Join to apply for the Senior Security Engineer role at Policy Expert
3 weeks ago Be among the first 25 applicants
Join to apply for the Senior Security Engineer role at Policy Expert
Policy Expert – Senior Security Engineer
Are you ready to transform the insurance industry?
Policy Expert is a forward-thinking business that loves to get things done. Leveraging proprietary technology and smart data, we offer reliable products and a wow customer experience.
Having achieved rapid growth since being founded in 2011, we've won over 1.5 million customers in Home, Motor and Pet insurance and have been ranked the UK's No.1-rated home insurer by Review Centre since 2013.
About the DevSecOps team:
At PolicyExpert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Joining the DevSecOps team means becoming part of a high-impact, forward-thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisation's competitive edge and fostering customer trust.
Your day-to-day responsibilities:
* Lead application and API security initiatives, ensuring robust protection mechanisms.
* Own and drive the Application Security Posture Management (ASPM) function.
* Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
* Configure and manage security tooling such as ASPM, CSPM, IAM/PAM, WAF, including writing custom security rules for the CI/CD pipeline.
* Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.
* Participate in first responder rota as the point of contact for security queries from the development team, reviewing security status through threat intelligence, and responding to security alerts.
* Support internal pentesting efforts, identifying and mitigating vulnerabilities in applications and APIs.
Who are you:
* Proven experience delivering web application and API security improvements across an organisation.
* Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM, and CSPM.
* Hands-on experience with IAM solutions such as Auth0 or AWS Cognito.
* Strong background in threat modelling and vulnerability management.
* Strong background in AWS, cloud computing concepts, and cloud security best practices.
Bonus points if:
* Previous experience as a software engineer.
* Experience running a security champion program.
* Knowledge of security incident management and response.
* Relevant certifications such as OSCP, OSWP, CISSP, AWS Security Specialty, or similar.
Interview Process:
* 15-minute chat with our Internal Talent Team.
* 90-minute technical interview with our Lead DevSecOps Engineer.
* 60-minute culture fit interview with Tech Principal of Platform Engineering and a non-technical person.
Benefits:
This role will be based in our London office in a 50/50 hybrid mode.
* Generous pension contribution scheme.
* Private medical & dental cover.
* Learning budget of £1,000 per year + study leave.
* Enhanced maternity & paternity leave.
* Travel season ticket loan.
* Access to London O2 events and private lounge.
* Employee wellbeing programme.
What We Stand For and Next Steps:
We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on skills, knowledge, and experience. We are committed to fostering an inclusive environment and providing reasonable adjustments during the interview process. We aim to contact candidates within 14 working days of application. Please apply even if you do not meet all requirements.
Useful links:
Glassdoor | Trust Pilot
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Information Technology
Industries
* Insurance
#J-18808-Ljbffr