Senior Security Engineer

An opportunity is available for an experienced Senior Security Engineer to join a high-performing technology team delivering secure, cloud-native software solutions for clients in varying sectors including financial services, healthcare and public sector.

This role sits at the intersection of application security, cloud security and Dev Sec Ops , working within multi-disciplinary Agile teams to embed security controls throughout the Secure Software Development Lifecycle (SSDLC). The successful candidate will be responsible for implementing automated security tooling, driving vulnerability management practices and ensuring robust protection across modern cloud platforms.

The position requires strong technical capability, hands-on Dev Sec Ops  experience and the ability to influence engineering teams by promoting secure-by-design principles.

• Collaborate daily with application development and cloud engineering teams to integrate security requirements into Agile sprint planning and backlog prioritisation.
• Embed Dev Sec Ops  practices across CI/CD pipelines, ensuring continuous security validation.
• Implement and maintain automated security tooling, including:
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Secret scanning
• Container security scanning
• Software composition analysis
• Automate compliance with cloud security baselines such as CIS Benchmarks.
• Lead threat modelling sessions and vulnerability management initiatives.
• Translate findings from security tools into prioritised, actionable security stories for delivery teams.
• Validate implementation of architectural security patterns and secure coding standards.
• Coordinate with external providers to scope and manage penetration testing activities.
• Drive adoption of cyber security best practices within Agile software teams.
• Mentor and develop junior engineers, fostering a security-first engineering culture.
• Proven experience implementing application security or cloud platform security controls.
• Experience working as an AI Security Engineer, securing AI/ML systems and data pipelines.
• Strong understanding of web application security principles, including OWASP Top 10 risks.
• Practical knowledge of modern cryptography, including:
• Encryption in transit (TLS)
• Encryption at rest
• Hashing and digital signatures
• Hands-on experience with:
• Vulnerability management
• Application security testing
• Penetration testing coordination
• Experience integrating security tooling into CI/CD pipelines.
• Proficiency with:
• Git or modern version control systems
• A scripting language (Bash, Power Shell)
• Infrastructure as Code tools (Terraform, ARM Templates, Ansible)
• Ability to clearly communicate complex security risks to both technical and non-technical stakeholders.
• Industry-recognised cyber security certification.
• Experience with in Commercial, Public Sector or Defence environments.