Security Engineer | Merivale

We are looking for an experienced Security Engineer to join the Technology team here at Merivale.

This is a hands-on role, responsible for helping shape, implement and continuously improve Merivale’s cyber security posture across a complex hybrid environment. You will work across on-premises infrastructure, Microsoft 365, Azure/Entra, AWS, networks, endpoints, identity, data protection and security awareness to help deliver a secure, resilient and fit-for-purpose technology environment.

This role sits within a business undergoing broad IT transformation, with a strong focus on building secure foundations, improving governance, reducing technology risk and enabling strategic change. It is ideal for someone who enjoys working across both technical delivery and practical security improvement, while partnering closely with technology teams, business stakeholders and external providers.

Key Responsibilities

• Implement and improve cyber security controls across infrastructure, cloud, identity, endpoints, email and data.
• Support the uplift of Merivale’s hybrid security environment, including Microsoft 365, Azure/Entra, AWS and on-premises platforms.
• Strengthen identity and access management controls, including MFA, conditional access, privileged access and account lifecycle management.
• Support ISO 27001 alignment through policy development, control improvement, documentation, evidence gathering and audit readiness.
• Coordinate cyber risk assessments, control gap reviews, penetration test remediation and security improvement plans.
• Partner with internal technology teams and external providers to embed security best practice into projects, operations and vendor engagements.
• Support security operations across endpoint, email and collaboration platforms, including vulnerability management, hardening and incident response.
• Deliver security awareness initiatives, including phishing campaigns, staff education and reporting on behavioural risk trends.
• Contribute to business continuity, disaster recovery and third-party security risk reviews.
• Develop clear security reporting and metrics to track risk, control effectiveness and uplift progress.

The Essentials

• Proven experience in security engineering, cyber security or senior information security roles within complex hybrid environments.
• Strong technical knowledge across network, endpoint, cloud, identity, email, vulnerability management and data protection.
• Experience securing Microsoft environments, including Microsoft 365, Defender, Intune, Entra ID, Exchange Online, Teams and SharePoint.
• Experience across Azure and AWS security, including identity, logging, configuration hardening, backup, resilience and access control.
• Practical understanding of ISO 27001 and experience supporting security controls, documentation and audit readiness.
• Strong documentation and communication skills, with the ability to translate technical risk into clear actions and updates.
• A pragmatic, commercially minded approach with the ability to balance risk reduction with operational realities.
• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CCSP, AZ-500, SC-100 or SC-200 will be highly regarded.

Merivale Employee Benefits

• 25% staff discount across 90+ Merivale venues.
• Exclusive monthly perks, staff-only rewards and events.
• Merivale Staff Cellar – access to premium wines at staff pricing.
• Unlimited career growth with endless development opportunities.
• Merivale Academy – online and in-person training, including Leadership & Performance, First Aid, Food Safety and more.
• Professional accreditation support – including Leadership qualifications.
• Employee Assistance Program – confidential wellbeing and mental health support, provided by Sonder.
• Employee Referral Program – earn rewards for bringing great people on board.