Senior Security Engineer

Policy Expert
London
4 days ago
Create job alert

Policy Expert - Senior Security Engineer

Were on a mission to make: The most successful insurance disruptor people want to stay with for life

Are you ready to transform the insurance industry with innovative technology? At Policy Expert, we are on a mission to revolutionizeHome,Pet, andMotorinsurance, making it clear, fair, and great value for customers. Since our inception in 2011, our breakthrough thinking and proprietary tech have won us over1.5 million customersand the title of the UKs No.1-rated home insurance provider for9 years.

About the DevSecOps team:

At Policy Expert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Becoming part of the DevSecOps team means joining a high-impact, forward-thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisations competitive edge and fostering customer trust.

Your day to day:

  • Lead the application and API security initiatives, ensuring robust protection mechanisms are in place.
  • Own and drive the Application Security Posture Management (ASPM) function.
  • Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
  • Configure and manage security tooling such as ASPM, CSPM, IAM/PAM, WAF, including writing custom security rules for the CI/CD pipeline.
  • Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.
  • Participate in first responder rota where you would be the point of contact for consulting on security queries from development team, reviewing state of security through internal or external threat intelligence, and responding to security alerts.
  • Perform and support internal pentesting efforts, identifying and mitigating vulnerabilities in our applications and APIs.


Who are you:

  • Proven experience delivering web application and API security improvements across an organisation.
  • Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM and CSPM.
  • Hands-on experience with IAM solutions such as Auth0, or AWS Cognito.
  • Strong background in threat modelling and vulnerability management.
  • Strong background in AWS, cloud computing concepts, and cloud security best practices.


Bonus points if:

  • Previous experience as a software engineer.
  • Experience running a security champion program.
  • Knowledge of security incident management and response.
  • Relevant certifications such as OSCP, OSWP, CISSP, AWS Security Specialty, or similar.


Interview Process:

  1. 15 minute Chat with someone from our Internal Talent Team.
  2. 90 minute Technical Interview with our Lead DevSecOps Engineer.
  3. 60 minute Culture fit interview with Tech Principal of Platform Engineering and non-technical person.


Benefits:

This role will be based in our London office in a 50/50 Hybrid mode.

Generous Pension contribution scheme.

Private medical & Dental cover.

Learning budget of £1,000 a year + Study leave (with encouragement to use it).

Enhanced maternity & paternity.

Travel season ticket loan.

Access to a wide selection of London O2 events and use of a Private Lounge.

Employee Wellbeing Programme.

What We Stand for and Next Steps:We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on an individuals skills, knowledge, and experience. The quality and growing diversity of our team is a testament to this commitment.

At Policy Expert, we are committed to fostering an inclusive and supportive environment for all candidates. If you require any reasonable adjustments during the interview process to accommodate your needs, please do not hesitate to let us know. We are dedicated to ensuring every candidate has an equal opportunity to succeed and will work with you to provide the necessary support.

We aim to be in touch within 14 working days of your application - you will be notified if successful or unsuccessful. Please be encouraged to apply even if you do not meet all the requirements.J-18808-Ljbffr

Related Jobs

View all jobs

Senior Security Engineer

Senior Security Engineer

Senior Security Engineer, Detection & Response - (Remote - UK)

Senior Fire & Security Engineer

VP - Security Engineer

VP – Security Engineer

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Cyber Security vs. Ethical Hacking vs. Security Analysis Jobs: Which Path Should You Choose?

In an era where data breaches, ransomware attacks, and sophisticated digital threats dominate headlines, the demand for skilled cyber security professionals has never been higher. From global corporations to small businesses, organisations are scrambling to protect their systems, networks, and data from malicious actors. If you’ve been exploring cyber security jobs on www.cybersecurityjobs.tech, you’ve likely encountered various specialised roles—Ethical Hacking (often termed Penetration Testing), Security Analysis, Security Architecture, Incident Response, and more. Yet many job seekers and technology enthusiasts are unsure how these fields overlap or which one is right for them. In this in-depth guide, we’ll demystify three core disciplines—Cyber Security, Ethical Hacking, and Security Analysis—outlining the skills each requires, the responsibilities you can expect, salary ranges in the UK, and typical day-to-day activities. By the end, you’ll have a clearer understanding of these roles, helping you decide which path to pursue in this fast-growing industry. And when you’re ready to take the next step, head over to www.cybersecurityjobs.tech to explore the latest openings and find your perfect match.

Careers

Cyber Security Programming Languages for Job Seekers: Which Should You Learn First to Launch Your Security Career?

Cyber security has become a top priority for companies of all sizes, public institutions, and governments. As cyber threats evolve—from sophisticated ransomware attacks to large-scale data breaches—employers are eager to recruit talent with the skills to detect, prevent, and respond to security incidents. If you’re exploring roles on www.cybersecurityjobs.tech, a key question inevitably arises: Which programming language should you learn first for a career in cybersecurity? Cyber security is a multifaceted domain encompassing network security, application security, reverse engineering, digital forensics, ethical hacking (penetration testing), and more. Each niche may have unique language preferences—like Python for scripting tasks, C/C++ for exploit development, or Rust for building secure low-level tools. In this article, we’ll: Highlight the top programming languages used across cyber security. Break down pros, cons, and key use cases for each language. Present a simple beginner’s project for hands-on learning. Share essential resources and tips, so you can stand out in the competitive cybersecurity job market.

Jobs

UK Visa & Work Permits Explained: Your Essential Guide for International Cyber Security Talent

Cyber security is one of the fastest-growing fields in today’s digital age. As cyber threats proliferate—ranging from data breaches and ransomware attacks to sophisticated nation-state incursions—organisations worldwide are investing more than ever to protect their systems, networks, and customer data. The United Kingdom, in particular, is emerging as a hub for advanced cyber defence, AI-driven threat detection, and compliance consulting. For international cyber security professionals, the UK offers a wealth of career opportunities, spanning financial services, government contracts, tech start-ups, and global corporations. However, stepping into the UK’s cyber security job market requires a clear understanding of the country’s visa and work permit processes. If you are an international candidate with expertise in areas like intrusion detection, penetration testing, or security architecture, navigating these immigration pathways can be daunting. This article aims to demystify the visa process—highlighting key routes, eligibility criteria, and practical tips—to help you seamlessly transition into the British cyber security ecosystem.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.