Azure Security Engineer

• 12/01/26
• West Midlands, Birmingham
• £450 - 475 per day + Inside IR35
• Contract
• Cyber Security and InfoSec
• Full time

Azure Security Engineer

Birmingham (1 days per week in the office)

6 Months plus likely extension (Inside IR35)

Role Overview

We are looking for an experienced Azure Security Engineer to help design, implement, and continuously improve security controls across our Microsoft Azure estate. This role is hands-on and delivery-focused, with a strong emphasis on Microsoft Entra ID, Microsoft Secure Score improvements, and the practical application of security best practice across identity, access, and platform services.

You will work closely with infrastructure, cloud, and information security colleagues to uplift security maturity in a pragmatic way, balancing risk, usability, and operational reality rather than pursuing security theatre.

In addition to Microsoft technologies, the role requires working knowledge of Fortinet firewalls, Barracuda load balancers, and Mimecast, supporting a hybrid and multi-layered security architecture.

Key Responsibilities

Azure & Identity Security

• Design, implement, and maintain security controls across Microsoft Azure, with a primary focus on Microsoft Entra ID.
• Lead and deliver improvements against Microsoft Secure Score, translating recommendations into practical, prioritised actions rather than blindly chasing percentages.
• Implement and manage:
• Conditional Access policies (including Named Locations, device state, MFA enforcement, and risk-based access)
• Privileged Identity Management (PIM)
• Identity protection and sign-in risk policies
• Role-based access control (RBAC) and least-privilege access models
• Support secure onboarding of users, devices, and applications into Entra ID, including hybrid identity scenarios where applicable.

Secure Score & Security Posture Improvement

• Own and drive Secure Score improvement activities across Entra ID, Defender, and core Azure services.
• Assess recommendations critically, understanding what materially reduces risk versus what is cosmetic or low value.
• Work with stakeholders to plan, implement, and evidence security improvements in a controlled and auditable manner.
• Track progress, identify blockers, and provide clear reporting on posture improvements and residual risk.

Network & Perimeter Security

• Configure, manage, and troubleshoot Fortinet firewalls, including policy design, rule optimisation, and secure connectivity.
• Work with Barracuda load balancers, ensuring secure configuration, certificate management, and appropriate exposure of services.
• Support secure network design across Azure and on-prem or hosted environments, including segmentation and controlled ingress/egress.

Email & Collaboration Security

• Provide operational support and security oversight for Mimecast, including:
• Policy configuration and tuning
• Threat detection and response
• User-reported phishing workflows
• Integration with Microsoft 365 security tooling
• Assist with improving email security posture without creating unnecessary friction for users.

Collaboration & Continuous Improvement

• Work closely with cloud, infrastructure, and security teams to embed security into day-to-day platform operations.
• Provide clear, practical security guidance to technical and non-technical stakeholders.
• Contribute to security standards, patterns, and documentation relevant to Azure and hybrid environments.
• Support incident response and investigation activities where identity, cloud, or perimeter security is involved.

Essential Skills & Experience

• Strong hands-on experience securing Microsoft Azure environments.
• Deep practical knowledge of Microsoft Entra ID, including Conditional Access, PIM, RBAC, and identity protection.
• Demonstrable experience delivering Microsoft Secure Score improvements in real environments.
• Working experience with Fortinet firewalls in production environments.
• Working experience with Barracuda load balancers.
• Practical knowledge of Mimecast administration and email security controls.
• Strong understanding of modern identity-centric security models (Zero Trust principles, least privilege, MFA-first approaches).
• Ability to translate security recommendations into pragmatic, deliverable actions.

Desirable Skills

• Experience with Microsoft Defender for Cloud, Defender for Identity, or Defender for Endpoint.
• Familiarity with Sentinel or other SIEM/SOAR platforms.
• Experience operating in regulated or compliance-driven environments (e.g. ISO 27001, NIST, CIS Controls).
• Scripting or automation experience (PowerShell, Azure CLI, or similar).
• Experience working in hybrid or multi-cloud environments.

Personal Attributes

• Pragmatic and risk-aware, rather than dogmatic.
• Comfortable working hands-on in live environments.
• Able to challenge recommendations when they don't make sense in context.
• Clear communicator who can explain security decisions without jargon.
• Takes ownership and sees work through to completion.