15h Left: Principal Security Engineer

We are seeking a Principal Security Engineer to leadand drive security engineering efforts across our cloud andapplication environments. This strategic, hands-on role requiresexpertise in cloud security, secure development practices, and theimplementation of advanced security controls. You will serve as aleader within the Consumer Security Engineering team, drivingsecurity initiatives across cloud platforms, microservicearchitectures, digital products, application security, andenterprise security. You will define and build comprehensivesecurity strategies in collaboration with developers, DevSecOpsengineers, ensuring that security is seamlessly integrated into ourCI/CD pipelines and all layers of infrastructure. Additionally, youwill supervise security tool management and ensure cyber resiliencyfor consumer applications. A deep understanding of Google CloudSecurity, Application Security, API security, and customer securitysystems is crucial. Key Responsibilities: 1. Design and ImplementSecurity Strategy: Develop and implement the security strategy forcloud platforms, microservice-based applications, and CI/CDenvironments, with a focus on both application and enterprisesecurity. 2. Ownership of Consumer Security Capabilities: Own theconsumer security capabilities and tools (WAFs, GCP SecurityControls, Customer Identity Protection, IAM, Encryption etc.) byestablishing a clear operating model that ensures all teams areengaged and actively adopting industry-standard security designs.3. Enforce Security Best Practices: Build and enforce security bestpractices across Google Cloud Platform (GCP) environments, ensuringrobust identity and access management (IAM), network security, andencryption, in compliance with industry standards. 4. IntegrateApplication Security: Drive the integration of application securitypractices, including secure coding and vulnerability management,throughout the software development lifecycle for all the projects.5. Drive Security Tool Implementation: Lead the evaluation,selection, and implementation of enterprise security tools andtechnologies that align with organizational business and securityrequirements, while owning and operating these tools effectively.6. Maintain Cyber Resiliency and Recovery: Develop and implementstrategies to maintain cyber resiliency and recovery for consumerorganisation, ensuring the organisation can withstand and recoverfrom security incidents. 7. Build Reusable Security Controls:Create and promote reusable security controls that can be appliedacross multiple projects and platforms to enhance securityefficiency. 8. Security Metrics Delivery and Improvements: Develop,deliver, and continuously enhance security metrics to evaluate theeffectiveness of security initiatives, drive accountability, andinform data-driven decision-making across the organization. Themust haves In order to be considered, you must have the followingexperience; - Proven experience as a Principal Security Engineer orsimilar role, with hands-on experience in security architecture,engineering, and operations. - Expertise in Google Cloud Platform(GCP) security, with knowledge of AWS and/or Azure securitypractices as a plus. - Strong background in DevSecOps, withexperience in integrating security into CI/CD pipelines using toolslike Jenkins, GitLab, or similar. - Experience implementing andmanaging SAST/DAST tools and processes to secure applicationdevelopment. - Deep understanding of application security,including secure coding practices, OWASP Top 10, and API securitystandards. - Knowledge of Customer Identity and Access Management(CIAM) solutions and API security frameworks. - Knowledge of one ormore programming languages with the ability to review and implementsecure code. - Strong understanding of security automation,orchestration, and continuous monitoring tools (e.g., SIEM, SOAR).Next steps If we feel like a place where you can belong, we'd loveto learn more about you as a person and your experience to date.Once you've submitted an application the next steps of the process,if successful, are likely to include an initial introductory callfollowed by two technical rounds. When you apply, you'll be askedabout any adjustments you might need to support the recruitmentprocess. Let us know, and we'll be sure to discuss it with you.Please note: Applications will be reviewed, and interviewsconducted throughout the duration of this advert, therefore we maybring the closing date forward. We encourage all interestedapplicants to apply as soon as possible. If you’re offered a jobwith us, it will be conditional, based on the passing of backgroundchecks. All roles require a criminal record check and some rolesneed a financial probity check. Your recruiter can provide you withmore information if needed. Thanks for your patience and forshowing an interest in joining the Virgin Media O2 family.#J-18808-Ljbffr