IT Specialist - Cyber Defence

As an IT Specialist in Cyber Defence, you will play a vital role in protecting the organisation’s infrastructure and services from evolving threats. Reporting to the IT Manager – Cyber Defence, you will deliver technical controls and processes across four specialist pillars: Pen Testing & System Hardening, Communication Security, Web Security, and Cloud Security. 

You will work collaboratively with IT, engineering, product, and security operations teams to implement secure-by-design principles, remediate vulnerabilities, and maintain compliance with regulatory and organisational standards. This role requires strong technical expertise, attention to detail, and a proactive approach to identifying and mitigating risks. 

We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will be supported and empowered to develop your skills, contribute to innovation, and help protect the organisation. 

Key Responsibilities 

• Plan and execute penetration tests and vulnerability assessments using recognised frameworks; analyse findings, prioritise remediation, and verify fixes through re-testing. 

• Apply secure configuration baselines (such as CIS Benchmarks) and assist with the development and maintenance of hardened build standards. 

• Support patching and vulnerability management processes to minimise exploit windows. 

• Implement and maintain advanced email, messaging, and collaboration security controls; enforce cryptographic standards and monitor for anomalies. 

• Perform application security testing, manage findings through remediation workflows, and support secure development practices. 

• Deploy and monitor cloud-native security controls across multi-cloud environments; assist with compliance enforcement, continuous control monitoring, and cloud incident response activities. 

• Maintain accurate records of vulnerabilities, remediation status, and compliance evidence; support audit preparation for Cyber Essentials, ISO certifications, and internal governance reviews. 

• Contribute to the development and update of security policies, standards, and operational procedures. 

• Work with SOC and IT teams to contain and remediate security incidents, providing technical input for root cause analysis and corrective actions. 

• Proactively identify opportunities to improve the organisation’s security posture and reduce risk. 

Personal Attributes 

• Demonstrates meticulous attention to detail in all aspects of security testing, configuration, and documentation. 

• Applies strong analytical thinking to interpret complex technical findings and prioritise effective remediation. 

• Collaborates effectively with colleagues across IT, engineering, and business teams, building positive working relationships. 

• Communicates clearly and confidently, adapting technical information for both technical and non-technical audiences. 

• Proactively identifies and acts on opportunities to strengthen the organisation’s security posture and reduce risk. 

• Maintains the highest standards of integrity, confidentiality, and professional conduct at all times. 

• Adapts positively to changing priorities and remains resilient under pressure. 

Key Performance Indicators 

• Timely closure of vulnerabilities within SLA. 

• Compliance with secure configuration baselines and patching standards. 

• Reduction in phishing success rates and web application risk scores. 

• Audit readiness and successful evidence submission. 

• Contribution to incident containment and post-incident improvements. 

Candidate Specification 

Essential 

• Demonstrable hands-on experience in penetration testing, vulnerability management, or security engineering within a complex enterprise environment. 

• Strong knowledge of secure configuration, cryptographic standards, and application security principles. 

• Practical experience with patch management, vulnerability scanning, and remediation processes. 

• Familiarity with cloud security concepts, multi-cloud environments, and compliance frameworks. 

• Experience supporting or preparing for security audits and maintaining compliance evidence. 

• Ability to interpret and apply security policies, standards, and regulatory requirements. 

• Strong problem-solving skills, with the ability to analyse technical issues and recommend effective solutions. 

• Excellent written and verbal communication skills, able to document findings and engage with both technical and non-technical stakeholders. 

• Proven ability to work independently and as part of a team, managing multiple priorities in a fast-paced environment. 

Desirable 

• Industry certifications such as OSCP, CompTIA Security+, CCSP, or equivalent. 

• Experience with security tools such as Tenable, Burp Suite, Microsoft Defender, Zscaler, ServiceNow, or similar. 

• Exposure to frameworks and standards such as OWASP ASVS, ISO 27001, NIST CSF. 

• Experience participating in incident response activities and post-incident reviews. 

• Awareness of automation and scripting for security operations.