Title: Security Platform Engineering Manager
Reference No: 2159
Company: FTSE 100
Reports to Deputy Group CISO
Location: London
Working Pattern 37.5 hours per week, Monday – Friday. Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place).
Salary: £84,000 - £100,000
Benefits Car allowance, Bupa, Matched pension contributions.
The Role
Group Cyber Security Overview
The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus.
It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on.
A central challenge in a federated Group is translation: the work of turning Group-level standards, strategy, and expertise into something that actually lands and works inside each division’s unique context. That is precisely the purpose of the Cyber Advisory Services function. It bridges Group Cyber Security and the divisions – providing the technical advice, subject-matter expertise, specialist project support, and flexible consulting resource that enables divisions to understand, adopt, implement, leverage and operationalise the Group cyber standard.
Role Summary
Reporting to the Deputy Group CISO, the Security Platform Engineering Manager is the technical owner and custodian of the Group’s security tooling portfolio. Where the Cyber Architecture function sets the direction and standards for how security should be built, this role is responsible for what happens next: ensuring that the security platforms we operate are configured correctly, exploited fully, evolving continuously, and delivering genuine security outcomes and return on investment.
The role demands a particular mindset: a genuine passion for the tools under its care. The ideal person does not treat security products as black boxes to be deployed and forgotten – they are curious, hands-on, and proactive. They understand the full capability of each platform, stay ahead of vendor roadmaps, identify where a product’s untapped potential can solve a real problem, and build the relationships with vendors needed to get the most from every licence. The platforms in scope include Microsoft Defender (across the M365 Defender suite), Zscaler, Qualys, Abnormal Security, and Axonius, alongside other centrally managed security technologies as the portfolio evolves.
The Security Platform Engineering Manager works in close partnership with the Security Operations Centre and operations teams – ensuring platforms are tuned to support effective detection and response – with the Cyber Architecture Manager to align platform development to the architectural roadmap, and with the Group CTO function to ensure that security platform plans are integrated into the broader technology strategy. The role leads a small, focused team of permanent engineers and flexible resources, deploying expertise precisely where it is needed.
Role Responsibilities / Accountabilities
Security Platform Ownership & Technical Stewardship
• Act as the technical product owner for each platform in the GCS security tooling portfolio – including Microsoft Defender (M365 Defender suite), Zscaler, Qualys, Abnormal Security, and Axonius – taking personal accountability for their health, configuration, and ongoing development.
• Maintain deep, current, and expert-level technical knowledge of each platform under management: understand not just what each product does today, but what it is capable of, what is coming in the vendor roadmap, and what problems it could solve, that it is not yet being used to address.
• Ensure that each platform is configured to its optimal state for our environment: policies are correctly defined and enforced, licensable features that deliver security value are enabled and exploited, and no significant capability is left unused without a deliberate and documented reason.
• Proactively identify opportunities where a platform’s existing or emerging capability can be matched to a specific business or security problem – thinking creatively about novel applications of the tools already in the estate before new expenditure is considered.
• Technical Configuration, Policy & Security Standards Alignment
• Own and maintain the technical configuration baselines for all platforms in scope, ensuring configurations are documented, version-controlled, change-managed, and auditable; define platform-level policy configurations that translate Group cyber technical standards into enforceable product settings.
• Work closely with the Cyber Architecture Manager to ensure that platform configurations are consistent with the Group’s cyber enterprise architecture, reference patterns, and technical standards; flag and resolve any divergence between as-built and as-designed states.
• Provide expert technical advice to divisional IT and security teams on the configuration and deployment of centrally managed security platforms within their environments, ensuring local implementations meet Group standards while accommodating legitimate divisional requirements.
Platform Roadmap Development & Lifecycle Management
• Develop and own a rolling platform development roadmap for each product in the portfolio; plan the evolution of each platform in line with the Group’s cyber strategy, the vendor’s product roadmap, and emerging operational requirements from the SOC and business.
• Lead platform replacement or consolidation assessments when a product is approaching end of life, failing to meet evolving requirements, or where a better-fit alternative exists; work with the Cyber Architecture Manager to develop the business case and transition plan.
• Ensure that platform roadmaps are aligned and integrated with the Group CTO technology strategy and the GCS architecture roadmap; surface dependencies, conflicts, and opportunities early through structured engagement with both functions.
• Maintain a clear view of licence entitlements across all platforms; ensure the Group are consuming the features it is paying for, identify capability gaps and overlaps, and provide well-evidenced recommendations on licence optimisation and renewal decisions.
Vendor Engagement, Partnership & Return on Investment
• Build and maintain strong, productive working relationships with the technical and commercial teams at each strategic vendor; position the Group as an engaged, informed customer that vendors want to invest in – gaining early access to roadmap briefings, beta features, escalation paths, and best-practice guidance.
• Ensure the organisation extracts maximum value from every security platform investment; track and evidence return on investment, measuring security outcomes – not just uptime or feature counts – and presenting findings clearly to the Deputy CISO and senior stakeholders.
• Work with vendors to address product gaps and deficiencies; escalate issues effectively, influence vendor product direction through formal feedback channels where appropriate, and ensure support and professional services engagements deliver value.
• Provide commercially aware input to contract renewals, procurement decisions, and licence negotiations, drawing on operational evidence and an objective assessment of each platform’s value.
SOC, Operations & Stakeholder Alignment
• Work hand-in-glove with the SOC and security operations teams, ensuring that platforms are tuned and configured to support effective detection, investigation, and response; act as the primary technical escalation point for platform-related operational issues that affect SOC effectiveness.
• Participate actively in the platform and tooling prioritisation process alongside the SOC, operations, architecture, and GCS leadership teams; ensure that engineering effort is directed at the changes that will most improve the security posture and operational effectiveness.
• Maintain a structured engagement with the Group CTO function to ensure that security platform development plans are visible, understood, and integrated into the broader IT technology strategy and infrastructure roadmap; proactively surface platform interdependencies that span security and non-security technology.
• Collaborate with the Cyber Architecture Manager to ensure that platform engineering activity is grounded in and consistent with the Group’s cyber enterprise architecture; participate in design authority processes and provide engineering-level input to architectural decisions.
Team Leadership & Resourcing
• Lead, develop, and motivate a small, focused team of permanent security platform engineers and flexible resources drawn from the GCS resourcing desk; set clear expectations, foster a culture of technical excellence, and ensure each team member is growing their skills alongside the platforms they support.
• Manage the deployment of engineering resource across the platform portfolio and project demand pipeline; prioritise workload intelligently, balance BAU platform health against transformation delivery, and deploy flexible resource where it adds most value.
• Ensure that platform knowledge is not siloed in individuals; promote documentation, runbooks, and knowledge-sharing practices that make the team’s expertise resilient and accessible, and reduce dependency on key persons.
• Transformation, Continuous Improvement & Innovation
• Lead the engineering delivery component of the GCS transformation programme for platforms in scope; plan and execute platform deployments, upgrades, and capability enhancements with minimal disruption to the business and to SOC operations.
• Champion a continuous improvement ethos within the team: regularly review platform configurations and performance against security outcomes, identify what is not working, and drive incremental improvement as a matter of routine rather than exception.
• Stay current with developments in the security platform and product engineering landscape; bring relevant innovation and new thinking to the Deputy CISO and wider GCS leadership team in a structured, evidence-based way.
Experience, Knowledge, Skills & Attributes - Essential
Experience
• 8+ years in cyber security, with significant hands-on experience in security platform engineering, security operations technology, or a comparable technical security role.
• Demonstrable, deep technical expertise in at least two of the platform portfolio – Microsoft Defender / M365 Defender suite, Zscaler, Qualys, Abnormal Security, or Axonius – including practical configuration, policy management, and operational tuning experience.
• Experience as a platform or product owner for a security technology at enterprise scale, including managing configuration baselines, licence entitlements, vendor relationships, and a forward-looking development roadmap.
• Experience working in close operational partnership with a SOC or security operations function, with a clear understanding of how platform configuration directly affects detection quality, alert fidelity, and analyst effectiveness.
• Experience managing or leading a small technical team, including line management of permanent staff and direction of contractor or flexible resources.
• Experience managing vendor relationships for strategic security products, including participation in technical account reviews, escalation of product issues, and commercial input to renewal decisions.
Knowledge & Skills
• Genuine technical curiosity and product passion: the ability and instinct to go beyond surface-level familiarity with a platform, understand its full capability depth, and think creatively about how its features can be applied to novel business or security problems.
• Strong working knowledge of the Microsoft security stack, including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, Sentinel integration patterns, and M365 security policy configuration.
• Understanding of security platform integration patterns – including API connectivity, SIEM/SOAR data feeds, and automation workflows – and the ability to design and implement integrations that improve operational efficiency and detection capability.
• Ability to communicate technical platform status, recommendations, and roadmap plans clearly to both technical peers and non-technical senior stakeholders; able to make the case for investment or change with evidence rather than opinion.
• Commercially aware; understands the relationship between licence terms, feature availability, and security outcomes, and can engage constructively and knowledgeably in commercial conversations with vendors and procurement teams.
Qualifications
• Degree-level education in computer science, information security, or a related technical discipline; or equivalent professional experience.
• Relevant professional certification: CISSP, CISM, CompTIA Security+, or a vendor-specific advanced certification in one or more of the platforms in scope (e.g. Microsoft SC-200, SC-300, Zscaler ZCCA-IA/ZCCA-PA, or equivalent).
Experience, Knowledge, Skills & Attributes - Desirable
Experience
• Experience in a large FMCG, food and beverage, retail, or FTSE-listed manufacturing organisation, with an appreciation of the breadth and complexity of securing a highly federated, multi-divisional estate.
• Experience managing the full platform lifecycle from procurement through deployment, steady-state operation, and planned replacement or consolidation for an enterprise security product.
• Prior experience as a technical lead or engineering manager within a managed SOC or MSSP environment, giving strong insight into how platform configuration decisions affect managed detection and response quality.
• Experience participating in formal M365 E5 or enterprise security platform deployment programmes, including migration from legacy tooling and consolidation of overlapping capability.
• Hands-on experience with security automation and orchestration: scripting (PowerShell, Python), API integrations between security platforms, or SOAR playbook development.
Knowledge & Skills
• Familiarity with OT/ICS security monitoring tooling (e.g. Claroty) and an understanding of the particular challenges of extending enterprise security platform coverage into operational technology environments.
• Understanding of CAASM (Cyber Asset Attack Surface Management) platforms such as Axonius and how they can be used to drive continuous controls visibility and improve the accuracy of the asset inventory underpinning security operations.
• Understanding of identity security concepts – including Entra ID, conditional access policy design, privileged identity management, and their interaction with Defender and Zscaler configurations.
• Awareness of the broader security technology estate – including DMARC Advisor and Fortinet – and the ability to consider platform engineering decisions in the context of the wider tool ecosystem rather than in isolation.
Qualifications
• Advanced vendor certifications across multiple platforms in the portfolio (e.g. Microsoft SC-100, Zscaler ZCCP, Qualys certifications, or equivalent).
• Membership of a recognised professional body (CIISec, BCS, ISACA, (ISC)²) is welcome.