IT Security Engineer

Job Description:

Security Engineer

Salary: £55,100 - £68,000 (neg depending on experience)
Location: Cromwell Hospital, London (SW5 0TU)

Hybrid Working: Desired 2 days per week onsite
Fixed Term Contract: 12 Months
Scheduled weekly hours: 37.5 hours
Benefits: Fixed Term benefits allowance

We make health happen

We are seeking an experienced Security Engineer to join Cromwell on a fixed-term contract. In this role, you will be responsible for ensuring the organisation adheres to industry security standards and best practices, including NIST, ISO 27001, and CIS controls.

You will play a key role in implementing, maintaining, and continuously enhancing our security frameworks, processes, and technologies. This position is critical in safeguarding the company's systems, data, and reputation, while also promoting a strong culture of security awareness across the business.

How you'll help us make health happen:

• Support the implementation, monitoring, and continuous improvement of security frameworks and controls aligned to NIST, ISO 27001, and CIS standards

• Design, implement, and manage security solutions, including SSO, MFA, and identity lifecycle processes (JML), ensuring secure and seamless user access

• Collaborate with IT, HR, compliance, and security teams to embed and maintain security controls across systems, projects, and business workflows

• Identify, assess, and manage security risks and vulnerabilities across applications and infrastructure, developing and driving remediation plans through to completion

• Ensure security is embedded across the full project lifecycle, including participation in change management and design processes

• Develop, maintain, and document security policies, procedures, and standard operating protocols in line with best practice and regulatory requirements

• Monitor security posture, track risks, escalate overdue remediation, and ensure adherence to defined security metrics and organisational risk appetite

• Support security assessments, pre-engagement activities, and coordination with internal SMEs and wider security teams

• Implement and maintain capabilities for early detection, response, and management of security incidents

• Test and assess systems and infrastructure to identify vulnerabilities and recommend improvements

• Produce clear reporting on security posture, risk, and improvement initiatives, and represent the organisation in relevant security forums

• Develop and implement technical solutions and tools to enhance security capability, automate processes, and protect organisational data and infrastructure

• Promote security awareness across the organisation, providing guidance and training where required

Key Skills / Qualifications needed for this role:

• Proven experience in a Security Engineer, Application Security Engineer, or similar role within an enterprise or regulated environment

• Strong working knowledge of security frameworks and standards, including NIST, ISO 27001, and CIS, with hands-on experience implementing and maintaining controls

• Practical experience designing, implementing, and managing identity and access solutions, including SSO, MFA, and joiner/mover/leaver (JML) processes

• Solid technical expertise across security technologies such as firewalls, intrusion detection systems, anti-virus, authentication systems, log management, and content filtering

• Good understanding of network security, network segmentation, and monitoring tools, alongside infrastructure and operating system security (Windows/Linux)

• Experience identifying and managing vulnerabilities, supporting remediation activities, and maintaining security systems within complex environments

• Ability to design, document, and optimise security processes, policies, and technical procedures to a high standard

• Strong understanding of infrastructure and application security principles, with the ability to secure enterprise environments end-to-end

• Relevant professional certifications such as CISSP, CISM, or equivalent are highly desirable

• Excellent problem-solving skills with the ability to work effectively under pressure

• Strong communication and stakeholder management skills, with the ability to translate technical security concepts into business context

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health, from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

• 25 days holiday per year, pro rata to your contract.

• Access to a range of services to support your physical and mental wellbeing

• Fixed term benefits allowance

• Access to our confidential employee assistance programme

• Workplace pension

• Online discounts covering your everyday shopping, entertainment, eating out and more.

Why Bupa?

We're a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose - helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all our people to ”Be you at Bupa”, we champion diversity, and we understand the importance of our people representing the communities and customers we serve. That's why we especially encourage applications from people with diverse backgrounds and experiences.

Bupa is a Level 2 Disability Confident Employer. This means we aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We'll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them.

Time Type:

Job Area:

Locations: