Security Engineer in Manchester, England at Sterling Computers Corporation

Job Title: Senior Security Engineer (On-Premise Focus)

Reports To: Head of Engineering

Location: Manchester, UK

About the Role: We are seeking a highly experienced Senior Security Engineer to take ownership of security for our critical on-premise platform. This is a hands-on, technical leadership role where you will design, implement, harden, monitor, and continuously improve our security posture in a predominantly VMware-based on-prem environment. You will drive security strategy and execution, ensuring compliance, threat prevention, and rapid incident response, while collaborating with infrastructure, operations, and leadership teams.

This position requires a proactive, detail-oriented engineer comfortable working in a high-security, regulated environment. This is a full-time fixed term role, requiring 5 days per week on-site (no remote or hybrid options). There is occasional travel required within the UK (and potentially internationally) to support related sites, vendors, or projects.

Security Clearance Required: Secret Clearance at a minimum. Willing to attain Developed Vetting.

Key Responsibilities

• Lead the design, configuration, deployment, and ongoing management of security controls for on-premise infrastructure, with a strong emphasis on network and workload segmentation.
• Own and optimise VMware NSX (including Distributed Firewall policies and micro-segmentation) and VMware vDefend (Distributed Firewall, threat prevention, and lateral security features) to enforce zero-trust principles and prevent lateral threat movement.
• Manage, tune, and harden Palo Alto Networks next-generation firewalls (NGFW), including policy creation, Panorama management, App-ID/User-ID, NAT, VPN, threat prevention profiles, and integration with other security tools.
• Configure and maintain Cisco network security devices (e.g., routers, switches, ASA/FTD firewalls, ISE for NAC) to support secure network access and segmentation.
• Harden Windows Server environments and related Microsoft products (Active Directory, Group Policy, endpoint configurations) using security best practices and CIS Benchmarks.
• Champion DevSecOps practices by embedding security into CI/CD pipelines, automating security testing (e.g., vulnerability scanning, policy-as-code), collaborating with development and operations teams to shift security left, and ensuring secure software delivery without impeding velocity.
• Deploy, configure, and leverage Elastic Stack (Elasticsearch, Kibana, Beats, Logstash) and Elastic Security features for centralised logging, SIEM capabilities, threat detection, dashboards, alerting, and integration with on-prem security tools (e.g., feeding logs from NSX/vDefend, firewalls, and endpoints).
• Implement, audit, and remediate against CIS Benchmarks, STIGs, and other hardening standards across operating systems, network devices, virtualisation platforms, and applications.
• Perform vulnerability assessments, penetration testing support, risk assessments, and remediation planning for on-prem assets.
• Monitor security events, respond to incidents, conduct root cause analysis, and implement preventive measures.
• Drive security architecture decisions, contribute to policy development, and act as the primary technical security point of contact for the platform.
• Collaborate with vendors, auditors, and internal teams to ensure compliance with regulatory and organisational requirements.
• Mentor junior engineers and promote a security-first culture.

Required Qualifications & Experience

• 7+ years of hands-on experience in cybersecurity engineering, with at least 5 years focused on on-premise enterprise environments.
• Proven deep expertise in VMware NSX (micro-segmentation, DFW policies, integration) and VMware vDefend (Distributed Firewall, advanced threat prevention).
• Strong experience designing and managing Palo Alto Networks firewalls (NGFW, Panorama, threat prevention, GlobalProtect).
• Solid hands-on experience with Cisco security/networking technologies (ASA/FTD, ISE, secure routing/switching).
• Extensive experience securing Windows environments (Server, Active Directory, Group Policy Objects, endpoint hardening).
• In-depth knowledge of CIS Benchmarks and their practical application to harden systems and networks.
• Strong understanding of zero-trust principles, network segmentation, firewall policy optimisation, identity and access management (IAM), and encryption.
• Experience with vulnerability management, SIEM integration, logging, and incident response in on-prem setups.
• Familiarity with TCP/IP networking fundamentals, the OSI model, routing protocols (BGP/OSPF), VPN technologies, and secure architecture design.
• Practical experience implementing DevSecOps principles, including integrating security tools and controls into CI/CD pipelines, automating security checks, and collaborating across dev, sec, and ops teams.
• Hands-on experience with the Elastic Stack (Elasticsearch, Kibana) and Elastic Security (SIEM, threat hunting, endpoint integration, dashboards/alerting) in on-premise deployments for log management, security analytics, and incident response.
• Security Clearance: Must have UK government security clearance, minimum SC, with the requirement to go through DV.
• Right to work in the UK and ability to pass background checks.

Desirable Skills & Certifications

• Relevant certifications such as:
  • VMware Certified Professional – Network Virtualisation (VCP-NV) or Security
  • Palo Alto Networks Certified Network Security Engineer (PCNSE)
  • Cisco Certified Network Professional Security (CCNP Security) or CCIE Security
  • Certified Information Systems Security Professional (CISSP)
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals (or equivalent)
• Experience with endpoint detection and response (EDR), SIEM tools, IDS/IPS, or threat intelligence platforms.
• Knowledge of Linux hardening, container security, or hybrid environments (though focus remains on-prem).
• Experience in regulated sectors (e.g., government, finance, critical national infrastructure).

Sterling Computers Corporation (“Sterling”) is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to age, race, color, creed, religion, disability, medical condition, economic status or status with regard to public assistance, citizenship status, national or social or ethnic origin, past or present membership in the uniformed services, protected veteran status, sex, pregnancy, marital or civil union or domestic partnership status, family or parental status, sexual orientation, gender expression or identity, family medical history or genetic information, HIV status, political belief, or any other status or characteristic protected by applicable law.