Azure Security Engineer

Azure Security Engineer

Posted Today by Xpertise Recruitment

Apply
Negotiable
Inside
Hybrid
Birmingham, England, United Kingdom
Apply
Automation Azure Command-Line Interface (Azure CLI) Azure Security Balancing (Ledger/Billing) Cloud Computing Cloud Technology Cyber Incident Response Identity And Access Management Management Microsoft 365 Microsoft Azure Multi-Cloud Multi-Factor Authentication Network Security Phishing Role-Based Access Control (RBAC) Security Recommendations Stakeholder Management Threat Detection Usability Workflows

Summary: The Azure Security Engineer role in Birmingham focuses on designing, implementing, and enhancing security controls within Microsoft Azure, emphasizing Microsoft Entra ID and security best practices. The position requires hands-on involvement and collaboration with various teams to improve security maturity while balancing risk and usability. The role also involves managing network security components and providing operational support for email security solutions. This is a 6-month contract with the possibility of extension, classified as inside IR35.

Key Responsibilities:

  • Design, implement, and maintain security controls across Microsoft Azure, focusing on Microsoft Entra ID.
  • Lead improvements against Microsoft Secure Score, translating recommendations into practical actions.
  • Implement and manage Conditional Access policies, Privileged Identity Management, identity protection, and RBAC.
  • Drive Secure Score improvement activities across Entra ID, Defender, and core Azure services.
  • Configure, manage, and troubleshoot Fortinet firewalls and Barracuda load balancers.
  • Provide operational support for Mimecast, including policy configuration and threat detection.
  • Embed security into day-to-day platform operations and provide guidance to stakeholders.
  • Support incident response and investigation activities related to identity, cloud, or perimeter security.

Key Skills:

  • Strong hands-on experience securing Microsoft Azure environments.
  • Deep practical knowledge of Microsoft Entra ID, including Conditional Access, PIM, and RBAC.
  • Experience delivering Microsoft Secure Score improvements.
  • Working experience with Fortinet firewalls and Barracuda load balancers.
  • Practical knowledge of Mimecast administration and email security controls.
  • Understanding of modern identity-centric security models.
  • Ability to translate security recommendations into pragmatic actions.

Salary (Rate): undetermined

City: Birmingham

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Azure Security Engineer Birmingham (1 days per week in the office) 6 Months plus likely extension (Inside IR35) Role Overview We are looking for an experienced Azure Security Engineer to help design, implement, and continuously improve security controls across our Microsoft Azure estate. This role is hands-on and delivery-focused, with a strong emphasis on Microsoft Entra ID, Microsoft Secure Score improvements, and the practical application of security best practice across identity, access, and platform services. You will work closely with infrastructure, cloud, and information security colleagues to uplift security maturity in a pragmatic way, balancing risk, usability, and operational reality rather than pursuing security theatre. In addition to Microsoft technologies, the role requires working knowledge of Fortinet firewalls, Barracuda load balancers, and Mimecast, supporting a hybrid and multi-layered security architecture.

Key Responsibilities

  • Azure & Identity Security
  • Design, implement, and maintain security controls across Microsoft Azure, with a primary focus on Microsoft Entra ID.
  • Lead and deliver improvements against Microsoft Secure Score, translating recommendations into practical, prioritised actions rather than blindly chasing percentages.
  • Implement and manage: Conditional Access policies (including Named Locations, device state, MFA enforcement, and risk-based access) Privileged Identity Management (PIM) Identity protection and sign-in risk policies Role-based access control (RBAC) and least-privilege access models
  • Support secure onboarding of users, devices, and applications into Entra ID, including hybrid identity scenarios where applicable.
  • Secure Score & Security Posture Improvement
  • Own and drive Secure Score improvement activities across Entra ID, Defender, and core Azure services.
  • Assess recommendations critically, understanding what materially reduces risk versus what is cosmetic or low value.
  • Work with stakeholders to plan, implement, and evidence security improvements in a controlled and auditable manner.
  • Track progress, identify blockers, and provide clear reporting on posture improvements and residual risk.
  • Network & Perimeter Security
  • Configure, manage, and troubleshoot Fortinet firewalls, including policy design, rule optimisation, and secure connectivity.
  • Work with Barracuda load balancers, ensuring secure configuration, certificate management, and appropriate exposure of services.
  • Support secure network design across Azure and on-prem or hosted environments, including segmentation and controlled ingress/egress.
  • Email & Collaboration Security
  • Provide operational support and security oversight for Mimecast, including: Policy configuration and tuning Threat detection and response User-reported phishing workflows Integration with Microsoft 365 security tooling Assist with improving email security posture without creating unnecessary friction for users.
  • Collaboration & Continuous Improvement
  • Work closely with cloud, infrastructure, and security teams to embed security into day-to-day platform operations.
  • Provide clear, practical security guidance to technical and non-technical stakeholders.
  • Contribute to security standards, patterns, and documentation relevant to Azure and hybrid environments.
  • Support incident response and investigation activities where identity, cloud, or perimeter security is involved.

Essential Skills & Experience

  • Strong hands-on experience securing Microsoft Azure environments.
  • Deep practical knowledge of Microsoft Entra ID, including Conditional Access, PIM, RBAC, and identity protection.
  • Demonstrable experience delivering Microsoft Secure Score improvements in real environments.
  • Working experience with Fortinet firewalls in production environments.
  • Working experience with Barracuda load balancers.
  • Practical knowledge of Mimecast administration and email security controls.
  • Strong understanding of modern identity-centric security models (Zero Trust principles, least privilege, MFA-first approaches).
  • Ability to translate security recommendations into pragmatic, deliverable actions.

Desirable Skills

  • Experience with Microsoft Defender for Cloud, Defender for Identity, or Defender for Endpoint.
  • Familiarity with Sentinel or other SIEM/SOAR platforms.
  • Experience operating in regulated or compliance-driven environments (e.g. ISO 27001, NIST, CIS Controls).
  • Scripting or automation experience (PowerShell, Azure CLI, or similar).
  • Experience working in hybrid or multi-cloud environments.

Personal Attributes

  • Pragmatic and risk-aware, rather than dogmatic.
  • Comfortable working hands-on in live environments.
  • Able to challenge recommendations when they don’t make sense in context.
  • Clear communicator who can explain security decisions without jargon.
  • Takes ownership and sees work through to completion.
Apply
Similar Jobs
Loading data...