We’re looking for a Security Operations Engineer to strengthen the day‑to‑day security operations of the organisation, improve operational maturity, and help ensure that the security controls we rely on are implemented and run effectively.
This is a hands‑on role with real responsibility and influence. You’ll work closely with the Operational Security Lead and wider IT teams to operate, tune, and improve our security controls, with particular focus on the Microsoft security and identity stack. The role combines operational ownership, investigation and response, and practical configuration improvement.
You’ll join the Information Security team and help us make meaningful changes that improve the quality, resilience, and consistency of our security operations across user, device, identity, and cloud environments.
Why join Mintel?
Mintel is the world’s leading market intelligence agency. Technology underpins our success, enabling us to deliver trusted data, insights, and analysis to clients across the globe. Security plays a critical role in protecting our people, platforms, and data and we’re continuing to invest in building a mature, modern security capability.
We deliver a culture that values collaboration, learning, and continuous improvement.
What you will do
- Own the security triage workflow end‑to‑end (intake → prioritisation → coordination → closure), ensuring issues are handled consistently and driven to completion
- Investigate and respond to security alerts and incidents across endpoint, identity, and email security
- Operate and improve security controls within the Microsoft security ecosystem, including Defender, Intune, identity, and Conditional Access
- Actively contribute to security configuration hygiene and tuning, reducing noise and improving baseline posture over time
- Coordinate remediation activities with wider IT teams
- Support incident response activities within agreed guardrails and escalation thresholds
- Contribute to security improvement projects, including configuration uplift and operational maturity initiatives
- Identify recurring issues and patterns, feeding them into continuous improvement cycles with the Operational Security Lead
What are we looking for?
This role is intended for a mid‑level security operations professional. It is not an entry‑level or SOC‑only position.
To operate effectively, this role is expected to have delegated operational access (within guardrails) to:
- Microsoft Defender (XDR components relevant to endpoint, identity, email, and cloud app security)
- Microsoft Intune (device compliance, configuration profiles, investigation support)
- Identity & access management, including account investigation, remediation, security group membership management, and participation in scoped Conditional Access changes
You’ll operate independently within defined guardrails, escalating to the Operational Security Lead when thresholds are crossed, including:
- Suspected data exfiltration, privileged account compromise, or uncontained malware/ransomware
- Changes to Conditional Access or global security policies
- Incidents requiring executive awareness or involvement of Legal / Privacy / DPO
- Actions that risk widespread disruption or service downtime (e.g. tenant‑wide blocking, mass device isolation)
Collaboration is the normal operating mode for complex investigations, significant configuration changes, and improvement initiatives.
Essential knowledge and experience we are seeking
- Ideally 5 + years of practical experience in security operations, including triage, investigation, and response
- Experience managing security issues from intake through to closure, coordinating across teams
- Hands‑on experience with parts of the Microsoft 365 security stack, such as Microsoft Defender
- Working knowledge of identity and access management, including accounts and group memberships
- Exposure to endpoint and device security investigations
- Experience with Microsoft Intune configuration and policy management
- Experience supporting or contributing to Conditional Access policy hygiene or tuning
- Confidence making day‑to‑day operational and configuration decisions within defined guardrails
- Clear written and verbal communication skills
Desirable knowledge
- Querying or investigation languages (e.g. KQL)
- Scripting or automation exposure (PowerShell, Python, Logic Apps)
- Cloud security exposure (e.g. AWS investigations or hygiene)
- Experience supporting audits or assurance activities from an operational perspective
Emergent
- Interest in how AI and automation are being applied in modern security operations
- Curiosity about AI‑assisted investigation and response workflows