Senior Information Security Engineer at Galliford Try in Leicester, England, United Kingdom | Kablio

Role

Description

azure administration

incident response

vulnerability assessment

security operations

policy development

security awareness

Support compliance with relevant frameworks and regulations, including Cyber Essentials, ISO 27001, UK GDPR, and NIST best practices. Assist in internal and external audits, ensuring evidence and documentation are maintained to demonstrate ongoing compliance and continuous improvement.

Lead or support security incident investigations to determine the scope, root cause, and business impact of events such as breaches or cyberattacks. Coordinate containment and remediation activities with internal and external stakeholders. Maintain thorough incident documentation, produce post-incident reports, and communicate findings and trends to management.

This role reports into and supports the Head of Information Security & Compliance, driving the operational execution of the security programme while mentoring others and managing third-party providers. This role is pivotal in safeguarding our organisation’s digital assets, infrastructure, and sensitive data against evolving cyber threats. You will assist technical security initiatives, support compliance efforts, and collaborate across departments to embed security into our operations and development lifecycle.

Administer and optimise key security technologies, including Microsoft Azure, Entra ID, Microsoft 365, Microsoft Defender stack, email security solutions and endpoint protection solutions (AV/EDR). Oversee configuration changes, ensure tools are effectively integrated, and monitor identity and access management to detect potential misuse of credentials or privileges.

Stay informed on emerging threats, vulnerabilities, and security trends. Proactively recommend enhancements to tools, processes, and controls to strengthen the organisation’s overall security posture. Maintain your own professional knowledge through ongoing learning and certification.

Assess the organisation’s overall security posture by identifying vulnerabilities and evaluating potential risks. Conduct regular security assessments, vulnerability and maturity scans, and reporting to highlight weaknesses that could be exploited. Evaluate the impact of emerging and zero-day threats, advising on mitigation and remediation strategies.

Take ownership of daily security operations, working closely with the outsourced SOC / SIEM provider to monitor networks, systems, and applications for indicators of compromise or malicious activity.

Contribute to the development, review, and implementation of security policies, standards, and procedures. Collaborate with business units to ensure alignment with organisational and regulatory security requirements.

Promote a strong security culture by supporting the delivery of awareness campaigns and training programmes. Design and execute phishing simulations and other cyber-security exercises, and assist with the creation and maintenance of training materials to improve staff understanding of information security best practices.

Contribute to day-to-day operational tasks such as reviewing quarantined emails, mentoring junior team members, handling escalated security tickets, attending meetings, and supporting or leading assigned projects.

Requirements

iso27001

pen testing

incident response

m365

5+ years

sc clearance

ISO / IEC 27001 Auditing experience (highly desirable)

Excellent documentation, communication, and stakeholder engagement skills.

Adaptable, proactive, and able to manage changing priorities in a fast-paced environment.

Experience planning or coordinating penetration testing and managing remediation activities.

Minimum 5 years’ experience in information security or related technical roles.

Security Awareness and Training

Strong understanding of Microsoft 365, Azure, and related cloud security controls (AWS/GCP exposure advantageous).

Hands-on experience with incident response, vulnerability management, and risk assessment.

Knowledge of UK data protection regulations (UK GDPR, DPA 2018).

Experience in regulated industries (e.g., finance, healthcare, government).

Proven track record managing or collaborating with outsourced SOC and SIEM providers.

Security Tools and Technology Management

This role requires the successful candidate to undergo and obtain BPSS and SC Clearance as a condition of employment.

Applicants must be based in the UK and have the legal right to work in the UK at the time of application

Galliford Try are seeking a highly skilled and experienced Senior Information Security Engineer to join our cyber security team. The role will provide hands-on technical expertise in the management of information security operations, ensuring the organisation’s security posture is maintained and aligned with strategic objectives.

Skilled in maintaining and supporting an ISMS aligned to ISO 27001 and Cyber Essentials.

Benefits

Pension scheme and private healthcare.

Positive learning and growing environment

Generous holiday allowance.

Training and certification support.

Competitive salary and performance-based bonuses.

Professional development and education

Flexible working arrangements.

Health and wellbeing programs

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

candidate must obtain bpss and sc clearance as a condition of employment.

Company

Overview

£3.7 billion+

Order Book Value

After selling its housing arm in January 2020, the company rebuilt a significant order book, reflecting its strategic focus and growth.

£1.77 billion

Annual Revenue 2024

The company delivered £1.77 billion in revenue, showcasing its operational strength and market presence.

a national construction powerhouse with a history tracing back to two century‑old local builders.
now focusing on Building, Infrastructure (including Highways and Environment), and Specialist Services, delivering projects such as schools, hospitals, water barriers, and road networks.
expanded through strategic acquisitions—Morrison Construction in 2006, Miller Construction in 2014, and water and specialist services firms since 2021—to broaden its technical capabilities.
delivers projects in sectors like education, health, defence, justice facilities, major highways, water treatment infrastructure, fire‑safety upgrades, and digital infrastructure.
retains dual brands—Galliford Try in England & Wales and Morrison Construction in Scotland—to maintain regional strength.
has shown strong growth, recovering from COVID, reinstating dividends in 2021, and aiming to exceed £2.2 billion in revenue and achieve a 4% operating margin by 2030.

Culture + Values

Excellence
Passion
Integrity
Collaboration
Health and safety always prioritised – “nothing is so important that we cannot take the time to do it safely.”
Agile and smart working methods to enable people to reach their potential.
People‑oriented, progressive culture driven from top leadership.

Environment + Sustainability

62% CO₂e reduction

Carbon Emissions Reduction (2012–2020)

A significant reduction in carbon emissions (Scope 1, 2, and operational Scope 3) was achieved between 2012 and 2020.

93% electric cars

Electric and Plug-In Hybrid Fleet

Over 90% of the company's vehicle fleet consists of electric or plug-in hybrid vehicles, reflecting a strong commitment to sustainable mobility.

100% renewable electricity

Clean Energy Target

The company aims to power its operations entirely with renewable electricity by the end of 2025.

16 activities mapped

Net Zero Route Map

A comprehensive plan addressing key activities contributing to carbon emissions has been published, including diesel use, vehicle emissions, and materials.

Net zero on Scope 1 and 2 operations by 2030; Scope 1, 2 and 3 across all activities by 2045.
Near-term emissions targets validated by SBTi (aligned to 1.5 °C).
Reduced Scope 1 and 2 emissions by 2.5% in 2023 vs 2022; diesel use down 9.1%, vehicle emissions down 6.9%.
65% Scope 1 and 2 reduction by 2021.
Zero construction waste to landfill by 2026.
Sub-133 g/km fleet average in 2011 down to 86 g/km in 2020.
PAS 2080:2023 certification achieved (carbon management).
CDP B grade for environmental performance maintained in 2025.

Inclusion & Diversity

22.5% gender pay gap

Mean gender pay gap reduction

The mean gender pay gap has been reduced from 28.8% in 2020 to 22.5% in 2024.

74% employee engagement

Employee engagement score

Employee engagement levels are at 74%, exceeding the sector average of 66%.

55% senior leaders

Inclusive Leadership programme participation

55% of senior leaders have completed the Inclusive Leadership programme.

Appointed a dedicated Inclusion Lead and steering group (July 2023).
Pilot mentoring scheme for girls: ~50 students across 5 schools.
Awarded Leaders in Diversity (Highways business) and national FREDIE standards.

Articles

Careers

Projects

About Us

Role

Description

azure administration

incident response

vulnerability assessment

security operations

policy development

security awareness

Take ownership of daily security operations, working closely with the outsourced SOC / SIEM provider to monitor networks, systems, and applications for indicators of compromise or malicious activity.

Requirements

iso27001

pen testing

incident response

m365

5+ years

sc clearance

ISO / IEC 27001 Auditing experience (highly desirable)

Excellent documentation, communication, and stakeholder engagement skills.

Adaptable, proactive, and able to manage changing priorities in a fast-paced environment.

Experience planning or coordinating penetration testing and managing remediation activities.

Minimum 5 years’ experience in information security or related technical roles.

Security Awareness and Training

Strong understanding of Microsoft 365, Azure, and related cloud security controls (AWS/GCP exposure advantageous).

Hands-on experience with incident response, vulnerability management, and risk assessment.

Knowledge of UK data protection regulations (UK GDPR, DPA 2018).

Experience in regulated industries (e.g., finance, healthcare, government).

Proven track record managing or collaborating with outsourced SOC and SIEM providers.

Security Tools and Technology Management

This role requires the successful candidate to undergo and obtain BPSS and SC Clearance as a condition of employment.

Applicants must be based in the UK and have the legal right to work in the UK at the time of application

Skilled in maintaining and supporting an ISMS aligned to ISO 27001 and Cyber Essentials.

Benefits

Pension scheme and private healthcare.

Positive learning and growing environment

Generous holiday allowance.

Training and certification support.

Competitive salary and performance-based bonuses.

Professional development and education

Flexible working arrangements.

Health and wellbeing programs

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

candidate must obtain bpss and sc clearance as a condition of employment.

Company

Overview

£3.7 billion+

Order Book Value

After selling its housing arm in January 2020, the company rebuilt a significant order book, reflecting its strategic focus and growth.

£1.77 billion

Annual Revenue 2024

The company delivered £1.77 billion in revenue, showcasing its operational strength and market presence.

a national construction powerhouse with a history tracing back to two century‑old local builders.
now focusing on Building, Infrastructure (including Highways and Environment), and Specialist Services, delivering projects such as schools, hospitals, water barriers, and road networks.
expanded through strategic acquisitions—Morrison Construction in 2006, Miller Construction in 2014, and water and specialist services firms since 2021—to broaden its technical capabilities.
delivers projects in sectors like education, health, defence, justice facilities, major highways, water treatment infrastructure, fire‑safety upgrades, and digital infrastructure.
retains dual brands—Galliford Try in England & Wales and Morrison Construction in Scotland—to maintain regional strength.
has shown strong growth, recovering from COVID, reinstating dividends in 2021, and aiming to exceed £2.2 billion in revenue and achieve a 4% operating margin by 2030.

Culture + Values

Excellence
Passion
Integrity
Collaboration
Health and safety always prioritised – “nothing is so important that we cannot take the time to do it safely.”
Agile and smart working methods to enable people to reach their potential.
People‑oriented, progressive culture driven from top leadership.

Environment + Sustainability

62% CO₂e reduction

Carbon Emissions Reduction (2012–2020)

A significant reduction in carbon emissions (Scope 1, 2, and operational Scope 3) was achieved between 2012 and 2020.

93% electric cars

Electric and Plug-In Hybrid Fleet

Over 90% of the company's vehicle fleet consists of electric or plug-in hybrid vehicles, reflecting a strong commitment to sustainable mobility.

100% renewable electricity

Clean Energy Target

The company aims to power its operations entirely with renewable electricity by the end of 2025.

16 activities mapped

Net Zero Route Map

A comprehensive plan addressing key activities contributing to carbon emissions has been published, including diesel use, vehicle emissions, and materials.

Net zero on Scope 1 and 2 operations by 2030; Scope 1, 2 and 3 across all activities by 2045.
Near-term emissions targets validated by SBTi (aligned to 1.5 °C).
Reduced Scope 1 and 2 emissions by 2.5% in 2023 vs 2022; diesel use down 9.1%, vehicle emissions down 6.9%.
65% Scope 1 and 2 reduction by 2021.
Zero construction waste to landfill by 2026.
Sub-133 g/km fleet average in 2011 down to 86 g/km in 2020.
PAS 2080:2023 certification achieved (carbon management).
CDP B grade for environmental performance maintained in 2025.