Principal Security Engineer

ENGINEERINGUK
London
11 months ago
Applications closed

Related Jobs

View all jobs

Principal Security Consultant

PES Lead Engineer/Principal Engineer

IAM Security Consultant - PERM - London, UK

Senior Software Engineer

Security Resilience Manager

Security and Governance Analyst

You will need to login before you can apply for a job.

We are seeking aPrincipal Security Engineerto lead and drive security engineering efforts across our cloud and application environments. This strategic, hands-on role requires expertise in cloud security, secure development practices, and the implementation of advanced security controls. You will serve as a leader within the Consumer Security Engineering team, driving security initiatives across cloud platforms, microservice architectures, digital products, application security, and enterprise security.

You will define and build comprehensive security strategies in collaboration with developers, DevSecOps engineers, ensuring that security is seamlessly integrated into our CI/CD pipelines and all layers of infrastructure. Additionally, you will supervise security tool management and ensure cyber resiliency for consumer applications. A deep understanding of Google Cloud Security, Application Security, API security, and customer security systems is crucial.
Key Responsibilities:

  • Design and Implement Security Strategy: Develop and implement the security strategy for cloud platforms, microservice-based applications, and CI/CD environments, with a focus on both application and enterprise security.
  • Ownership of Consumer Security Capabilities: Own the consumer security capabilities and tools (WAFs, GCP Security Controls, Customer Identity Protection, IAM, Encryption etc.) by establishing a clear operating model that ensures all teams are engaged and actively adopting industry-standard security designs.
  • Enforce Security Best Practices: Build and enforce security best practices across Google Cloud Platform (GCP) environments, ensuring robust identity and access management (IAM), network security, and encryption, in compliance with industry standards.
  • Integrate Application Security: Drive the integration of application security practices, including secure coding and vulnerability management, throughout the software development lifecycle for all projects.
  • Drive Security Tool Implementation: Lead the evaluation, selection, and implementation of enterprise security tools and technologies that align with organizational business and security requirements, while owning and operating these tools effectively.
  • Maintain Cyber Resiliency and Recovery: Develop and implement strategies to maintain cyber resiliency and recovery for the consumer organization, ensuring it can withstand and recover from security incidents.
  • Build Reusable Security Controls: Create and promote reusable security controls that can be applied across multiple projects and platforms to enhance security efficiency.
  • Security Metrics Delivery and Improvements: Develop, deliver, and continuously enhance security metrics to evaluate the effectiveness of security initiatives, drive accountability, and inform data-driven decision-making across the organization.


The must haves:

  • Proven experience as a Principal Security Engineer or similar role, with hands-on experience in security architecture, engineering, and operations.
  • Expertise in Google Cloud Platform (GCP) security, with knowledge of AWS and/or Azure security practices as a plus.
  • Strong background in DevSecOps, with experience in integrating security into CI/CD pipelines using tools like Jenkins, GitLab, or similar.
  • Experience implementing and managing SAST/DAST tools and processes to secure application development.
  • Deep understanding of application security, including secure coding practices, OWASP Top 10, and API security standards.
  • Knowledge of Customer Identity and Access Management (CIAM) solutions and API security frameworks.
  • Knowledge of one or more programming languages with the ability to review and implement secure code.
  • Strong understanding of security automation, orchestration, and continuous monitoring tools (e.g., SIEM, SOAR).


What's in it for you:

Our goal is to celebrate our people, their lives and everything in-between. We aim to create a culture that empowers everyone to bring the best versions of themselves to work each and every day. We believe the most inclusive and diverse culture makes for a better business and a brighter world.

Working at Virgin Media O2, you get a bumper reward package bursting with benefits, and loads of extras you can add if you'd like to. These are designed to support both you and your loved ones, making sure that you're covered no matter what life throws your way.


Next steps:

If we feel like a place where you can belong, we'd love to learn more about you as a person and your experience to date. Once you've submitted an application the next steps of the process, if successful, are likely to include an initial introductory call followed by two technical rounds.

When you apply, you'll be asked about any adjustments you might need to support the recruitment process. Let us know, and we'll be sure to discuss it with you.

Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert, therefore we may bring the closing date forward. We encourage all interested applicants to apply as soon as possible. If you're offered a job with us, it will be conditional, based on the passing of background checks.


Company

Learn more about this company

Visit this company’s hub to learn about their values, culture, and latest jobs.

#J-18808-Ljbffr

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.