Are you a cyber security engineer who gets genuine satisfaction from closing vulnerabilities, not just finding them?
DNV Energy Systems is seeking a Senior Cyber Security Engineer to take ownership of the hands-on delivery of security across a portfolio of digital products. In this role, you will work closely with product and engineering teams to actively reduce risk, meet compliance requirements, and embed secure, sustainable practices that last.
OUR OPPORTUNITY
Reporting to the Digital Portfolio Manager, you will be the primary security engineering resource for the UK&I digital product portfolio. You will own the security posture of the portfolio end-to-end, from tooling and triage through to remediation support, assessment execution, and audit preparation.
This is an individual contributor role with substantial scope. You'll be the one closest to the work, with direct influence over how security is practised across the portfolio. There is genuine opportunity for the function to grow around you as the team expands.
You will work across multiple products and engineering teams simultaneously, acting as the technical security authority for the region. You’ll be joining teams that value security and want to get it right, giving you the platform to drive meaningful, lasting improvements.
What you’ll do:
Vulnerability Management & Tooling
1. Maintain and operate SAST/DAST tooling (including Veracode) across the digital portfolio
2. Lead CVE triage, assessing severity, exploitability and remediation priority across all products
3. Track and manage vulnerability remediation to closure, working directly with engineering teams
4. Maintain the portfolio security risk register, ensuring visibility of open issues and remediation status
Security Assessment & Audit
5. Plan and execute security assessments across the product portfolio against DNV standards and industry frameworks (eg OWASP ASVS)
6. Support audit preparation and evidence gathering for internal and external audit cycles
7. Maintain assessment documentation, findings registers and remediation tracking artefacts
Secure Development Practice
8. Embed security into the software development lifecycle (SDL/SSDLC) across product teams
9. Conduct threat modelling and architecture review for new and materially changed products
10. Advise development teams on secure coding practices, dependency management and secrets handling
11. Act as technical security subject matter expert, the first point of contact for engineering and product teams when security questions arise
We value all our people and the contributions they make to our business, so it’s important that our rewards make us all feel valued here. That’s why we offer a flexible reward and benefits package, allowing you to choose the things that matter most to you, including;
12. Exceptional Development and career progression opportunities with regular development discussions with your manager
13. Non-contractual Profit Share Scheme
14. Lifestyle benefits: 26 days annual leave + bank holidays, opportunity for up to 10 days unpaid leave, sabbatical leave, flexible working options
15. Wellbeing benefits: (including Private Medical, Dental Insurance, Health Assessments, Gym allowance). Company contribution towards eye tests and glasses (for computer/laptop users), and Flu Vaccinations. Also, our Employee Assistance Programme (EAP) provides free and confidential support for issues including work, family, relationships, money and health and we provide free fruit in our offices
16. Financial Benefits: including a Pension Scheme with employer pension contributions up to 9%, Life Assurance and Income Protection
17. Travel benefits: Season Ticket Loan, Cycle to Work Scheme, Electric Vehicle Salary Sacrifice Scheme (for personal use)
18. Re-imbursement of relevant Professional Membership Fees (up to £570)
19. Access to employee retail discount site for high street and on-line shopping
DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity.
We’re looking for a Cyber Security Engineer who is focused on practical outcomes and understand that lasting remediation comes from a combination of strong technical fixes, clear communication, good documentation, and solid process.
Our colleagues come from a vast range of different backgrounds, and we value the diversity of experience, knowledge and thought that this brings to our approach. We therefore try to keep our mandatory requirements to a minimum. As a Senior Cyber Security Engineer, there are a few typical traits that we’d love you to bring, to complement the more specific role requirements.
Essential
20. Experience with application security tooling (SAST, DAST, SCA) including commercial platforms such as Veracode
21. CVE triage and vulnerability management capability across multi-product environments
22. Working knowledge of OWASP Top 10, ASVS, and common web application attack vectors
23. Experience executing or supporting security assessments and audit preparation
24. Ability to communicate technical security risk clearly to non-security audiences, including product and senior stakeholders
25. Comfortable working as an individual contributor across multiple products simultaneously
Desirable
26. Experience with cloud-hosted applications and infrastructure security (AWS, Azure or GCP)
27. Familiarity with ISO 27005, ISO 27001 or equivalent risk management frameworks
28. Exposure to threat modelling methodologies (STRIDE, PASTA or similar)
29. Relevant security certifications (CEH, OSCP, CISSP, CompTIA Security+, or equivalent)
30. Experience in energy, infrastructure, engineering consultancy, or other regulated technical environments
We recognise that equivalent tools and frameworks exist across the industry. If your experience is with comparable tooling or your background doesn't map neatly to our list, we’d still like to hear from you, we’re interested in your underlying capability and the value you’d bring to the role.