Information Security Engineer

Information Security Engineer

Department: IT Operations

Employment Type: Permanent - Full Time

Location: Birmingham

Description

Title: Information Security Engineer
Discipline: IT
Location: Birmingham (With Hybrid Working)

Why RLB?At RLB, we live by four simple ideas: Truth, Trust, Together, Tomorrow. Four values that live at the heart of RLB. A place where People Make Progress.

We value your skills, talents and unique perspectives - we think they are priceless.

Bring them to RLB and you'll be empowered to shape our future and your career in new and meaningful ways.

We'll give you opportunities to work on some of the most ambitious and exciting projects currently being designed and developed in the built environment sector.

You'll continue to learn and advance as everyone who works for us is provided with a tailored training programme. Our mentoring and reverse mentoring schemes will enable you to share your expertise while gaining fresh insights.

What makes RLB unique is our inclusive culture. As an independent, employee-owned business, teamwork and collaboration lies at the heart of everything we do. Hybrid and flexible working arrangements and family-friendly policies are just some of the ways we invest in employee wellbeing.

Join us and you will thrive personally as well as professionally.

Role Overview

The Information Security Engineer will work closely with the Head of Security and Infrastructure, as well as the wider IT and Governance teams, to ensure the ongoing protection of RLB's IT environments.

This is a critical role responsible for protecting infrastructure, cloud, software, and data against unauthorised use, modification, exfiltration, or damage. This role identifies threats, manages projects and engineers solutions.

An ideal candidate for this role is dedicated to learning new things, security-minded, strong initiative, and able to manage projects autonomously across diverse topics.

Role Responsibilities:

Security Operations & Monitoring

• Management of day-to-day security operations and act as the primary contact for the third-party SOC.
• Analyse and interpret logs, alerts, and threat data to identify potential security incidents.
• Ensure security alerts and incidents are managed and remediated.
• Ensure security tooling is correctly configured, operational, and fully utilised.
• Threat Detection, Incident Response & Vulnerability Management.
• Support or lead security incident investigations, including root cause analysis and remediation.
• Conduct vulnerability assessments and maturity scans, ensuring risks are clearly communicated and mitigated.
• Oversee third party penetration tests, manage remediation plans, and maintain strong vendor relationships.

• Work with Microsoft security technologies such as Microsoft Purview, Defender, M365, Entra ID, and Azure security tools, email security solutions and endpoint protection solutions.
• Oversee configuration changes, ensure tools are effectively integrated, and monitor identity and access management to detect potential misuse of credentials or privileges.
• Apply technical expertise to support improvements to security configuration, identity management, and endpoint security.
• Support internal teams when changes to systems may impact SOC monitoring or defensive controls.

• Help ensure alignment with standards such as Cyber Essentials Plus, NIST 800-171, ISO 27001, and UK GDPR.
• Carry out security audits and respond to DSAR requests
• Assist with internal/external audits and maintain documentation to demonstrate compliance with RLB's security requirements.
• Assist with the completion of supply-chain risk assessments
• Provide support for the secure onboarding of software, ensuring adherence to data security protocols, software development best practices, and all relevant requirements.

• Develop and support awareness initiatives, phishing simulations, and internal training.
• Stay ahead of new threats and emerging technologies, recommending ongoing improvements.
• Promote best practice security behaviours.

• Certifications such as CEH, CISSP, Security+
• Relevant Microsoft certifications (SC-900, SC-200, AZ-140)
• Ability to obtain Security Clearance (essential)

• Extensive experience configuring and managing M365, Microsoft Purview, Defender, and the broader Microsoft cloud security ecosystems.
• Experience working with information classification systems and Data Loss Prevention techniques.
• Experience working with or managing third party SOC, SIEM, and security vendors
• Background in overseeing penetration tests and coordination of remediation activities
• Solid understanding of incident response, vulnerability management, and general cyber defence principles
• Demonstrable experience in NIST 800-171 & ISO 27001-compliant environments

• Excellent interpersonal skills with the ability to influence peers and seniors on matters concerning protective security.
• Excellent organisational skills with the ability to prioritise workload and deliver to tight time scales.
• Possesses a professional and confident manner and maintains confidentiality at all times.
• A highly motivated and driven individual who adopts a flexible and adaptable approach.

• Exposure to secure software development and implementation practises.