Salary: Up to £85,000 (depending on experience)
Locations: London, Leeds, Middlesbrough, Bristol or Bournemouth
Working Pattern: Hybrid - two days per week in one of the above offices
Overview:
An established enterprise organisation is undertaking enhancements to its digital platforms as part of an ongoing modernisation strategy.
As a Security Engineer, you will provide hands-on technical security expertise across software development, delivery and continuous improvement. You will play a key role in shaping and securing a modern digital platform, ensuring compliance with internal policies and industry regulations, while embedding security best practice across the engineering lifecycle.
Key Responsibilities:
Analysing new feature code to identify security risks and working closely with engineering teams to mitigate them
Delivering improvements to DSOMM maturity, either by enabling delivery teams or directly owning tasks (including coding, configuration, tooling and documentation)
Working with Information Security teams to ensure security policies are implemented in a pragmatic, efficient and flexible manner
Designing, building, operating and monitoring secure technology solutions for large-scale, complex B2C and B2B applications
Applying security knowledge across multiple technology platforms, contributing to secure adoption of new tools and services
Defining, upholding and contributing to secure coding standards and the software delivery lifecycle
Designing, building and optimising logging and monitoring solutions to improve visibility, reliability and overall platform performance
Skills & Experience Required:
Experience with cloud-native software development, including cloud infrastructure and API design (Azure preferred)
Willingness to apply security and engineering expertise across multiple platforms, such as Azure and SaaS solutions
Proven experience working with modern security standards and frameworks, including OWASP CI/CD, DSOMM and SAMM
Strong knowledge of networking protocols (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols), cloud networking concepts (VPNs, subnets, regions/zones) and integration technologies
Hands-on experience with SAST and SCA tools such as Snyk and Checkmarx
Experience with DAST tools such as OWASP ZAP or Qualys DAST (preferred), ideally working with HTTP APIs
Ability to manage and support large-scale software estates, including build, release, monitoring, rollback and high availability
Practical experience building and maintaining automated security testing suites
Eligibility: Must be eligible and authorised to work in the United Kingdom
Reward & Benefits:
Competitive base salary dependent on experience
Annual company and performance-related bonus
Contributory pension scheme with enhanced employer contributions
Life assurance
Private medical cover
28 days annual leave plus bank holidays
Option to buy or sell additional annual leave
Wellbeing services and employee support resources
Employee discount programmes