Senior Security Engineer
Role OVO-View
Salary banding:£53,000 - £76,000
Experience:Senior
Working pattern:Full-Time
Reporting to:Senior Security Engineer
Sponsorship:Unfortunately we are unable to offer sponsorship for this role.
This role in 3 words:Code, Cloud, Security
Top 3 qualities for this role:Problem Solving, Challenger, Curiosity
Where you’ll work:
Depending on the needs of your business area, we expect hub based people to be in the office at least once a week, and to go to OVO Connection events in-person.
You’ll be assigned to the closest one of our three hub offices, Bristol, Glasgow, or London; unless your role requires field-based work. Each hub has accessible spaces to park your laptop, is designed to inspire people, help them connect and bring big ideas to life.
Everyone belongs at OVO
At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.
Teamworking for the planet
Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:
We’re hiring creators and challengers who deliver high-impact, well-engineered solutions. Every role we’re hiring puts people at the heart of our security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with secure technology!
This role in a nutshell:
The security engineering team collaborates with OVO’s Engineering teams to secure the design and configuration of OVO applications, infrastructure and to secure access to OVO’s resources. As a senior security engineer you will pioneer an innovative and inclusive security culture, inspire with compelling security solutions and land secure defaults and designs in data and cloud native engineering teams’ code, CI/CD and infrastructure. You will personally excel at implementing reliable tools to prevent, mitigate or automatically remediate misconfigurations and vulnerabilities. You will champion operational excellence across all OVO-built and accessed applications and infrastructure.
Your key outcomes will be:
Minimise Security Risk Exposure: Proactively identify, assess, and drive the mitigation of complex security risks within key products and systems through continuous attack, exposure and controls monitoring, expert assessment, threat modelling, and leading remediation efforts. Strengthen Secure Foundations: Champion and embed robust security architecture principles, secure development lifecycle (SDL) practices, and practical standards within development teams to build security in from the start. Enhance Security Operations & Team Capability: Optimise security tooling and processes within your domain for effectiveness and efficiency, while accelerating the development of junior engineers through active mentorship and guidance.
Systems:Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list):
Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP and AWS native security and compliance monitoring CI/CD product development pipelines and automation Identity and Access Management and Privileged Access Management platforms SaaS discovery, context-aware access and continuous access evaluation, SaaS and Cloud security event monitoring and security posture management Application Security Verification Standard and related technologies Web Application Firewall (e.g. Cloudflare, Cloud Armor) Data and AI security (eg DSPM, DLP, Model Armor) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira)
You’ll be a successful Senior Security Engineer at OVO if you …
Develop & Maintain Security Standards:Define, document, socialise, and maintain specific security standards, baselines, and procedures tailored to your assigned products or teams. Ensure these align with broader organisational policies while providing practical, actionable tools and guardrails for developers and engineers.
Lead Risk Assessments & Threat Modelling:Independently plan and conduct in-depth security risk assessments (evaluating likelihood and impact) and perform routine, detailed threat modelling (including attack path analysis) for key projects, features, and applications. Analyse complex findings, prioritise risks effectively, and architect practical, proportionate mitigation strategies.
Manage & Optimise Security Tooling: Take full ownership of configuring, operating, tuning, and maintaining relevant security tools (e.g., SAST, DAST, IAST, SCA, vulnerability scanners, CNAPP, CADR and WAF policies) within your domain. Focus on integrating tools seamlessly into CI/CD pipelines, automating processes, minimising false positives, and building data flows that ensure findings lead to actionable remediation. Troubleshoot complex tool issues independently.
Influence Security Policy & Strategy:Actively contribute your subject matter expertise to the development and refinement of broader system, data, and cloud security policies and strategic initiatives, ensuring they are informed by practical implementation challenges and realities.
Embed Secure Architecture:Serve as a security authority during design phases. Proactively review proposed architectures, features, and system designs, applying security principles and best practices (e.g., defense-in-depth, least privilege, secure-by-default). Recommend secure design patterns, technologies, and configurations, collaborating closely with development and platform teams to embed security from the start.
Oversee & Interpret Security Testing:Plan, scope, conduct, or commission comprehensive security tests (e.g., penetration tests, vulnerability assessments, code reviews) for your projects and pipelines. Critically analyse and interpret complex results from various testing sources, validate findings rigorously, and translate technical risks into business impact. Guide junior engineers effectively through the testing process.
Mentor Junior Engineers:Actively mentor associate and mid-level security engineers. Provide technical guidance on security concepts and tools, review their work (e.g., assessment reports, proposed controls), share knowledge and experience, and support their professional development within the team.
Community of Practice:Contribute to the security engineering Community of Practice (CoP) by leading discussions, sharing practices, offering firsthand experience to the wider community, engaging in knowledge exchange / cross-pollination to further your craft. Create content and and individually contribute to the stated successful outcomes for this CoP
Let’s talk about what’s in it for you
We’ll pay you between £53,000 and £76,000, depending on your specific skills and experience.
We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.
You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.
We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay. We'll give you 9% Flex Pay on top of your salary – 4% of this is auto enrolled into your pension, and the remaining 5% is yours to do what you like with. You can use this to buy from our extensive range of flexible benefits, including our green benefits which we've put at the heart of our offering, add to your pension or even take it as cash.
Here’s a taster of what’s on offer:
For starters, you’ll get 34 days of holiday (including bank holidays).
For your healthWith benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more
For your wellbeingWith gym membership, travel insurance, workplace ISA, will writing services, dental insurance, and moreFor your lifestyleWith extra holiday buying, discount dining, home & tech loans, and supporting your favourite charities with give-as-you-earn donations
For your homeGet up to £400 towards any OVO Energy plan, plus great discounts on solar, smart thermostats and EV chargers
For your commuteNab a great deal on ultra-low emission car leasing,plus our cycle to work scheme and public transport season ticket loans
Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.
For your Belonging
To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.
