Security Engineer / Cloud / DSOMM / OWASP / Salesforce

Permanent

Hybrid - 2 or 3 days p/w on-site

Leeds

FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security into the development lifecycle and working with modern tooling and cloud environments.

The successful Security Engineer's responsibilities will include:

Collaborating with development teams to implement secure coding practices and remediation strategies
Driving improvements in security maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling)
Designing, building, operate, monitoring secure solutions across complex platforms
Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems
Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc)
Implementing and optimising observability platforms for holistic system monitoring
Supporting and securing software delivery lifecycle, from development to deployment and ongoing operations

The successful Security Engineer's essential skills will include:

A deep understanding of the Salesforce platform and eco-system, with experience supporting secure integration and development
Strong knowledge of networking protocols (e.g. TCP/IP, UDP, HTTP/3) and cloud network architecture (VPNs, subnets, zones)
Experience with API security and integration-related platforms such as Auth0 or API Gateways
Proficiency with security tools including SAST (e.g. Snyk, Checkmarx), SCA, and DAST (e.g. OpenZAP, Qualys DAST)
Ability to manage secure operations of large-scale software estates, including deployment pipelines, rollback strategies, and uptime monitoring
Practical experience building automated security test suites into CI/CD workflows
Familiarity with security frameworks such as DSOMM, OWASP, and SAMM

Suitability:This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with a strong security focus and interest in building secure, scalable systems in the cloud.

Note:Demonstrable experience of Security Engineering in, on and around the Salesforce platform is critical to this post.

Note:Candidates must be based in the UK and authorised to work.

Note:On-site attendance 3 days a week is required

Candidates can be based (3 days a week) from multiple UK locations, Leeds, Bristol, Tunbridge Wells, Bournemouth, Manchester, Leicester, Redhill