×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant Systems Engineer Security Manager

Offensive Security Engineer

Job in Reading, Berkshire, RG1, England, UK
Listing for: CHAMP Cargosystems
Full Time position
Listed on 2025-12-15
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, Systems Engineer, Security Manager
Job Description & How to Apply Below

Get AI-powered advice on this job and more exclusive features.

CHAMP Cargo systems provides the most comprehensive range of integrated IT solutions and distribution services for the air cargo transport chain. Our portfolio spans core management systems, messaging services, and eCargo solutions. These include applications designed to meet customs and security requirements, quality optimization, as well as e-freight and mobility needs. Our products and services are recognized globally under the Cargospot and Traxon brands.

We serve over 200 airlines and GSAs, connecting them with approximately 3,000 forwarders and GHAs worldwide. Our solutions help customers, and their clients, adapt to the critical and ongoing changes in air transport logistics and meet the demands of global trade.

Headquartered in Luxembourg, CHAMP Cargo systems operates offices in Reading, Zurich, Frankfurt, Manila, Singapore, and Atlanta.

We are looking for an Offensive Security Engineer to join our Security & GRC team. The role will be reporting to the Security Architect.

Responsibilities

We are seeking a Offensive Security Engineer to establish and guide our Product Security Team. The successful candidate will drive our penetration testing capability, our secure software development practices, oversee vulnerability remediation, and build automated offensive security capabilities integrated into our agile CI/CD environment. Working within the SCRUM methodology, the Offensive Security Engineer will ensure that security is embedded into every sprint, release, and product lifecycle stage.

Security Governance & Development Enablement
  • Establish secure coding standards, reusable libraries, and best practices for Java web application development.
  • Collaborate with product owners and developers to integrate security requirements into user stories.
  • Provide guidance on threat modeling and secure design during sprint planning.
  • Ensure security tasks are prioritized alongside functional requirements in the agile backlog.
  • Build and oversee internal penetration testing capabilities for web applications and APIs.
  • Ensure each release in the CI/CD chain undergoes automated and manual security testing.
  • Expand testing scope to infrastructure and cloud environments as maturity grows.
  • Continuously simulate attacker techniques to validate product resilience.
  • Drive adoption of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) solutions, with emphasis on Java and web application frameworks.
  • Integrate automated security testing into CI/CD pipelines.
  • Oversee development of unit test frameworks with embedded security checks.
  • Align product security practices with compliance frameworks (ISO
    27001, SOC2, NIS2, EU AI Act, etc.).
  • Collaborate with Compliance and IT Security teams to maintain certifications and audit readiness.
  • Provide leadership with clear reporting on product security posture, vulnerabilities, and remediation progress.
  • Define backlog items related to security improvements, vulnerability remediation, and testing initiatives.
  • Facilitate sprint planning, daily stand‑ups, retrospectives, and ensure delivery of security objectives.
  • Mentor and coach team members, fostering a culture of collaboration and continuous improvement.
Knowledge,

Skills and Abilities

  • Strong knowledge of secure development practices, threat modeling, and vulnerability management.
  • Hands‑on experience with SAST/DAST tools and CI/CD integration.
  • Excellent communication skills to engage developers, auditors, and executives.
  • Proven experience leading teams in agile/SCRUM environments.
Education and Experience
  • Bachelor’s or Master’s degree in Software Engineering, Cybersecurity, or related field.
  • 8+ years of experience in software development and application security, with hands‑on exposure to Java web applications.
  • Certifications such as OSCP or CISSP, CISM.
  • Experience in SaaS environments and cloud‑native security.
  • Familiarity with compliance frameworks (ISO
    27001, SOC2, NIS2, EU AI Act).
  • Ability to balance strategic vision with hands‑on technical leadership.

The selected candidate may be subject to the provision of an up‑to‑date (not older than 3 months) criminal record…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search