Security Engineer / Cloud / DSOMM / OWASP / Salesforce
Permanent
Hybrid - 2 or 3 days p/w on-site
Leeds
FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security into the development lifecycle and working with modern tooling and cloud environments.
The successful Security Engineer's responsibilities will include:
* Analysing new feature code to identify and mitigate security risks
* Collaborating with development teams to implement secure coding practices and remediation strategies
* Driving improvements in security maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling)
* Designing, building, operate, monitoring secure solutions across complex platforms
* Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems
* Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc)
* Implementing and optimising observability platforms for holistic system monitoring
* Supporting and securing software delivery lifecycle, from development to deployment and ongoing operations
The successful Security Engineer's essential skills will include:
* Demonstrated experience in software security within cloud-first or hybrid environments (Azure preferred)
* A deep understanding of the Salesforce platform and eco-system, with experience supporting secure integration and development
* Strong knowledge of networking protocols (e.g. TCP/IP, UDP, HTTP/3) and cloud network architecture (VPNs, subnets, zones)
* Experience with API security and integration-related platforms such as Auth0 or API Gateways
* Proficiency with security tools including SAST (e.g. Snyk, Checkmarx), SCA, and DAST (e.g. OpenZAP, Qualys DAST)
* Ability to manage secure operations of large-scale software estates, including deployment pipelines, rollback strategies, and uptime monitoring
* Practical experience building automated security test suites into CI/CD workflows
* Familiarity with security frameworks such as DSOMM, OWASP, and SAMM
Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with a strong security focus and interest in building secure, scalable systems in the cloud.
Note: Demonstrable experience of Security Engineering in, on and around the Salesforce platform is critical to this post.
Note: Candidates must be based in the UK and authorised to work.
Note: On-site attendance 3 days a week is required
Location:
Candidates can be based (3 days a week) from multiple UK locations, Leeds, Bristol, Tunbridge Wells, Bournemouth, Manchester, Leicester, Redhill
Reward
This is a great opportunity to work on a high-impact transformation within a dynamic and technology-focused environment. In addition to a hybrid working model, the role offers a competitive benefits package:
Competitive annual salary (based on experience) + Annual performance-based bonus + Generous pension scheme + Life Assurance + Generous annual leave with buy/sell options + Private healthcare + Extensive Wellbeing services and employee discounts
Key Technical Terms
Security Engineering, Cybersecurity Engineer, Information Security Specialist, Salesforce, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps, Secure Development, CRM Security
Next Steps
Please click "Apply now" and submit your up-to-date CV, including your notice period and salary expectations.
We are Disability Confident and neurodiverse aware. If you have a disability, please tell us if there are any reasonable adjustments we can make to assist you in your application or with your recruitment process
#J-18808-Ljbffr