Security Engineer
Our client is a software-focused organisation that empowers multi-functional teams to rapidly iterate and release new features. In a strongly collaborative culture—through activities like pair programming and close working with editorial and commercial colleagues—this role applies information security best practices in a DevSecOps environment to help deliver secure outcomes from the start. You’ll join a software development team with subject matter expertise, driving security improvements through tooling, automation, metrics, and secure coding guidance.
Role Overview:
The Security Engineer will partner with software engineering teams and the Information Security function to ensure engineering initiatives are aligned with the organisation’s information security strategy, embedding secure-by-design and secure-by-default practices across development and delivery.
Key Skills & Experience:
• Demonstrated experience in information security engineering within a software engineering environment
• Comprehensive experience in software development and security engineering best practices
• In-depth understanding of security engineering, including networking, software supply chain, and application security
• Familiarity with current and emerging information security standards (e.g., NIST Secure Software Development Framework, SLSA)
• Ability to translate product and business requirements into technical solutions
• Excellent communication skills, including experience communicating at internal/external events
Key Responsibilities:
• Identify, develop, and improve metrics that drive desired behaviour and security outcomes
• Introduce and maintain security tooling to help teams efficiently secure services and reduce attack surface
• Assure implementation of security and control policies through automation and DevSecOps best practices (secure by design and default)
• Educate developers and support teams to expand secure coding best practices and achieve security goals
• Build close working relationships with the Information Security team to align engineering initiatives with the organisation’s information security strategy
• Work collaboratively within multi-functional, empowered teams rather than in isolation
Requirements:
• Demonstrated experience in information security engineering
• Comprehensive experience in software development
• Experience leading in identifying and disseminating best practice
• On-site working arrangement (as required by the organisation)
• Right to work in the UK (UK contract)
Nice to Have (Optional):
• Experience communicating with internal/external stakeholders at events
If you’re experienced in information security engineering and DevSecOps practices, apply now to join our client’s security-focused software development team.
