Position Description
At CGI, we are shaping secure digital platforms that power critical services and deliver measurable outcomes for our clients. As a Security Engineer, you will play a vital role in embedding security across the DevOps lifecycle, ensuring solutions are resilient, compliant, and designed to scale. We integrate security from the outset, combining automation, innovation, and collaboration to protect systems while enabling rapid delivery. You will join a culture where ownership is encouraged, ideas are valued, and expertise drives real impact. Together, we build secure, high-performing platforms that safeguard data, strengthen trust, and support long-term transformation.
CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named a UK 'Best Employer' by the Financial Times. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go.
Due to the secure nature of the programme, you will need to hold UK Security Clearance (SC), or be eligible to obtain clearance as part of onboarding. This is a remote role with occasional travel to London or surrounding offices.
Your future duties and responsibilities
In this role, you will embed security at the heart of our DevOps software development lifecycle, ensuring applications, platforms, and pipelines are secure by design. You will take ownership of security controls across cloud, containerised, and virtualised environments, integrating automated testing and compliance checks that enable teams to deliver at pace without compromising resilience. Working closely with platform and software engineers, you will act as a trusted security partner, translating risk into practical, actionable controls that drive measurable improvement.
You will continuously enhance our DevSecOps capabilities, strengthening vulnerability management, monitoring, and incident response processes. With the backing of experienced colleagues and central security teams, you will contribute ideas, refine tooling, and champion best practice across engineering communities, helping to build a proactive and sustainable security posture.
Key responsibilities:
Lead & Embed Secure Design: Champion secure-by-design principles across applications, platforms, and CI/CD pipelines.
Automate & Validate Controls: Integrate SAST, DAST, SCA and policy-as-code into pipelines to ensure continuous security assurance.
Manage & Mitigate Risk: Identify, triage, prioritise, and track vulnerabilities through to remediation.
Strengthen Cloud & Platform Security: Secure cloud services, container platforms, IAM, and secrets management using least-privilege models.
Monitor & Respond: Support security monitoring, logging, alerting, and incident response activities.
Collaborate & Influence: Partner with engineering and assurance teams to translate security requirements into effective technical solutions.
Improve & Innovate: Enhance automation, tooling, and processes to reduce risk and drive continuous improvement.
Required Qualifications To Be Successful In This Role
To succeed, you will bring strong experience in security engineering or DevSecOps within Agile environments, with a clear understanding of how to embed security throughout the DevOps SDLC. You will combine technical depth in cloud and pipeline security with the ability to communicate risk clearly and influence diverse stakeholders.
You should have:
Proven experience in Security Engineering, DevSecOps, or DevOps-focused security roles.
Strong knowledge of vulnerability management and tools such as SAST, DAST, and SCA.
Experience securing cloud platforms (e.g. Azure), virtualised and containerised environments.
Familiarity with CI/CD tools (e.g. Azure DevOps, Jenkins) and version control (Git).
Understanding of Infrastructure as Code (e.g. Terraform, ARM, Bicep) and configuration management.
Knowledge of security frameworks and threat modelling approaches (e.g. OWASP, CIS, STRIDE).
Scripting or automation skills (e.g. PowerShell, Bash).
Experience working in Agile teams using tools such as Jira and Confluence.
Together, as owners, let's turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction.
Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team—one of the largest IT and business consulting services firms in the world.