Principal Software Engineer - Security Engineer
hackajob Salford, England, United Kingdom
Principal Software Engineer - Security Engineer
hackajob Salford, England, United Kingdom
1 week ago Be among the first 25 applicants
hackajob is collaborating with BBC to connect them with exceptional tech professionals for this role.
Job Introduction
The BBC’s digital products reach more than 500 million people every week and are trusted globally as a source of news, entertainment and education. That trust is built not only on our editorial standards, but also on the security, reliability and resilience of the systems behind every stream, story and service.
In Engineering Enablement, we’re the team that makes secure, high-velocity delivery possible. We build shared cloud platforms, developer tooling and guardrails that let hundreds of product teams ship confidently and sustainably.
We’re hiring a Principal Software Engineer - Security Engineer to help us embed secure-by-design thinking across the BBC. You’ll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You’ll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy.
It’s a high-trust role with real impact: translating strategic security direction into pragmatic, actionable implementation that helps our teams deliver safely at scale.
Interview process
* Stage 1: Technical Deep Dive (60 mins) Walk us through your experience delivering secure systems, discuss a real-world scenario, and complete a short security-focused code or design review.
* Stage 2: Collaboration & Influence (60 mins) Explore how you collaborate with central security teams, enable secure engineering at scale, and support adoption of policies across delivery teams.
No prep required beyond a few examples of your work.
Main Responsibilities
As a Principal Software Engineer - Security Engineer, you’ll work hands-on with product and platform teams across the BBC to embed secure engineering practices that align with InfoSec direction and policies.
* Drive secure-by-design implementation across infrastructure and applications, ensuring delivery aligns with BBC security policy and architectural guidance.
* Promote secure SDLC practices across engineering teams, collaborating with InfoSec on shared tooling, templates and enablement.
* Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines.
* Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows.
* Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements.
* Act as a bridge between InfoSec and delivery teams - supporting direct collaboration, not acting as a gatekeeper.
* Feed real-world engineering insight back into InfoSec governance and assurance forums.
* Champion secure development and operations practices, coaching teams and scaling adoption through reusable patterns and guidance.
* Partner with infrastructure teams on security operations needs such as hardening, logging and incident readiness.
* Stay ahead of emerging threats and technologies and share relevant insights across the BBC.
Are you the right candidate for the role?
We Hire For Potential And Impact. If Most Of The Statements Below Describe You, We’d Love To Hear From You
* You have a strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments.
* You’re fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns.
* You’ve helped teams adopt secure SDLC practices, working closely with central security or architecture groups.
* You know how to embed tools like SAST, DAST, secrets detection and dependency scanning into CI/CD pipelines, and have the scars to prove it.
* You’ve worked with complex, multi-tenant cloud platforms - ideally on AWS - and understand shared services, infra-as-code and central governance models.
* You’ve built secure infrastructure and enforced compliance in the cloud, not just designed it on paper.
* You can translate InfoSec policy into pragmatic implementation without reinventing it - and you’re trusted by both engineers and architects.
* You collaborate naturally, earning trust from delivery teams and central stakeholders alike.
* You communicate clearly and credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board.
It’s a Bonus If You’ve Also
* Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs.
* Reviewed designs and code with a security lens and an eye for policy alignment.
* Navigated delivery in regulated, public service or high-trust environments.
* Been involved in incident response or risk assessment processes.
Seniority level
* Seniority level
Mid-Senior level
Employment type
* Employment type
Full-time
Job function
* Job function
Information Technology
* Industries
Software Development
Referrals increase your chances of interviewing at hackajob by 2x
Get notified about new Software Security Engineer jobs in Salford, England, United Kingdom.
Manchester, England, United Kingdom 1 week ago
Manchester Area, United Kingdom 15 hours ago
Manchester, England, United Kingdom 2 months ago
Manchester, England, United Kingdom 1 month ago
Manchester, England, United Kingdom 2 months ago
Knutsford, England, United Kingdom 6 days ago
Manchester, England, United Kingdom 2 days ago
Software Architect - Containers / Virtualisation
Manchester, England, United Kingdom 2 weeks ago
Manchester, England, United Kingdom 4 months ago
Manchester, England, United Kingdom 3 months ago
Lead Golang Software Engineer, Commercial Systems
Manchester, England, United Kingdom 2 weeks ago
Principal Control & Instrumentation Engineer
Manchester, England, United Kingdom 2 weeks ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr