Policy Expert - Senior Security Engineer
Are you ready to transform the insurance industry?
Policy Expert is a forward-thinking business that loves to get things done. Leveraging proprietary technology and smart data, we offer reliable products and a wow customer experience.
Having achieved rapid growth since being founded in 2011, we've won over 1.5 million customers in Home, Motor and Pet insurance and have been ranked the UK's No.1-rated home insurer by Review Centre since 2013.
Hear from our team about what it's like working at Policy Expert
• About the DevSecOps team:
At PolicyExpert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Becoming part of the DevSecOps team means joining a high-impact, forward-thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisation's competitive edge and fostering customer trust.
Your day to day:
* Lead the application and API security initiatives, ensuring robust protection mechanisms are in place.
* Own and drive the Application Security Posture Management (ASPM) function.
* Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
* Configure and manage security tooling such as ASPM, CSPM, IAM/PAM, WAF, including writing custom security rules for the CI/CD pipeline.
* Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.
* Participate in first responder rota where you would be the point of contact for consulting on security queries from development team, reviewing state of security through internal or external threat intelligence, and responding to security alerts.
* Perform and support internal pentesting efforts, identifying and mitigating vulnerabilities in our applications and APIs.
Who are you:
* Proven experience delivering web application and API security improvements across an organisation.
* Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM and CSPM.
* Hands-on experience with IAM solutions such as Auth0, or AWS Cognito
* Strong background in threat modelling and vulnerability management.
* Strong background in AWS, cloud computing concepts, and cloud security best practices.
Bonus points if:
* Previous experience as a software engineer
* Experience running a security champion program.
* Knowledge of security incident management and response.
* Relevant certifications such as OSCP, OSWP, CISSP, AWS Security Specialty, or similar.
Interview Process:
1. 15 minute Chat with someone from our Internal Talent Team
2. 90 minute Technical Interview with our Lead DevSecOps Engineer
3. 60 minute Culture fit interview with Tech Principal of Platform Engineering and non-technical person
Benefits:
This role will be based in our London office in a 50/50 Hybrid mode.
Generous Pension contribution scheme
Private medical & Dental cover
Learning budget of £1,000 a year + Study leave (with encouragement to use it)
Enhanced maternity & paternity
Travel season ticket loan
Access to a wide selection of London O2 events and use of a Private Lounge
Employee Wellbeing Programme
What We Stand for and Next Steps "We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on an individual's skills, knowledge, and experience. The quality and growing diversity of our team is a testament to this commitment"
At Policy Expert, we are committed to fostering an inclusive and supportive environment for all candidates. If you require any reasonable adjustments during the interview process to accommodate your needs, please do not hesitate to let us know. We are dedicated to ensuring every candidate has an equal opportunity to succeed and will work with you to provide the necessary support.
We aim to be in touch within 14 working days of your application - you will be notified if successful or unsuccessful. Please be encouraged to apply even if you do not meet all the requirements.
Useful links:
Glassdoor | Trust Pilot #J-18808-Ljbffr