Permanent
Hybrid - 2 or 3 days p/w on-site
Leeds
FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security into the development lifecycle and working with modern tooling and cloud environments.
The successful Security Engineer's responsibilities will include:
1. Analysing new feature code to identify and mitigate security risks
2. Collaborating with development teams to implement secure coding practices and remediation strategies
3. Driving improvements in security maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling)
4. Designing, building, operate, monitoring secure solutions across complex platforms
5. Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems
6. Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc)
7. Implementing and optimising observability platforms for holistic system monitoring
8. Supporting and securing software delivery lifecycle, from development to deployment and ongoing operations
The successful Security Engineer's essential skills will include:
9. Demonstrated experience in software security within cloud-first or hybrid environments (Azure preferred)
10. A deep understanding of the Salesforce platform and eco-system, with experience supporting secure integration and development
11. Strong knowledge of networking protocols (e.g. TCP/IP, UDP, HTTP/3) and cloud network architecture (VPNs, subnets, zones)
12. Experience with API security and integration-related platforms such as Auth0 or API Gateways
13. Proficiency with security tools including SAST (e.g. Snyk, Checkmarx), SCA, and DAST (e.g. OpenZAP, Qualys DAST)
14. Ability to manage secure operations of large-scale software estates, including deployment pipelines, rollback strategies, and uptime monitoring
15. Practical experience building automated security test suites into CI/CD workflows
16. Familiarity with security frameworks such as DSOMM, OWASP, and SAMM
Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with a strong security focus and interest in building secure, scalable systems in the cloud.
Note: Demonstrable experience of Security Engineering in, on and around the Salesforce platform is critical to this post.
Note: Candidates must be based in the UK and authorised to work.
Note: On-site attendance 3 days a week is required
Candidates can be based (3 days a week) from multiple UK locations, Leeds, Bristol, Tunbridge Wells, Bournemouth, Manchester, Leicester, Redhill