Cyber Security Engineer

The role:

You will be part of the firm's Cyber Security function, helping protect the confidentiality, integrity and availability of the firm's systems and client data.

This is a hands-on technical role focused on cyber security operations, detection, response and continuous improvement. You will support and improve the firm's security capability across cloud, endpoint, identity and data platforms, while contributing to secure solution design and practical security controls that align with firm standards.

The role requires current and practical understanding of modern threat vectors, including emerging risks associated with AI and agentic technologies. You will be expected to apply this knowledge to strengthen detection, response and control frameworks across the firm.

You will work closely with the Senior Cyber Security Manager and wider IT teams to support the design and implementation of cyber solutions across AG, helping ensure security is considered early in technical decisions, delivery approaches and platform change. You will also help operate and improve our security tooling, including Microsoft Sentinel and Security Copilot, and work with our outsourced Security Operations Centre (SOC) to support effective monitoring and response.

Working in the team:

You will join a collaborative and pragmatic team where security is treated as a shared responsibility.

• We work closely together, particularly during incidents and major investigations
• There is a balance of proactive security improvement and reactive response

• You will be expected to collaborate well, share knowledge and support others across the team

• The environment is fast-moving and sometimes ambiguous, so judgement matters

We aim to keep things straightforward, practical and outcome focused.

Inclusion and environment:

We want people to feel comfortable being themselves at work, and we celebrate diversity across the team.

Different perspectives, backgrounds and experiences genuinely improve security outcomes. We want to build a team that reflects this more strongly, including gender representation, and we value curiosity, practical thinking and the ability to challenge constructively.

You do not need to meet every technical requirement to apply — attitude, adaptability and how you approach problems are just as important.

What you'll be doing:

Security operations and incident response
Supporting investigation and response to security incidents, working closely with internal teams

Threat detection and engineering
Developing and refining detection logic within Microsoft Sentinel, improving visibility and response capability

AI and emerging threat landscape
Monitoring and assessing new threat vectors, including risks associated with AI and agentic technologies, and translating these into practical controls. In addition, the role will be responsible for designing, developing, and implementing AI‑driven tooling and automation to enhance threat detection, incident response, and security operations efficiency. This includes leveraging machine learning, generative AI, and data-driven techniques to augment analyst capability, improve decision-making, and proactively address emerging cyber risks.

Security tooling and optimisation
Driving effective use of Microsoft security tooling, including Sentinel and Security Copilot, ensuring capabilities are fully utilised

Security tooling and optimisation
Supporting effective use of Microsoft security tooling, including Sentinel and Security Copilot, and helping ensure capabilities are well understood and utilised

Key responsibilities:

• Supporting the operational security capability, including monitoring, detection and incident response
• Helping improve the firm's use of Microsoft Sentinel as the central SIEM platform
• Applying Security Copilot capabilities to enhance investigation, triage and analysis processes
• Working with the outsourced SOC and internal teams to support service quality, responsiveness and service improvement
• Supporting investigation of complex or high-severity incidents, escalating appropriately where needed
• Identifying and mitigating emerging threats, with a strong focus on AI-driven and automated attack methods
• Contributing to continuous improvement in detection engineering, response playbooks and automation
• Working closely with infrastructure, networking and data teams to ensure security is embedded in delivery
• Supporting the definition and design of cyber security solutions for AG, ensuring they are practical, proportionate and aligned with business and technology needs
• Supporting audit, compliance and client assurance requirements through strong operational evidence

Stakeholder management:

A key part of this role is working confidently with both technical and business stakeholders.

• Building strong relationships across IT, including core Infrastructure, Data, Architecture and Service Management
• Working with peers and other stakeholders to communicate risk in clear, practical terms
• Translating technical threats into business impact and recommended actions
• Challenging constructively to improve security outcomes and prioritisation
• Working closely with third-party partners and suppliers, particularly the SOC provider

Skills and experience:

We are looking for a strong technical cyber security professional with hands-on capability, sound judgement and a practical approach to problem solving.

Technical:

• Strong experience in cyber security operations, incident response or threat detection roles
• Proven experience working with Microsoft Sentinel (SIEM) in a production environment
• Good working knowledge of Microsoft Security Copilot or similar AI-assisted security tooling
• Experience managing or working closely with an outsourced SOC / MDR provider
• Strong understanding of modern threat vectors including:
• Ransomware
• Identity-based attacks
• Cloud misconfiguration
• AI-driven and automated attacks (including agentic tooling)
• Experience in cloud security, particularly across Azure environments
• Strong understanding of detection engineering, alert tuning and investigation workflows
• Experience developing and maintaining incident response processes and playbooks
• Good understanding of security frameworks, controls and governance

Experience:

• Experience working within a cyber security, security operations or incident response function
• Comfortable taking ownership of technical tasks and contributing as part of a wider team

• Experience supporting audits and client-driven security assurance requirements

Desired qualifications:

• Relevant cyber security qualifications are valued and required for the role.
• Examples might include Security+, SC-200, AZ-500, SSCP, CySA+ or similar industry-recognised certifications

Ways of working:

• Highly analytical, with a structured approach to problem solving
• Calm and effective under pressure, particularly during incidents
• Hands-on and willing to get into technical detail when needed
• Pragmatic — focused on outcomes rather than theory
• Strong communicator, able to simplify complex issues
• Able to produce clear, high-quality documentation when required, whether for incidents, processes, controls or stakeholder reporting
• Comfortable balancing operational delivery with longer-term improvement

Why this role:

• Opportunity to shape and evolve a modern cyber security capability
• Direct involvement in emerging areas such as AI and agentic threat landscapes
• Exposure to leading Microsoft security tooling, including Sentinel and Security Copilot
• A role with strong exposure across IT and the wider firm
• A genuine balance of technical depth and strategic impact