deliver clear communication and exceptional customer service, supporting both technical and non-technical stakeholders in resolving identity and access-related issues. Configure and support enterprise integrations, including Azure Enterprise Applications, ADFS-integrated services, Single Sign-On (SSO), and user/application provisioning for SaaS and PaaS platforms. ESSENTIAL SKILLS & EXPERIENCE: 5+ years supporting hybrid AD (On Prem & Azure AD) in enterprise environments. Deep knowledge of Group Policy (inc. AGPM), ADFS, AD Connect, and LDAP. Strong grasp of Azure AD security (RBAC, Conditional Access, MFA, PIM). Proficiency across Windows Server 2016/2019/2022 (benefit: legacy familiarity from 2003+), DNS/DHCP, DFS, clustering, and Windows PKI. Operational excellence with Domain Controllers and FSMO role management. Azure PowerShell scripting for automation and support. Experience with O365/Exchange Online and Endpoint Management in identity related contexts. Strong documentation and communication skills; confident working directly with senior customer stakeholders. Familiarity with ServiceNow (Incidents, Requests, Change, Reporting). DESIRABLE SKILLS: Azure DevOps, IaC (ARM/Bicep), CI/CD pipelines; exposure to containers/Kubernetes. Azure Virtual Desktop (WVD/AVD) (Nerdio beneficial), Azure Monitoring and Log Analytics. Broader systems knowledge: SCCM, WSUS, SCOM, AGPM, Lumensions. Understanding of the Microsoft Tiered Administration Model and enterprise segmentation.At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams
Finova Technologies Private Limited
Salford, Manchester
Identity & Access Engineer (IAM) - Manchester Based (3 Days Hybrid) About Finova Finova is the UK's largest financial services technology provider, supporting one in every five mortgages nationwide. Our agile, cloud-native solutions enable over 60 banks, building societies, specialist lenders, equity release providers and a network of 2,400+ brokers to stay ahead in a competitive market. Built on open architecture and backed by deep industry expertise, our platform is designed to scale. Each year, we process over £50 billion in loans, manage nearly £50 billion in savings, and support the digital servicing of more than 650,000 UK borrower accounts. Be part of a team that's driving innovation, enabling growth and shaping the future of UK lending. About the Role Finova is seeking a seasoned IAM Specialist to own the design and implementation of identity, access, and entitlements across a multi-cloud SaaS fintech platform. Core Responsibility: Translate architectural choices into practical, automated, and secure IAM implementations spanning workforce, customer, and machine identities. The Stack: Multi-cloud infrastructure across AWS, Azure, and GCP. Applications run on .NET with SQL Server-backed role systems. Key Challenge: Enforce tenant isolation and strict least-privilege to satisfy regulators, while defining cutting-edge access boundaries for AI pipelines, vector databases, and automated decision engines. Work Model: A highly collaborative, hands-on hybrid role. You will balance high-level access modeling with day-to-day configuration, such as writing OPA Rego rules or configuring Azure AD Conditional Access policies. About You You are a highly analytical identity purist who recognizes that in a modern cloud ecosystem, identity is the actual security perimeter. You bridge the gap between application engineering, cloud infrastructure, and regulatory audit, acting as the subject matter expert on who-and what-has access to everything. Key Attributes The Structural Architect: You enjoy mapping complex business roles into clean, automated framework permissions, avoiding the technical debt of "privilege creep." Code-Driven Security Advocate: You prefer policy-as-code over manual UI configurations, favoring auditable git repositories and continuous testing for authorization logic. Pragmatic Problem Solver: You understand that security fails if it creates friction, meaning you are constantly looking for ways to use JIT elevation, automated provisioning, and SSO to make access seamless yet secure. Rigorous Guard of Boundaries: You possess an uncompromising eye for isolation details, instinctively knowing how to defend against cross-tenant data leaks and broken access controls. Experience: 4-6 years in IAM, security engineering, or identity-focused cloud engineering with hands-on enterprise deployment experience. Entra ID Expertise: Deep practical knowledge of Azure AD (Entra ID), encompassing app registrations, Conditional Access, PIM, and federation configurations. Multi-Cloud Competency: Hands-on experience with at least two major cloud providers (AWS IAM, Azure RBAC, or GCP IAM) and operational familiarity with all three. Application & DB IAM: Experience implementing RBAC/ABAC models within .NET applications (Claims, ASP.NET Identity) alongside practical SQL Server access management (roles, RLS, data masking). Federation Protocols: Strong capabilities with SAML 2.0, OIDC, OAuth 2.0, and SCIM provisioning workflows. Policy-as-Code Skills: Experience writing, testing, and deploying authorization policies (OPA/Rego, Azure Policy, or AWS SCPs) directly within a CI/CD pipeline. Modern IAM Tooling: Familiarity with PIM/PAM, CIEM concepts, secretless DevOps access patterns (OIDC-based pipeline identity), and secrets managers (Azure Key Vault, HashiCorp Vault). SaaS Architecture Intuition: A strong understanding of multi-tenancy, with the ability to easily identify missing tenant contexts or authorization bypass vulnerabilities. Communication: Ability to articulate complex identity structures and compliance mandates clearly to developers, architects, and non-technical auditors alike. Nice-to-Have Fintech Experience: Prior experience navigating IAM in highly regulated domains like banking, payments, or insurance. CIEM/IGA Platforms: Familiarity with platforms like Microsoft Entra Permissions Management, Ermetic, SailPoint, or Saviynt. AI Infrastructure Security: Experience building access controls explicitly tailored for model training environments, feature stores, or LLM integrations. Certifications: SC-300 (Microsoft Identity Administrator), AWS Security Specialty, AZ-500, CISSP, or CCSP. Automation Scripting: Competency in PowerShell or Python for automating access reviews, reporting, and IAM operations. Zero Trust Strategy: Understanding of broader Zero Trust architectures, integrating device compliance and network trust factors with core identity decisions. What Will You Be Doing? Identity Architecture & Federation Platform Architecture: Design and implement the identity framework across workforce (employees/contractors), customer (tenant users/admins), and machine identities (services/AI pipelines). Primary IdP Management: Configure and manage Azure AD (Entra ID) tenant structures, app registrations, Conditional Access policies, and directory sync. Enterprise Federation: Implement SAML 2.0, OIDC, and WS-Federation patterns to smoothly onboard customer-managed IdPs like Okta, Ping, and ADFS for enterprise SSO. Automated Provisioning: Design and operate SCIM-based provisioning and deprovisioning workflows to automate user lifecycles across SaaS tenants. Multi-Cloud Mapping: Map Azure AD identities to AWS IAM roles and GCP Workforce Identity Federation to maintain a cohesive, centralized access model. Privileged Access & Entitlements Management PIM/PAM Operations: Implement Just-In-Time (JIT) access, time-bound elevation, and multi-stage approval workflows for sensitive administrator roles. CIEM Right-Sizing: Utilize Cloud Infrastructure Entitlements Management concepts to monitor and reduce standing privileges or over-entitled accounts across AWS, Azure, and GCP. Access Certification: Build automated entitlement review campaigns so business managers can attest to access appropriateness with minimal friction. Break-Glass Procedures: Establish emergency access workflows equipped with automated expiration, full audit trails, and post-incident review requirements. Application-Level Access Control (RBAC / ABAC) Layered Enforcement: Design access models that cross multiple enforcement boundaries, including ASP.NET middleware, API gateways, and SQL Server database layers. Claims Mapping: Maintain the mapping between business roles, ASP.NET Identity/Claims, and database-level permissions (such as SQL Server roles and Row-Level Security). Tenant Isolation: Enforce tenant-scoped RBAC to ensure roles and claims are strictly bound to tenant context, architecturally preventing cross-tenant privilege escalation. Policy-as-Code: Write Open Policy Agent (OPA) / Rego policies to centralize fine-grained authorization, utilizing version control, automated testing, and staged rollouts in CI/CD. Multi-Cloud IAM Operations Cloud Hardening: Manage cloud-native IAM mechanisms, including AWS SCPs and Permission Boundaries; Azure RBAC and Managed Identities; and GCP Organization Policy Constraints. Least-Privilege Verification: Use automated tooling (permission analyzers, simulation tools) to discover and eliminate unused access before deployments go live. Machine Identities: Enforce short-lived credentials, workload identity federation, and secretless patterns for service accounts and machine-to-machine authentication. DevOps & SQL Infrastructure Access Pipeline Security: Secure access to CI/CD pipelines (Azure DevOps, GitHub Actions), artifact registries, and IaC codebases using federated workload identity (OIDC) rather than static keys. SQL Governance: Manage SQL Server database role hierarchies, schema-level permissions, Row-Level Security (RLS) policies, dynamic data masking, and Always Encrypted structures. Database DevOps: Design access controls for migration tools, analytics queries, and read-replicas to empower engineering velocity without providing permanent production database access. Database Auditing: Implement and monitor database audit logs to track privileged queries, schema alterations, and potential anomalous data access. AI & ML Pipeline Access Control Workload Identity: Ensure model training jobs, feature pipelines, and serving endpoints utilize scoped, short-lived credentials to access data. AI Component Protection: Define and implement access controls for vector databases, feature stores, and model registries to secure training datasets and model artifacts. Endpoint Authorization: Establish strict authorization policies controlling which roles or tenants can invoke AI endpoints, minimizing AI service account permissions. Data Boundary Enforcement: . click apply for full job details
17/06/2026
Full time
Identity & Access Engineer (IAM) - Manchester Based (3 Days Hybrid) About Finova Finova is the UK's largest financial services technology provider, supporting one in every five mortgages nationwide. Our agile, cloud-native solutions enable over 60 banks, building societies, specialist lenders, equity release providers and a network of 2,400+ brokers to stay ahead in a competitive market. Built on open architecture and backed by deep industry expertise, our platform is designed to scale. Each year, we process over £50 billion in loans, manage nearly £50 billion in savings, and support the digital servicing of more than 650,000 UK borrower accounts. Be part of a team that's driving innovation, enabling growth and shaping the future of UK lending. About the Role Finova is seeking a seasoned IAM Specialist to own the design and implementation of identity, access, and entitlements across a multi-cloud SaaS fintech platform. Core Responsibility: Translate architectural choices into practical, automated, and secure IAM implementations spanning workforce, customer, and machine identities. The Stack: Multi-cloud infrastructure across AWS, Azure, and GCP. Applications run on .NET with SQL Server-backed role systems. Key Challenge: Enforce tenant isolation and strict least-privilege to satisfy regulators, while defining cutting-edge access boundaries for AI pipelines, vector databases, and automated decision engines. Work Model: A highly collaborative, hands-on hybrid role. You will balance high-level access modeling with day-to-day configuration, such as writing OPA Rego rules or configuring Azure AD Conditional Access policies. About You You are a highly analytical identity purist who recognizes that in a modern cloud ecosystem, identity is the actual security perimeter. You bridge the gap between application engineering, cloud infrastructure, and regulatory audit, acting as the subject matter expert on who-and what-has access to everything. Key Attributes The Structural Architect: You enjoy mapping complex business roles into clean, automated framework permissions, avoiding the technical debt of "privilege creep." Code-Driven Security Advocate: You prefer policy-as-code over manual UI configurations, favoring auditable git repositories and continuous testing for authorization logic. Pragmatic Problem Solver: You understand that security fails if it creates friction, meaning you are constantly looking for ways to use JIT elevation, automated provisioning, and SSO to make access seamless yet secure. Rigorous Guard of Boundaries: You possess an uncompromising eye for isolation details, instinctively knowing how to defend against cross-tenant data leaks and broken access controls. Experience: 4-6 years in IAM, security engineering, or identity-focused cloud engineering with hands-on enterprise deployment experience. Entra ID Expertise: Deep practical knowledge of Azure AD (Entra ID), encompassing app registrations, Conditional Access, PIM, and federation configurations. Multi-Cloud Competency: Hands-on experience with at least two major cloud providers (AWS IAM, Azure RBAC, or GCP IAM) and operational familiarity with all three. Application & DB IAM: Experience implementing RBAC/ABAC models within .NET applications (Claims, ASP.NET Identity) alongside practical SQL Server access management (roles, RLS, data masking). Federation Protocols: Strong capabilities with SAML 2.0, OIDC, OAuth 2.0, and SCIM provisioning workflows. Policy-as-Code Skills: Experience writing, testing, and deploying authorization policies (OPA/Rego, Azure Policy, or AWS SCPs) directly within a CI/CD pipeline. Modern IAM Tooling: Familiarity with PIM/PAM, CIEM concepts, secretless DevOps access patterns (OIDC-based pipeline identity), and secrets managers (Azure Key Vault, HashiCorp Vault). SaaS Architecture Intuition: A strong understanding of multi-tenancy, with the ability to easily identify missing tenant contexts or authorization bypass vulnerabilities. Communication: Ability to articulate complex identity structures and compliance mandates clearly to developers, architects, and non-technical auditors alike. Nice-to-Have Fintech Experience: Prior experience navigating IAM in highly regulated domains like banking, payments, or insurance. CIEM/IGA Platforms: Familiarity with platforms like Microsoft Entra Permissions Management, Ermetic, SailPoint, or Saviynt. AI Infrastructure Security: Experience building access controls explicitly tailored for model training environments, feature stores, or LLM integrations. Certifications: SC-300 (Microsoft Identity Administrator), AWS Security Specialty, AZ-500, CISSP, or CCSP. Automation Scripting: Competency in PowerShell or Python for automating access reviews, reporting, and IAM operations. Zero Trust Strategy: Understanding of broader Zero Trust architectures, integrating device compliance and network trust factors with core identity decisions. What Will You Be Doing? Identity Architecture & Federation Platform Architecture: Design and implement the identity framework across workforce (employees/contractors), customer (tenant users/admins), and machine identities (services/AI pipelines). Primary IdP Management: Configure and manage Azure AD (Entra ID) tenant structures, app registrations, Conditional Access policies, and directory sync. Enterprise Federation: Implement SAML 2.0, OIDC, and WS-Federation patterns to smoothly onboard customer-managed IdPs like Okta, Ping, and ADFS for enterprise SSO. Automated Provisioning: Design and operate SCIM-based provisioning and deprovisioning workflows to automate user lifecycles across SaaS tenants. Multi-Cloud Mapping: Map Azure AD identities to AWS IAM roles and GCP Workforce Identity Federation to maintain a cohesive, centralized access model. Privileged Access & Entitlements Management PIM/PAM Operations: Implement Just-In-Time (JIT) access, time-bound elevation, and multi-stage approval workflows for sensitive administrator roles. CIEM Right-Sizing: Utilize Cloud Infrastructure Entitlements Management concepts to monitor and reduce standing privileges or over-entitled accounts across AWS, Azure, and GCP. Access Certification: Build automated entitlement review campaigns so business managers can attest to access appropriateness with minimal friction. Break-Glass Procedures: Establish emergency access workflows equipped with automated expiration, full audit trails, and post-incident review requirements. Application-Level Access Control (RBAC / ABAC) Layered Enforcement: Design access models that cross multiple enforcement boundaries, including ASP.NET middleware, API gateways, and SQL Server database layers. Claims Mapping: Maintain the mapping between business roles, ASP.NET Identity/Claims, and database-level permissions (such as SQL Server roles and Row-Level Security). Tenant Isolation: Enforce tenant-scoped RBAC to ensure roles and claims are strictly bound to tenant context, architecturally preventing cross-tenant privilege escalation. Policy-as-Code: Write Open Policy Agent (OPA) / Rego policies to centralize fine-grained authorization, utilizing version control, automated testing, and staged rollouts in CI/CD. Multi-Cloud IAM Operations Cloud Hardening: Manage cloud-native IAM mechanisms, including AWS SCPs and Permission Boundaries; Azure RBAC and Managed Identities; and GCP Organization Policy Constraints. Least-Privilege Verification: Use automated tooling (permission analyzers, simulation tools) to discover and eliminate unused access before deployments go live. Machine Identities: Enforce short-lived credentials, workload identity federation, and secretless patterns for service accounts and machine-to-machine authentication. DevOps & SQL Infrastructure Access Pipeline Security: Secure access to CI/CD pipelines (Azure DevOps, GitHub Actions), artifact registries, and IaC codebases using federated workload identity (OIDC) rather than static keys. SQL Governance: Manage SQL Server database role hierarchies, schema-level permissions, Row-Level Security (RLS) policies, dynamic data masking, and Always Encrypted structures. Database DevOps: Design access controls for migration tools, analytics queries, and read-replicas to empower engineering velocity without providing permanent production database access. Database Auditing: Implement and monitor database audit logs to track privileged queries, schema alterations, and potential anomalous data access. AI & ML Pipeline Access Control Workload Identity: Ensure model training jobs, feature pipelines, and serving endpoints utilize scoped, short-lived credentials to access data. AI Component Protection: Define and implement access controls for vector databases, feature stores, and model registries to secure training datasets and model artifacts. Endpoint Authorization: Establish strict authorization policies controlling which roles or tenants can invoke AI endpoints, minimizing AI service account permissions. Data Boundary Enforcement: . click apply for full job details
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Cyber Security Engineer to join our internal security team. Reporting to the CISO and working closely with IT, you will help implement, maintain, and improve Sword's technical security controls, with a strong focus on Microsoft security technologies. You will play an important role in strengthening monitoring, detection, protection, and response across the business. This is a mid-level role suited to someone with solid hands on experience, a positive can do attitude, and the ability to take ownership, work autonomously, manage workload effectively, and deliver results. It is an excellent opportunity for someone who wants to keep learning and continue building their career in cyber security engineering. Key responsibilities Security Monitoring and Operations - Implement, administer, and improve day to day security operations across Microsoft security technologies including Microsoft Sentinel, Microsoft Defender, Conditional Access, Entra ID, and related Azure security capabilities, helping to strengthen monitoring, detection, protection, and response. Vulnerability Management and Hardening - Proactive and risk based vulnerability management, including attack surface reduction, system hardening, remediation support, and cloud security posture improvement. Security Tooling and Service Support - Support the effective operation of security tooling and services delivered through a combination of internal teams and external providers, helping to maintain service quality, resolve technical issues, and improve day to day security outcomes. Incident Investigation and Response - Take ownership of the technical investigation and triage of security incidents, drive containment and remediation activities, and help improve detection and response capabilities through lessons learned, control improvements, and ongoing risk reduction. Technical Support for Security Awareness - Support the wider security function by contributing technical input to awareness activities, simulated phishing exercises, and secure working practices, helping colleagues understand security controls and common threats. Technical Compliance and Assurance Support - Support the wider security function by implementing and maintaining technical controls that align with internal security policies, certification requirements, and assurance activities, including supporting Cyber Essentials Plus readiness, evidence gathering, and remediation activities where needed. Technical Risk Assessment Support - Provide technical input into security risk assessments across projects, suppliers, and internal services, helping to identify vulnerabilities, assess exposure, and support practical remediation and hardening activities. Technical Support for Regulatory and Client Requirements - Support the implementation, maintenance, and evidencing of technical controls required to meet relevant legal, regulatory, and client security obligations. Supplier and Integration Security Support - Support technical reviews of supplier and partner services, integrations, and access arrangements, helping to identify security issues and ensure appropriate controls are implemented and maintained. Continuous Improvement and Automation - Identify opportunities to improve security tooling, detection logic, control effectiveness, and operational processes through tuning, automation, and incremental engineering enhancements. This is an excellent opportunity to work with a talented team, build hands on experience across modern security technologies, and make a meaningful contribution to strengthening Sword's cyber security capability. If you enjoy solving technical security challenges and want to keep developing your career, we would like to hear from you. This is a hands on mid-level technical role focused on implementing, operating, and improving security controls across Sword's environment. Working with IT and the wider security function, you will help strengthen monitoring, protection, detection, response, and technical assurance through effective use of security technologies and services. We are looking for someone who is proactive, practical, and delivery-focused, with the confidence to work independently, manage priorities, and follow through with minimal supervision. You should have hands on experience, or strong working knowledge, in several of the following areas: Microsoft security technologies such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Conditional Access, Microsoft Purview, Intune security controls, email security, identity protection, and endpoint detection and response. Operating and improving security controls across areas such as endpoint protection, SIEM, vulnerability management, identity and access management, data protection, email security, cloud security posture, and system hardening. Awareness of security frameworks, standards, and regulatory drivers such as NIST, ISO 27001, GDPR, and NIS2, with the ability to apply technical controls in support of these requirements. Experience supporting or contributing to Cyber Essentials Plus, including technical control implementation, evidence collection, remediation tracking, or preparation for assessment. Experience supporting the secure deployment and configuration of applications, infrastructure, identities, and cloud services, working with IT teams to embed appropriate security controls. Ability to explain technical security issues clearly, provide practical guidance to colleagues, and contribute technical input to awareness, audit, and assurance activities where needed. Experience in cyber security engineering, security operations, infrastructure security, IT engineering, or a closely related technical role, ideally in a complex business environment and working with internal teams and external providers, with the ability to work autonomously and manage workload effectively. Qualifications and Personal Skills Relevant technical certifications are desirable, particularly in Microsoft security technologies such as SC-200, SC-300, SC-400, AZ-500, or similar. Broader security certifications are welcomed but not essential if you can demonstrate strong hands on technical capability and a willingness to continue learning. Take ownership, works independently when needed, and stays focused on delivering high quality outcomes. Curious, proactive, and committed to continuous learning and career development in cyber security. Able to manage workload effectively, prioritise sensibly, and maintain momentum in a busy technical environment. Communicates clearly and works well with technical and non-technical colleagues to turn security requirements into practical actions and improvements. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
15/06/2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Cyber Security Engineer to join our internal security team. Reporting to the CISO and working closely with IT, you will help implement, maintain, and improve Sword's technical security controls, with a strong focus on Microsoft security technologies. You will play an important role in strengthening monitoring, detection, protection, and response across the business. This is a mid-level role suited to someone with solid hands on experience, a positive can do attitude, and the ability to take ownership, work autonomously, manage workload effectively, and deliver results. It is an excellent opportunity for someone who wants to keep learning and continue building their career in cyber security engineering. Key responsibilities Security Monitoring and Operations - Implement, administer, and improve day to day security operations across Microsoft security technologies including Microsoft Sentinel, Microsoft Defender, Conditional Access, Entra ID, and related Azure security capabilities, helping to strengthen monitoring, detection, protection, and response. Vulnerability Management and Hardening - Proactive and risk based vulnerability management, including attack surface reduction, system hardening, remediation support, and cloud security posture improvement. Security Tooling and Service Support - Support the effective operation of security tooling and services delivered through a combination of internal teams and external providers, helping to maintain service quality, resolve technical issues, and improve day to day security outcomes. Incident Investigation and Response - Take ownership of the technical investigation and triage of security incidents, drive containment and remediation activities, and help improve detection and response capabilities through lessons learned, control improvements, and ongoing risk reduction. Technical Support for Security Awareness - Support the wider security function by contributing technical input to awareness activities, simulated phishing exercises, and secure working practices, helping colleagues understand security controls and common threats. Technical Compliance and Assurance Support - Support the wider security function by implementing and maintaining technical controls that align with internal security policies, certification requirements, and assurance activities, including supporting Cyber Essentials Plus readiness, evidence gathering, and remediation activities where needed. Technical Risk Assessment Support - Provide technical input into security risk assessments across projects, suppliers, and internal services, helping to identify vulnerabilities, assess exposure, and support practical remediation and hardening activities. Technical Support for Regulatory and Client Requirements - Support the implementation, maintenance, and evidencing of technical controls required to meet relevant legal, regulatory, and client security obligations. Supplier and Integration Security Support - Support technical reviews of supplier and partner services, integrations, and access arrangements, helping to identify security issues and ensure appropriate controls are implemented and maintained. Continuous Improvement and Automation - Identify opportunities to improve security tooling, detection logic, control effectiveness, and operational processes through tuning, automation, and incremental engineering enhancements. This is an excellent opportunity to work with a talented team, build hands on experience across modern security technologies, and make a meaningful contribution to strengthening Sword's cyber security capability. If you enjoy solving technical security challenges and want to keep developing your career, we would like to hear from you. This is a hands on mid-level technical role focused on implementing, operating, and improving security controls across Sword's environment. Working with IT and the wider security function, you will help strengthen monitoring, protection, detection, response, and technical assurance through effective use of security technologies and services. We are looking for someone who is proactive, practical, and delivery-focused, with the confidence to work independently, manage priorities, and follow through with minimal supervision. You should have hands on experience, or strong working knowledge, in several of the following areas: Microsoft security technologies such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Conditional Access, Microsoft Purview, Intune security controls, email security, identity protection, and endpoint detection and response. Operating and improving security controls across areas such as endpoint protection, SIEM, vulnerability management, identity and access management, data protection, email security, cloud security posture, and system hardening. Awareness of security frameworks, standards, and regulatory drivers such as NIST, ISO 27001, GDPR, and NIS2, with the ability to apply technical controls in support of these requirements. Experience supporting or contributing to Cyber Essentials Plus, including technical control implementation, evidence collection, remediation tracking, or preparation for assessment. Experience supporting the secure deployment and configuration of applications, infrastructure, identities, and cloud services, working with IT teams to embed appropriate security controls. Ability to explain technical security issues clearly, provide practical guidance to colleagues, and contribute technical input to awareness, audit, and assurance activities where needed. Experience in cyber security engineering, security operations, infrastructure security, IT engineering, or a closely related technical role, ideally in a complex business environment and working with internal teams and external providers, with the ability to work autonomously and manage workload effectively. Qualifications and Personal Skills Relevant technical certifications are desirable, particularly in Microsoft security technologies such as SC-200, SC-300, SC-400, AZ-500, or similar. Broader security certifications are welcomed but not essential if you can demonstrate strong hands on technical capability and a willingness to continue learning. Take ownership, works independently when needed, and stays focused on delivering high quality outcomes. Curious, proactive, and committed to continuous learning and career development in cyber security. Able to manage workload effectively, prioritise sensibly, and maintain momentum in a busy technical environment. Communicates clearly and works well with technical and non-technical colleagues to turn security requirements into practical actions and improvements. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
For additional information, please review . Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities.The role is to provide senior, low-latency systems and application framework engineering (skilled in Java, C++ , Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA ) team. The team require a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization are a high skilled enablement group of Subject Matter experts - who produce application frameworks and engage with application engineers to enable application Modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities include (but not limited to): 90% hands-on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in-house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems Provide world class expertise in area of Java low latency development. Utilize advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals Consult with end users to identify system function specifications and incorporate into overall system design Influence and negotiate with senior leaders and communicate with external parties Happy to work with and educate and support/mentor Junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development In-depth experience with Algorithmic Trading application development, preferably in low latency environment Detailed comprehension and experience with Market Data handling and associated technologies (such as time-series databases e.g. KDB) Demonstrated leadership, project management, and development skills Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux Operating system, system calls and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills Nice to have Background in C++This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resourcesAlongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Job Family Group: Technology Job Family: Applications Development Time Type: Full time Most Relevant Skills Please see the requirements listed above. Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review . View Citi's and the poster.
15/06/2026
Full time
For additional information, please review . Senior Low Latency Rust Engineer Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. What We do / The Team This is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. The overall objective of this role is to lead applications systems analysis and programming activities.The role is to provide senior, low-latency systems and application framework engineering (skilled in Java, C++ , Rust, KDB, market data, algorithmic trading technology) within the London Based High Performance Architectures (HPA ) team. The team require a specialist on algorithmic trading systems utilities including but not limited to market data replay and back test/simulation utilities. The HPA organization are a high skilled enablement group of Subject Matter experts - who produce application frameworks and engage with application engineers to enable application Modernisation to over 100 teams across Citi with a concentration on low latency eTrading platforms in Markets Technology. Responsibilities include (but not limited to): 90% hands-on in the Rust or Java codebase. We build microservices based event sourcing systems on a low latency in-house framework. Response times in the 10 microsecond to 100 microsecond range. Lead integration of functions to meet goals, deploy new products, and enhance processes Analyse complex business processes, system processes, and industry standards to define and develop solutions to high level problems Provide world class expertise in area of Java low latency development. Utilize advanced knowledge of supported main system flows and comprehensive knowledge of multiple areas to achieve technology goals Consult with end users to identify system function specifications and incorporate into overall system design Influence and negotiate with senior leaders and communicate with external parties Happy to work with and educate and support/mentor Junior developers and less experienced senior Java developers. Key Skills and Experience required Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development In-depth experience with Algorithmic Trading application development, preferably in low latency environment Detailed comprehension and experience with Market Data handling and associated technologies (such as time-series databases e.g. KDB) Demonstrated leadership, project management, and development skills Passion for coding excellent, commercial grade, mission critical Java frameworks based on event sourcing microservices. Complete knowledge of modern Java, the JVM, the Linux Operating system, system calls and Kernel. Knowledge of TCP and other IP based network protocol technologies including hardware accelerated kernel bypass e.g. Solarflare OpenOnload Performance assessment and targeted tuning. Design and architectural elegance. Experience in implementing projects Great communicator with high EQ. Ability to occasionally produce clear diagrammatic documentation and model key aspects in UML sequence diagrams. Relationship and consensus building skills Nice to have Background in C++This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resourcesAlongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Job Family Group: Technology Job Family: Applications Development Time Type: Full time Most Relevant Skills Please see the requirements listed above. Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review . View Citi's and the poster.
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Cyber Security Engineer to join our internal security team. Reporting to the CISO and working closely with IT, you will help implement, maintain, and improve Sword's technical security controls, with a strong focus on Microsoft security technologies. You will play an important role in strengthening monitoring, detection, protection, and response across the business. This is a mid-level role suited to someone with solid hands on experience, a positive can do attitude, and the ability to take ownership, work autonomously, manage workload effectively, and deliver results. It is an excellent opportunity for someone who wants to keep learning and continue building their career in cyber security engineering. Key responsibilities Security Monitoring and Operations - Implement, administer, and improve day to day security operations across Microsoft security technologies including Microsoft Sentinel, Microsoft Defender, Conditional Access, Entra ID, and related Azure security capabilities, helping to strengthen monitoring, detection, protection, and response. Vulnerability Management and Hardening - Proactive and risk based vulnerability management, including attack surface reduction, system hardening, remediation support, and cloud security posture improvement. Security Tooling and Service Support - Support the effective operation of security tooling and services delivered through a combination of internal teams and external providers, helping to maintain service quality, resolve technical issues, and improve day to day security outcomes. Incident Investigation and Response - Take ownership of the technical investigation and triage of security incidents, drive containment and remediation activities, and help improve detection and response capabilities through lessons learned, control improvements, and ongoing risk reduction. Technical Support for Security Awareness - Support the wider security function by contributing technical input to awareness activities, simulated phishing exercises, and secure working practices, helping colleagues understand security controls and common threats. Technical Compliance and Assurance Support - Support the wider security function by implementing and maintaining technical controls that align with internal security policies, certification requirements, and assurance activities, including supporting Cyber Essentials Plus readiness, evidence gathering, and remediation activities where needed. Technical Risk Assessment Support - Provide technical input into security risk assessments across projects, suppliers, and internal services, helping to identify vulnerabilities, assess exposure, and support practical remediation and hardening activities. Technical Support for Regulatory and Client Requirements - Support the implementation, maintenance, and evidencing of technical controls required to meet relevant legal, regulatory, and client security obligations. Supplier and Integration Security Support - Support technical reviews of supplier and partner services, integrations, and access arrangements, helping to identify security issues and ensure appropriate controls are implemented and maintained. Continuous Improvement and Automation - Identify opportunities to improve security tooling, detection logic, control effectiveness, and operational processes through tuning, automation, and incremental engineering enhancements. This is an excellent opportunity to work with a talented team, build hands on experience across modern security technologies, and make a meaningful contribution to strengthening Sword's cyber security capability. If you enjoy solving technical security challenges and want to keep developing your career, we would like to hear from you. This is a hands on mid-level technical role focused on implementing, operating, and improving security controls across Sword's environment. Working with IT and the wider security function, you will help strengthen monitoring, protection, detection, response, and technical assurance through effective use of security technologies and services. We are looking for someone who is proactive, practical, and delivery-focused, with the confidence to work independently, manage priorities, and follow through with minimal supervision. You should have hands on experience, or strong working knowledge, in several of the following areas: Microsoft security technologies such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Conditional Access, Microsoft Purview, Intune security controls, email security, identity protection, and endpoint detection and response. Operating and improving security controls across areas such as endpoint protection, SIEM, vulnerability management, identity and access management, data protection, email security, cloud security posture, and system hardening. Awareness of security frameworks, standards, and regulatory drivers such as NIST, ISO 27001, GDPR, and NIS2, with the ability to apply technical controls in support of these requirements. Experience supporting or contributing to Cyber Essentials Plus, including technical control implementation, evidence collection, remediation tracking, or preparation for assessment. Experience supporting the secure deployment and configuration of applications, infrastructure, identities, and cloud services, working with IT teams to embed appropriate security controls. Ability to explain technical security issues clearly, provide practical guidance to colleagues, and contribute technical input to awareness, audit, and assurance activities where needed. Experience in cyber security engineering, security operations, infrastructure security, IT engineering, or a closely related technical role, ideally in a complex business environment and working with internal teams and external providers, with the ability to work autonomously and manage workload effectively. Qualifications and Personal Skills Relevant technical certifications are desirable, particularly in Microsoft security technologies such as SC-200, SC-300, SC-400, AZ-500, or similar. Broader security certifications are welcomed but not essential if you can demonstrate strong hands on technical capability and a willingness to continue learning. Take ownership, works independently when needed, and stays focused on delivering high quality outcomes. Curious, proactive, and committed to continuous learning and career development in cyber security. Able to manage workload effectively, prioritise sensibly, and maintain momentum in a busy technical environment. Communicates clearly and works well with technical and non-technical colleagues to turn security requirements into practical actions and improvements. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
14/06/2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Cyber Security Engineer to join our internal security team. Reporting to the CISO and working closely with IT, you will help implement, maintain, and improve Sword's technical security controls, with a strong focus on Microsoft security technologies. You will play an important role in strengthening monitoring, detection, protection, and response across the business. This is a mid-level role suited to someone with solid hands on experience, a positive can do attitude, and the ability to take ownership, work autonomously, manage workload effectively, and deliver results. It is an excellent opportunity for someone who wants to keep learning and continue building their career in cyber security engineering. Key responsibilities Security Monitoring and Operations - Implement, administer, and improve day to day security operations across Microsoft security technologies including Microsoft Sentinel, Microsoft Defender, Conditional Access, Entra ID, and related Azure security capabilities, helping to strengthen monitoring, detection, protection, and response. Vulnerability Management and Hardening - Proactive and risk based vulnerability management, including attack surface reduction, system hardening, remediation support, and cloud security posture improvement. Security Tooling and Service Support - Support the effective operation of security tooling and services delivered through a combination of internal teams and external providers, helping to maintain service quality, resolve technical issues, and improve day to day security outcomes. Incident Investigation and Response - Take ownership of the technical investigation and triage of security incidents, drive containment and remediation activities, and help improve detection and response capabilities through lessons learned, control improvements, and ongoing risk reduction. Technical Support for Security Awareness - Support the wider security function by contributing technical input to awareness activities, simulated phishing exercises, and secure working practices, helping colleagues understand security controls and common threats. Technical Compliance and Assurance Support - Support the wider security function by implementing and maintaining technical controls that align with internal security policies, certification requirements, and assurance activities, including supporting Cyber Essentials Plus readiness, evidence gathering, and remediation activities where needed. Technical Risk Assessment Support - Provide technical input into security risk assessments across projects, suppliers, and internal services, helping to identify vulnerabilities, assess exposure, and support practical remediation and hardening activities. Technical Support for Regulatory and Client Requirements - Support the implementation, maintenance, and evidencing of technical controls required to meet relevant legal, regulatory, and client security obligations. Supplier and Integration Security Support - Support technical reviews of supplier and partner services, integrations, and access arrangements, helping to identify security issues and ensure appropriate controls are implemented and maintained. Continuous Improvement and Automation - Identify opportunities to improve security tooling, detection logic, control effectiveness, and operational processes through tuning, automation, and incremental engineering enhancements. This is an excellent opportunity to work with a talented team, build hands on experience across modern security technologies, and make a meaningful contribution to strengthening Sword's cyber security capability. If you enjoy solving technical security challenges and want to keep developing your career, we would like to hear from you. This is a hands on mid-level technical role focused on implementing, operating, and improving security controls across Sword's environment. Working with IT and the wider security function, you will help strengthen monitoring, protection, detection, response, and technical assurance through effective use of security technologies and services. We are looking for someone who is proactive, practical, and delivery-focused, with the confidence to work independently, manage priorities, and follow through with minimal supervision. You should have hands on experience, or strong working knowledge, in several of the following areas: Microsoft security technologies such as Microsoft Defender, Microsoft Sentinel, Microsoft Entra ID, Conditional Access, Microsoft Purview, Intune security controls, email security, identity protection, and endpoint detection and response. Operating and improving security controls across areas such as endpoint protection, SIEM, vulnerability management, identity and access management, data protection, email security, cloud security posture, and system hardening. Awareness of security frameworks, standards, and regulatory drivers such as NIST, ISO 27001, GDPR, and NIS2, with the ability to apply technical controls in support of these requirements. Experience supporting or contributing to Cyber Essentials Plus, including technical control implementation, evidence collection, remediation tracking, or preparation for assessment. Experience supporting the secure deployment and configuration of applications, infrastructure, identities, and cloud services, working with IT teams to embed appropriate security controls. Ability to explain technical security issues clearly, provide practical guidance to colleagues, and contribute technical input to awareness, audit, and assurance activities where needed. Experience in cyber security engineering, security operations, infrastructure security, IT engineering, or a closely related technical role, ideally in a complex business environment and working with internal teams and external providers, with the ability to work autonomously and manage workload effectively. Qualifications and Personal Skills Relevant technical certifications are desirable, particularly in Microsoft security technologies such as SC-200, SC-300, SC-400, AZ-500, or similar. Broader security certifications are welcomed but not essential if you can demonstrate strong hands on technical capability and a willingness to continue learning. Take ownership, works independently when needed, and stays focused on delivering high quality outcomes. Curious, proactive, and committed to continuous learning and career development in cyber security. Able to manage workload effectively, prioritise sensibly, and maintain momentum in a busy technical environment. Communicates clearly and works well with technical and non-technical colleagues to turn security requirements into practical actions and improvements. At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
Title Cyber Advisory Lead Reference No 2162 Company FTSE 100 Reports to Cyber Advisory Services Manager Location London Working Pattern 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary £59,000 - £72,000 Benefits Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme underway to build new security capabilities at pace. GCS sets the Group cyber standard, measures compliance against it across all the businesses, and delivers a portfolio of centrally managed security services that divisions can rely on. The Cyber Advisory Services function is the critical bridge between Group standards and divisional reality - translating GCS expertise into practical, context sensitive support that helps divisions understand, adopt, and embed the Group cyber standard in their specific environments. Role Summary Reporting to the Cyber Advisory Services Manager, the Cyber Advisory Lead is a senior individual contributor and the primary delivery resource within the advisory function. The role provides expert cyber security advice and guidance directly to the divisions, business units, and Group functions - operating as a trusted consultant who helps translate Group cyber standards into practical action on the ground. The Cyber Advisory Lead is the person divisions call when they need a credible, knowledgeable partner to work through a cyber security challenge with them: someone who understands both the Group standard and the operational reality of divisional environments. The role delivers a wide range of advisory services including technical standards interpretation and guidance, firewall rule base and security policy review, security input to non functional requirements for Group and divisional programmes, and advisory support to merger, acquisition, and divestiture activity. The Cyber Advisory Lead also plays a key role in managing and briefing flexible resources drawn from the GCS resourcing pool, ensuring they are deployed effectively and maintain the quality standards expected of the advisory function. This is a hands on role that demands breadth, consulting confidence, and the ability to calibrate advice to the needs and maturity of each divisional audience. Role Responsibilities / Accountabilities Technical Standards Advisory & Interpretation Act as the primary advisory point of contact for divisions and business units seeking guidance on the interpretation and application of Group cyber technical standards; provide clear, practical, and risk proportionate advice that helps divisions understand what compliance looks like in their specific environment. Translate Group technical standards into actionable divisional guidance; develop worked examples, implementation notes, and practical toolkits that make standards easier for divisional IT and security teams to adopt without losing the intent of the underlying requirement. Capture intelligence from advisory engagements - recurring questions, implementation blockers, divisional gaps - and feed it back to the Cyber Advisory Services Manager to inform improvements to standards, guidance materials, and the advisory service offering. Rule Base Assessment & Security Policy Review Plan and conduct firewall rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and produce clear, risk prioritised findings reports with actionable remediation guidance. Review and assess security policy change requests from divisions, evaluating proposed changes against Group standards and architectural principles and providing a clear recommendation with supporting rationale; act as a constructive challenge function rather than a bureaucratic gate. Support divisional teams in understanding and implementing remediation actions following rule base and policy reviews; track agreed actions to closure and provide follow up assurance that improvements have been embedded sustainably. Non Functional Security Requirements Engage with Group and divisional programme teams to define and validate non functional security requirements (NFRs); ensure that security properties - covering authentication, authorisation, encryption, logging, resilience, and data classification - are specified clearly and in a form that project and engineering teams can act on. Apply the Group NFR library to programme and project engagements, tailoring standard requirements to the specific technology context; identify where project proposals deviate from Group security expectations and work with project teams to find compliant or risk accepted alternatives. Contribute to the ongoing development and maintenance of the Group NFR library; identify gaps, outdated requirements, and emerging security considerations that should be reflected in standard NFR content. M&A, Project & Programme Advisory Support Provide cyber security advisory input to merger, acquisition, and divestiture activity, supporting the Cyber Advisory Services Manager in delivering the GCS M&A workstream; conduct cyber due diligence assessments, identify security risks associated with target entities, and develop recommendations for integration or separation. Support the delivery of cyber advisory input to Group and divisional strategic programmes - including technology transformations, cloud migrations, and ERP deployments - ensuring security considerations are raised and addressed at the right stage of each programme lifecycle. Produce high quality advisory outputs - reports, briefing notes, findings summaries, and recommendations - that reflect well on GCS and provide divisional stakeholders with clear, actionable intelligence. Flexible Resource Management & Divisional Engagement Support the Cyber Advisory Services Manager in managing the GCS flexible resourcing pool; brief and onboard flexible resources ahead of divisional deployments, maintain quality standards throughout engagements, and provide day to day direction to consultants and contractors working within the advisory function. Build and maintain trusted working relationships with divisional security leads, IT directors, and BISOs; position yourself as an accessible, credible, and practically minded partner who divisions want to engage with rather than a compliance overhead. Act as an active intelligence gatherer during divisional engagements; identify common challenges, recurring themes, and emerging risks across the estate, and feed structured insight back to the Cyber Advisory Services Manager and the wider GCS Leadership Team. Experience, Knowledge, Skills & Attributes Essential Experience 6+ years in cyber security, with a significant portion in advisory, consulting, or technical security roles requiring breadth across multiple domains. Demonstrable experience delivering cyber security advisory services to business units or divisions within a large organisation, or to enterprise clients as an external consultant. Hands on experience conducting firewall rule base reviews and security policy assessments, producing structured findings reports with risk prioritised recommendations. Experience defining or reviewing non functional security requirements for technology programmes, and the ability to translate security standards into specific, measurable project requirements. Experience providing cyber security input to M&A or other major business change programmes, including due diligence support and integration planning. Knowledge & Skills Broad technical knowledge spanning the core cyber security domains - network security, identity and access management, endpoint protection, cloud security, application security, and data protection - sufficient to advise credibly across all of them. Strong consulting and communication skills: able to listen carefully, form a well reasoned view, and articulate it clearly - whether in a written advisory report, a divisional workshop, or a one to one conversation with a BISO or IT director. Ability to translate Group technical standards into practical, context sensitive guidance that maintains the intent of the standard while acknowledging legitimate operational constraints of the division. Strong written output skills; able to produce high quality advisory reports and briefing materials that are accurate, clearly structured, and appropriate for a senior divisional or Group audience. Qualifications Degree level education in computer science, information security, or a related discipline; or equivalent professional experience. Professional certification in cyber security: CISSP, CISM, CompTIA Security+, or equivalent demonstrating technical breadth. Experience within a Big Four, specialist cyber consultancy, or in house advisory function of a large FTSE listed organisation . click apply for full job details
11/06/2026
Full time
Title Cyber Advisory Lead Reference No 2162 Company FTSE 100 Reports to Cyber Advisory Services Manager Location London Working Pattern 37.5 hours per week, Monday - Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place). Salary £59,000 - £72,000 Benefits Bupa, Matched pension contributions. Group Cyber Security Overview The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi year transformation programme underway to build new security capabilities at pace. GCS sets the Group cyber standard, measures compliance against it across all the businesses, and delivers a portfolio of centrally managed security services that divisions can rely on. The Cyber Advisory Services function is the critical bridge between Group standards and divisional reality - translating GCS expertise into practical, context sensitive support that helps divisions understand, adopt, and embed the Group cyber standard in their specific environments. Role Summary Reporting to the Cyber Advisory Services Manager, the Cyber Advisory Lead is a senior individual contributor and the primary delivery resource within the advisory function. The role provides expert cyber security advice and guidance directly to the divisions, business units, and Group functions - operating as a trusted consultant who helps translate Group cyber standards into practical action on the ground. The Cyber Advisory Lead is the person divisions call when they need a credible, knowledgeable partner to work through a cyber security challenge with them: someone who understands both the Group standard and the operational reality of divisional environments. The role delivers a wide range of advisory services including technical standards interpretation and guidance, firewall rule base and security policy review, security input to non functional requirements for Group and divisional programmes, and advisory support to merger, acquisition, and divestiture activity. The Cyber Advisory Lead also plays a key role in managing and briefing flexible resources drawn from the GCS resourcing pool, ensuring they are deployed effectively and maintain the quality standards expected of the advisory function. This is a hands on role that demands breadth, consulting confidence, and the ability to calibrate advice to the needs and maturity of each divisional audience. Role Responsibilities / Accountabilities Technical Standards Advisory & Interpretation Act as the primary advisory point of contact for divisions and business units seeking guidance on the interpretation and application of Group cyber technical standards; provide clear, practical, and risk proportionate advice that helps divisions understand what compliance looks like in their specific environment. Translate Group technical standards into actionable divisional guidance; develop worked examples, implementation notes, and practical toolkits that make standards easier for divisional IT and security teams to adopt without losing the intent of the underlying requirement. Capture intelligence from advisory engagements - recurring questions, implementation blockers, divisional gaps - and feed it back to the Cyber Advisory Services Manager to inform improvements to standards, guidance materials, and the advisory service offering. Rule Base Assessment & Security Policy Review Plan and conduct firewall rule base reviews and security policy assessments for Group and divisional environments; identify technical debt, overly permissive rules, obsolete entries, and configuration drift, and produce clear, risk prioritised findings reports with actionable remediation guidance. Review and assess security policy change requests from divisions, evaluating proposed changes against Group standards and architectural principles and providing a clear recommendation with supporting rationale; act as a constructive challenge function rather than a bureaucratic gate. Support divisional teams in understanding and implementing remediation actions following rule base and policy reviews; track agreed actions to closure and provide follow up assurance that improvements have been embedded sustainably. Non Functional Security Requirements Engage with Group and divisional programme teams to define and validate non functional security requirements (NFRs); ensure that security properties - covering authentication, authorisation, encryption, logging, resilience, and data classification - are specified clearly and in a form that project and engineering teams can act on. Apply the Group NFR library to programme and project engagements, tailoring standard requirements to the specific technology context; identify where project proposals deviate from Group security expectations and work with project teams to find compliant or risk accepted alternatives. Contribute to the ongoing development and maintenance of the Group NFR library; identify gaps, outdated requirements, and emerging security considerations that should be reflected in standard NFR content. M&A, Project & Programme Advisory Support Provide cyber security advisory input to merger, acquisition, and divestiture activity, supporting the Cyber Advisory Services Manager in delivering the GCS M&A workstream; conduct cyber due diligence assessments, identify security risks associated with target entities, and develop recommendations for integration or separation. Support the delivery of cyber advisory input to Group and divisional strategic programmes - including technology transformations, cloud migrations, and ERP deployments - ensuring security considerations are raised and addressed at the right stage of each programme lifecycle. Produce high quality advisory outputs - reports, briefing notes, findings summaries, and recommendations - that reflect well on GCS and provide divisional stakeholders with clear, actionable intelligence. Flexible Resource Management & Divisional Engagement Support the Cyber Advisory Services Manager in managing the GCS flexible resourcing pool; brief and onboard flexible resources ahead of divisional deployments, maintain quality standards throughout engagements, and provide day to day direction to consultants and contractors working within the advisory function. Build and maintain trusted working relationships with divisional security leads, IT directors, and BISOs; position yourself as an accessible, credible, and practically minded partner who divisions want to engage with rather than a compliance overhead. Act as an active intelligence gatherer during divisional engagements; identify common challenges, recurring themes, and emerging risks across the estate, and feed structured insight back to the Cyber Advisory Services Manager and the wider GCS Leadership Team. Experience, Knowledge, Skills & Attributes Essential Experience 6+ years in cyber security, with a significant portion in advisory, consulting, or technical security roles requiring breadth across multiple domains. Demonstrable experience delivering cyber security advisory services to business units or divisions within a large organisation, or to enterprise clients as an external consultant. Hands on experience conducting firewall rule base reviews and security policy assessments, producing structured findings reports with risk prioritised recommendations. Experience defining or reviewing non functional security requirements for technology programmes, and the ability to translate security standards into specific, measurable project requirements. Experience providing cyber security input to M&A or other major business change programmes, including due diligence support and integration planning. Knowledge & Skills Broad technical knowledge spanning the core cyber security domains - network security, identity and access management, endpoint protection, cloud security, application security, and data protection - sufficient to advise credibly across all of them. Strong consulting and communication skills: able to listen carefully, form a well reasoned view, and articulate it clearly - whether in a written advisory report, a divisional workshop, or a one to one conversation with a BISO or IT director. Ability to translate Group technical standards into practical, context sensitive guidance that maintains the intent of the standard while acknowledging legitimate operational constraints of the division. Strong written output skills; able to produce high quality advisory reports and briefing materials that are accurate, clearly structured, and appropriate for a senior divisional or Group audience. Qualifications Degree level education in computer science, information security, or a related discipline; or equivalent professional experience. Professional certification in cyber security: CISSP, CISM, CompTIA Security+, or equivalent demonstrating technical breadth. Experience within a Big Four, specialist cyber consultancy, or in house advisory function of a large FTSE listed organisation . click apply for full job details
Senior Data Center Engineer, Electrical Engineering Remote location: United Kingdom Qualifications Bachelor's degree in Electrical Engineering, Power Engineering, a related technical field, or equivalent practical experience. 5 years of experience in mission critical facility design and construction environments. Experience in electrical infrastructure. Preferred qualifications Master's degree in Engineering, Business, or other relevant fields, or a Professional Engineering (PE) license. Experience with medium voltage systems. Experience with cross-discipline teams (e.g., structural, civil, IT/Telecom, security, mechanical, architectural). Experience in design, construction, medium or low voltage electrical distribution systems, AC/DC systems, and associated power management or SCADA tools. Experience working with data center equipment and environments (e.g., switchgear, generators, transformers, controls, security monitoring systems, fire safety systems). Experience in estimating, electrical design, operation, and commissioning of substations, switchgear, ATP/ATS, emergency power systems and their control systems, power monitoring, and electrical protection. About the job Our thirst for technology is a part of everything we do. The Data Center Engineering team takes the physical design of our data centers into the future. Our lab mirrors a research and development department-cutting edge strategies are born, tested, and tested again. Along with a team of great minds, you take on complex topics like how we use power or how to run state of the art, environmentally friendly facilities. You are a visionary who optimizes for efficiencies and never stops seeking improvements-even small changes that can make a huge impact. You generate ideas, communicate recommendations to senior level executives, and drive implementation alongside facilities technicians. With your technical expertise, you will ensure compliance with codes and standards, develop infrastructure improvements, and serve as an expert in your specialty (e.g., cooling, electrical). You will provide field electrical engineering support and issue resolution for the UK campus, supporting the Technical Project Manager in the localized design and delivery of projects in line with the schedule, cost, quality, technical compliance and safety requirements. You will serve as the primary contact between Google, the Project Management Consultancy, and Specialist Contractors, coordinating with stakeholders for all electrical field engineer efforts. You will oversee the appointed electrical installation activities and ensure that construction operations and performance are in compliance with project or corporate requirements, EHS, quality, and schedule requirements while maintaining relationships when interfacing with project stakeholders. You will identify the workload while managing specific discipline owner representatives to support the delivery of projects as per expectations. Responsibilities Define data center system level, product architecture, research and development, while helping to develop operations and maintenance procedures for systems/processes. Conduct engineering analysis and research designs and methods of data center equipment and facilities. Ensure designs and installations meet requirements (e.g., predicted cooling, structural, operational concerns, etc.). Provide technical leadership to the projects, support and optimize project design, scope, schedule, quality, commissioning, and safety for the electrical discipline, and offer feedback to the central partner teams on possible improvements. Contribute to the development of cross project, cross functional, and cross organizational procedures and ensure alignment of the Electrical Engineers' work with multiple teams and projects. Equal Opportunity Statement Google is a proud equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity or expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, in compliance with legal requirements, and any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire. Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is required for all roles unless stated otherwise.
11/06/2026
Full time
Senior Data Center Engineer, Electrical Engineering Remote location: United Kingdom Qualifications Bachelor's degree in Electrical Engineering, Power Engineering, a related technical field, or equivalent practical experience. 5 years of experience in mission critical facility design and construction environments. Experience in electrical infrastructure. Preferred qualifications Master's degree in Engineering, Business, or other relevant fields, or a Professional Engineering (PE) license. Experience with medium voltage systems. Experience with cross-discipline teams (e.g., structural, civil, IT/Telecom, security, mechanical, architectural). Experience in design, construction, medium or low voltage electrical distribution systems, AC/DC systems, and associated power management or SCADA tools. Experience working with data center equipment and environments (e.g., switchgear, generators, transformers, controls, security monitoring systems, fire safety systems). Experience in estimating, electrical design, operation, and commissioning of substations, switchgear, ATP/ATS, emergency power systems and their control systems, power monitoring, and electrical protection. About the job Our thirst for technology is a part of everything we do. The Data Center Engineering team takes the physical design of our data centers into the future. Our lab mirrors a research and development department-cutting edge strategies are born, tested, and tested again. Along with a team of great minds, you take on complex topics like how we use power or how to run state of the art, environmentally friendly facilities. You are a visionary who optimizes for efficiencies and never stops seeking improvements-even small changes that can make a huge impact. You generate ideas, communicate recommendations to senior level executives, and drive implementation alongside facilities technicians. With your technical expertise, you will ensure compliance with codes and standards, develop infrastructure improvements, and serve as an expert in your specialty (e.g., cooling, electrical). You will provide field electrical engineering support and issue resolution for the UK campus, supporting the Technical Project Manager in the localized design and delivery of projects in line with the schedule, cost, quality, technical compliance and safety requirements. You will serve as the primary contact between Google, the Project Management Consultancy, and Specialist Contractors, coordinating with stakeholders for all electrical field engineer efforts. You will oversee the appointed electrical installation activities and ensure that construction operations and performance are in compliance with project or corporate requirements, EHS, quality, and schedule requirements while maintaining relationships when interfacing with project stakeholders. You will identify the workload while managing specific discipline owner representatives to support the delivery of projects as per expectations. Responsibilities Define data center system level, product architecture, research and development, while helping to develop operations and maintenance procedures for systems/processes. Conduct engineering analysis and research designs and methods of data center equipment and facilities. Ensure designs and installations meet requirements (e.g., predicted cooling, structural, operational concerns, etc.). Provide technical leadership to the projects, support and optimize project design, scope, schedule, quality, commissioning, and safety for the electrical discipline, and offer feedback to the central partner teams on possible improvements. Contribute to the development of cross project, cross functional, and cross organizational procedures and ensure alignment of the Electrical Engineers' work with multiple teams and projects. Equal Opportunity Statement Google is a proud equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity or expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, in compliance with legal requirements, and any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire. Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is required for all roles unless stated otherwise.
Since being founded in 2018, Copper has been building the standard for institutional digital asset infrastructure with a focus on custody, collateral management, and prime services. Led by Amar Kuchinad, Copper's Global CEO, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology - the gold standard in secure custody. Copper's multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody. Built on top of this state-of-the-art custody, ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges, and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop is rapidly reshaping the way asset managers trade and manage capital. In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets. Department/Team Purpose Copper provides institutional digital asset custody, settlement, and collateral management services across a wide range of blockchains and integrated venues. Information Security protects the firm's platforms, client assets, and regulated entities across the group. Role Purpose The Principal Security Architect is the senior technical authority for security architecture at Copper. The role reports to the CISO and partners closely with Engineering. The holder sets architectural direction, reviews and approves designs for major change, and acts as the firm's reference point on the security of the systems, protocols, and integrations Copper depends on. The role is predominantly architecture and assurance, with limited hands on solution design in the cloud and integration space where reference patterns are needed. Key Responsibilities Architectural authority Hold formal security sign off authority for major changes to Copper's platforms, infrastructure, and integrations. Shape and maintain the security architecture patterns, principles, and reference designs that engineering teams build against. Provide the senior technical security position in architectural and business decisions, including escalations where security and delivery pressures conflict. Custody, signing, and cryptographic architecture Provide architectural security leadership over Copper's signing infrastructure, working alongside specialist engineering and cryptography teams. Scope covers the people, process, and operational design around MPC based signing. Solid conceptual grounding in threshold cryptography and signature schemes is required; cryptographer level work is not. Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations. Provide architectural assurance over chain of trust constructs adjacent to custody, including verifiable build pipelines, hardware backed code signing, and authenticator bound administrative paths. Multi chain and integration security Reason at architectural depth across the range of blockchains Copper supports, including EVM, UTXO, and account based non EVM families. This requires a working understanding of transaction construction, signing semantics, consensus assumptions, and validator and staking models across these environments, without being a protocol engineer in any of them. Assess third party smart contract architectures, implementations, and audit reports to a level sufficient to understand the exploit and risk surface, without performing line by line code review. Review first party integrations with partner networks, including those underpinning staking and similar on chain participation, and form a defensible security position on the operational and contract risk Copper inherits. Settlement, collateral, and off exchange architecture Provide architectural ownership of the security model for Copper's settlement, collateral mirroring, and off exchange product surfaces. Reason about the trust boundaries between Copper, venues, and clients, and ensure architectural controls match the obligations each side carries. Identity and access architecture Own identity and access architecture as a dedicated pillar of the role. Set patterns for workforce, workload, and third party identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators. Cloud and platform security Maintain working architectural fluency in both AWS and Azure, including network topology, segmentation, secrets handling, and platform telemetry. Produce reference patterns and, where needed, direct integration designs in the cloud and platform space. Third party and protocol risk Lead technical security review of vendors, integrated venues, and protocols, including challenge of assurances that do not stand up to scrutiny. Support client and counterparty due diligence on the technical content most likely to be misrepresented or under specified. Policy, regulatory, and assurance support Maintain a working understanding of the regulatory regimes applicable to Copper's licensed entities sufficient to translate architectural decisions into language Compliance and GRC can defend. Primary ownership of regulatory positioning sits elsewhere. Contribute to security policy, standards, and control framework development as the senior technical reviewer. Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome. Skills and Experience Essential Multi chain architectural literacy. Able to reason across EVM, UTXO, and non EVM account based chains at the level of transaction construction, signing, consensus, and validator models. Comfortable assessing third party smart contract designs, implementations, and audit reports for exploit and risk surface without performing code review. Custody and signing architecture. Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle. Able to design and challenge the operational architecture around signing, separation of duties, approval policy, key ceremony equivalents in MPC, and recovery, to a high standard. Settlement and collateral architecture. Demonstrable experience reasoning about settlement, collateral, and off exchange constructs, including trust boundaries between custodians, venues, and clients. Identity and access architecture. Senior level experience designing and governing identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Comfortable with entitlement governance and third party access design. Cloud security. Working architectural understanding of AWS and Azure, including the ability to produce reference patterns and limited direct integration designs. Architectural authority and judgement. Track record of holding sign off on significant designs, taking defensible positions under uncertainty, and owning residual risk. Change review and assurance. Comfortable reviewing the work of engineering peers, infrastructure changes, and vendor designs, and able to hold the line where it matters. Communication. Able to operate credibly with engineers, senior business stakeholders, auditors, and regulators in the same week, without losing precision at any of them. Desirable Familiarity with chain of trust constructs including verifiable builds, reproducible build pipelines, and hardware backed code signing. Awareness of the regulatory landscape relevant to digital asset custody and trading (for example FCA, FINMA, FSRA / ADGM, MiCA). Compliance familiarity across ISO 27001, SOC 2, and NIST CSF / , with the ability to map controls cleanly between them. Enterprise architecture grounding (TOGAF, SABSA) where it complements rather than replaces technical depth. Why Copper? At Copper, we keep innovation, openness, and curiosity at the centre of everything we do. Here, bold ideas get the spotlight, learning is constant, and diversity shapes our team from the ground up. Jump into a fast moving, dynamic team that loves a challenge and knows how to have fun along the way. Collaboration is just as important as results-you'll be surrounded by smart, driven colleagues in London and across our APAC, Switzerland, UAE, and US offices. Hybrid working model - we believe in the value of bringing people together and at the same time we embrace the adaptability of flexibly working. Diversity and inclusion matter to us - they're woven into Copper life. From employee led groups like Women at Copper to a committee focused on community and wellbeing, you'll have a network that supports you from day one. Everyone voice matters. If you're looking to ramp up your career . click apply for full job details
10/06/2026
Full time
Since being founded in 2018, Copper has been building the standard for institutional digital asset infrastructure with a focus on custody, collateral management, and prime services. Led by Amar Kuchinad, Copper's Global CEO, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology - the gold standard in secure custody. Copper's multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody. Built on top of this state-of-the-art custody, ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges, and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop is rapidly reshaping the way asset managers trade and manage capital. In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets. Department/Team Purpose Copper provides institutional digital asset custody, settlement, and collateral management services across a wide range of blockchains and integrated venues. Information Security protects the firm's platforms, client assets, and regulated entities across the group. Role Purpose The Principal Security Architect is the senior technical authority for security architecture at Copper. The role reports to the CISO and partners closely with Engineering. The holder sets architectural direction, reviews and approves designs for major change, and acts as the firm's reference point on the security of the systems, protocols, and integrations Copper depends on. The role is predominantly architecture and assurance, with limited hands on solution design in the cloud and integration space where reference patterns are needed. Key Responsibilities Architectural authority Hold formal security sign off authority for major changes to Copper's platforms, infrastructure, and integrations. Shape and maintain the security architecture patterns, principles, and reference designs that engineering teams build against. Provide the senior technical security position in architectural and business decisions, including escalations where security and delivery pressures conflict. Custody, signing, and cryptographic architecture Provide architectural security leadership over Copper's signing infrastructure, working alongside specialist engineering and cryptography teams. Scope covers the people, process, and operational design around MPC based signing. Solid conceptual grounding in threshold cryptography and signature schemes is required; cryptographer level work is not. Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations. Provide architectural assurance over chain of trust constructs adjacent to custody, including verifiable build pipelines, hardware backed code signing, and authenticator bound administrative paths. Multi chain and integration security Reason at architectural depth across the range of blockchains Copper supports, including EVM, UTXO, and account based non EVM families. This requires a working understanding of transaction construction, signing semantics, consensus assumptions, and validator and staking models across these environments, without being a protocol engineer in any of them. Assess third party smart contract architectures, implementations, and audit reports to a level sufficient to understand the exploit and risk surface, without performing line by line code review. Review first party integrations with partner networks, including those underpinning staking and similar on chain participation, and form a defensible security position on the operational and contract risk Copper inherits. Settlement, collateral, and off exchange architecture Provide architectural ownership of the security model for Copper's settlement, collateral mirroring, and off exchange product surfaces. Reason about the trust boundaries between Copper, venues, and clients, and ensure architectural controls match the obligations each side carries. Identity and access architecture Own identity and access architecture as a dedicated pillar of the role. Set patterns for workforce, workload, and third party identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators. Cloud and platform security Maintain working architectural fluency in both AWS and Azure, including network topology, segmentation, secrets handling, and platform telemetry. Produce reference patterns and, where needed, direct integration designs in the cloud and platform space. Third party and protocol risk Lead technical security review of vendors, integrated venues, and protocols, including challenge of assurances that do not stand up to scrutiny. Support client and counterparty due diligence on the technical content most likely to be misrepresented or under specified. Policy, regulatory, and assurance support Maintain a working understanding of the regulatory regimes applicable to Copper's licensed entities sufficient to translate architectural decisions into language Compliance and GRC can defend. Primary ownership of regulatory positioning sits elsewhere. Contribute to security policy, standards, and control framework development as the senior technical reviewer. Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome. Skills and Experience Essential Multi chain architectural literacy. Able to reason across EVM, UTXO, and non EVM account based chains at the level of transaction construction, signing, consensus, and validator models. Comfortable assessing third party smart contract designs, implementations, and audit reports for exploit and risk surface without performing code review. Custody and signing architecture. Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle. Able to design and challenge the operational architecture around signing, separation of duties, approval policy, key ceremony equivalents in MPC, and recovery, to a high standard. Settlement and collateral architecture. Demonstrable experience reasoning about settlement, collateral, and off exchange constructs, including trust boundaries between custodians, venues, and clients. Identity and access architecture. Senior level experience designing and governing identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Comfortable with entitlement governance and third party access design. Cloud security. Working architectural understanding of AWS and Azure, including the ability to produce reference patterns and limited direct integration designs. Architectural authority and judgement. Track record of holding sign off on significant designs, taking defensible positions under uncertainty, and owning residual risk. Change review and assurance. Comfortable reviewing the work of engineering peers, infrastructure changes, and vendor designs, and able to hold the line where it matters. Communication. Able to operate credibly with engineers, senior business stakeholders, auditors, and regulators in the same week, without losing precision at any of them. Desirable Familiarity with chain of trust constructs including verifiable builds, reproducible build pipelines, and hardware backed code signing. Awareness of the regulatory landscape relevant to digital asset custody and trading (for example FCA, FINMA, FSRA / ADGM, MiCA). Compliance familiarity across ISO 27001, SOC 2, and NIST CSF / , with the ability to map controls cleanly between them. Enterprise architecture grounding (TOGAF, SABSA) where it complements rather than replaces technical depth. Why Copper? At Copper, we keep innovation, openness, and curiosity at the centre of everything we do. Here, bold ideas get the spotlight, learning is constant, and diversity shapes our team from the ground up. Jump into a fast moving, dynamic team that loves a challenge and knows how to have fun along the way. Collaboration is just as important as results-you'll be surrounded by smart, driven colleagues in London and across our APAC, Switzerland, UAE, and US offices. Hybrid working model - we believe in the value of bringing people together and at the same time we embrace the adaptability of flexibly working. Diversity and inclusion matter to us - they're woven into Copper life. From employee led groups like Women at Copper to a committee focused on community and wellbeing, you'll have a network that supports you from day one. Everyone voice matters. If you're looking to ramp up your career . click apply for full job details
Ready to take the next step in your career? Join one of the world's leading IT services, consulting, and business solutions organization. Backed by decades of experience, the company consistently ranks among the top global IT service providers. With an international presence across multiple countries, the company has built a reputation for delivering high-quality technology services across industries including banking, healthcare, telecommunications, and retail. The consulting firm is looking for a Microsoft Entra ID Application Proxy Specialist on a 6-month full-time contract in London, supporting a large-scale enterprise security transformation programme within the travel and tourism sector. The role focuses on enabling secure remote access to business-critical applications through modern, identity-driven access solutions. If you would like to learn more about this opportunity, feel free to reach out and apply today! Responsibilities Implement and configure Microsoft Entra ID Application Proxy for secure remote access, onboarding web-based enterprise applications in line with defined architecture Configure and validate authentication integrations including SSO, pre authentication, Kerberos Constrained Delegation, MFA, and Conditional Access policies Align application access configuration with existing Active Directory group and OU structures, and validate group based access controls Perform end to end testing including SSO validation, group based access validation, and application connectivity testing, troubleshooting issues as they arise Support user rollout activities, ensure full documentation of configurations and onboarding steps, and deliver knowledge transfer to BAU operations Required Skills/Qualifications Strong hands on experience with Microsoft Entra ID Application Proxy, including enterprise application onboarding and integration Deep knowledge of authentication protocols, SAML, OAuth, OpenID Connect, Kerberos, and NTLM - with practical SSO and MFA implementation experience Experience implementing Conditional Access policies and identity driven access control models in hybrid identity environments Knowledge of Active Directory Domain Services, group based access control, and application connectivity requirements including DNS, ports, and protocols Proven experience working on enterprise application onboarding or transformation programmes, with strong documentation and cross team collaboration skills Contract Details Contract Type: Initial 6 month contract (Inside IR35) Location: 5x a week in London (Soho) Salary £525 per day Inside IR35
09/06/2026
Full time
Ready to take the next step in your career? Join one of the world's leading IT services, consulting, and business solutions organization. Backed by decades of experience, the company consistently ranks among the top global IT service providers. With an international presence across multiple countries, the company has built a reputation for delivering high-quality technology services across industries including banking, healthcare, telecommunications, and retail. The consulting firm is looking for a Microsoft Entra ID Application Proxy Specialist on a 6-month full-time contract in London, supporting a large-scale enterprise security transformation programme within the travel and tourism sector. The role focuses on enabling secure remote access to business-critical applications through modern, identity-driven access solutions. If you would like to learn more about this opportunity, feel free to reach out and apply today! Responsibilities Implement and configure Microsoft Entra ID Application Proxy for secure remote access, onboarding web-based enterprise applications in line with defined architecture Configure and validate authentication integrations including SSO, pre authentication, Kerberos Constrained Delegation, MFA, and Conditional Access policies Align application access configuration with existing Active Directory group and OU structures, and validate group based access controls Perform end to end testing including SSO validation, group based access validation, and application connectivity testing, troubleshooting issues as they arise Support user rollout activities, ensure full documentation of configurations and onboarding steps, and deliver knowledge transfer to BAU operations Required Skills/Qualifications Strong hands on experience with Microsoft Entra ID Application Proxy, including enterprise application onboarding and integration Deep knowledge of authentication protocols, SAML, OAuth, OpenID Connect, Kerberos, and NTLM - with practical SSO and MFA implementation experience Experience implementing Conditional Access policies and identity driven access control models in hybrid identity environments Knowledge of Active Directory Domain Services, group based access control, and application connectivity requirements including DNS, ports, and protocols Proven experience working on enterprise application onboarding or transformation programmes, with strong documentation and cross team collaboration skills Contract Details Contract Type: Initial 6 month contract (Inside IR35) Location: 5x a week in London (Soho) Salary £525 per day Inside IR35
