Security Engineering Lead

THG Ingenuity is a fully integrated digital commerce ecosystem, designed to power brands without limits. Our global end-to-end tech platform is comprised of three products: THG Commerce, THG Studios, THG Fulfilment.

Each represents a single, unified solution, overcoming challenges and taking brands direct-to-consumer. Our client portfolio includes globally recognised brands such as Coca-Cola, Nestle, Elemis, Homebase, and Proctor & Gamble.

Location:

Based onsite at our HQ in Manchester (WA15 0AF
)

Reports to:

Deputy Chief Security Officer

Team:
Leads a team of 3 to 4 Security Engineers

Type:
Permanent, full-time

We are seeking a Security Engineering Lead to take ownership of our security tooling and lead a dedicated team of engineers. You will set the technical direction for the function, manage and develop the team, and remain hands‑on to make sound decisions on architecture and design.

Our security tooling is managed entirely as Infrastructure as Code, so the role demands as much fluency in repositories and pipelines as in the security platforms themselves. We are equally interested in candidates who can apply AI to practical effect, both within the tooling we operate and in the way the team works.

The role partners closely with the wider security function and with teams across engineering and the business. You will also engage directly with external parties, including vendors, auditors, and partners.

• Lead a team of 3 to 4 security engineers, setting standards, overseeing delivery, and supporting their development.
• Own the design, implementation, and operation of our security tooling, managed throughout as code.
• Advance automation across detection, response, and access tooling to reduce manual effort and improve consistency.
• Define the technical roadmap for security tooling and keep it aligned with engineering and business priorities.
• Apply AI to strengthen detection, triage, and automation, and to improve the effectiveness of the team.
• Lead the engineering aspects of incident response and manage escalations for the tooling your team owns. The role participates in an on‑call and out‑of‑hours rota.
• Collaborate with other security teams (SOC, GRC, App Sec, vulnerability management) and with platform and engineering teams to embed security from the outset.
• Represent security engineering to external stakeholders, including vendors, auditors, and partners.

The stack is managed as code rather than through consoles and continues to evolve. The role spans:

• Detection and response: SIEM, SOAR, EDR
• Network and web:
  Secure Web Gateway (SWG), DLP
• Access:
  Zero Trust Access, IAM
• Email:
  Secure Email Gateway
• Pipelines:
  Git Hub (CI/CD security, secrets, supply‑chain controls)

Additional tooling also falls within the remit of this role.

• Experience in security engineering or related roles.
• Strong hands‑on experience across several of the areas above, such as SIEM/SOAR, Zero Trust access, IAM, DLP, and EDR.
• Experience securing cloud environments such as AWS, GCP, or Azure.
• Skilled in planning, designing, and implementing enterprise‑level security solutions.
• Substantial Infrastructure as Code experience (for example, Terraform), managing security tooling declaratively and under version control.
• Experience securing CI/CD pipelines, ideally Git Hub, including Actions, secrets management, and supply‑chain security.
• Practical experience applying AI within security workflows or tooling.
• A demonstrable record of working across teams, both within security and alongside engineering and external stakeholders.
• A clear communicator, able to convey technical risk to both engineering and non‑technical audiences.
• Knowledge of industry best practice and frameworks such as ISO 27001, IEC 62443, NIST Cyber Security Framework, CIS Critical Security Controls, and MITRE ATT&CK.
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Certifications such as CISSP, CISM, or similar.
• Experience leading or line‑managing a security team.
• Scripting or development experience (Python, Go, or similar) for automation.
• Experience in a regulated or e‑commerce environment, including PCI DSS and Cyber Essentials Plus.
• Detection engineering or threat‑hunting experience.
• Container and Kubernetes security experience.
• Experience presenting to and reporting to senior leadership.
• Further cloud security certifications, such as AWS, GCP, or Azure security specialties.

THG Ingenuity is proud to be a Disability Confident employer. If you are invited to interview, please let us know if there are any reasonable adjustments we can make to the recruitment process that will enable you to perform to the best of your ability.

THG Ingenuity is committed to creating a diverse & inclusive environment and hence welcomes applications from all sections of the community.