Senior Cyber Security Engineer

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide.

At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised  our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing

Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere.

Build a newsworthy career at the FT.

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud‑native, AWS‑hosted technology estate. This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default.

You’ll shape and improve developer‑friendly guardrails across Git Hub‑based CI/CD pipelines, AWS environments and infrastructure‑as‑code workflows. This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low‑noise and owned by the right teams.

Day to day, you’ll run practical threat‑modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil. We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks.

Depending on team structure, you may also mentor or line‑manage one or two security engineers, while remaining hands‑on and close to the technical work.

Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS‑hosted, cloud‑native environments.

Developer‑friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction.

Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams.

Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure‑as‑code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths.

Threat modelling: confidence running lightweight, practical threat‑modelling sessions that lead to useful engineering decisions and risk reduction.

CI/CD and code security: hands‑on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning.

Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk.

Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation. Depending on team structure, this may include line management.

AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential.

Improve application security guardrails Tune and evolve SAST, software composition analysis, secret scanning…