Senior Security Engineer

Policy Expert
London
10 months ago
Applications closed

Related Jobs

View all jobs

Senior Security Engineer

Senior Network Engineer

Security Governance & Compliance Analyst - NIST, ISO

Senior Information Security Engineer

Cyber Security Engineer

Identity Lead

Policy Expert - Senior Security Engineer

Were on a mission to make: The most successful insurance disruptor people want to stay with for life

Are you ready to transform the insurance industry with innovative technology? At Policy Expert, we are on a mission to revolutionizeHome,Pet, andMotorinsurance, making it clear, fair, and great value for customers. Since our inception in 2011, our breakthrough thinking and proprietary tech have won us over1.5 million customersand the title of the UKs No.1-rated home insurance provider for9 years.

About the DevSecOps team:

At Policy Expert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Becoming part of the DevSecOps team means joining a high-impact, forward-thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisations competitive edge and fostering customer trust.

Your day to day:

  • Lead the application and API security initiatives, ensuring robust protection mechanisms are in place.
  • Own and drive the Application Security Posture Management (ASPM) function.
  • Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
  • Configure and manage security tooling such as ASPM, CSPM, IAM/PAM, WAF, including writing custom security rules for the CI/CD pipeline.
  • Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.
  • Participate in first responder rota where you would be the point of contact for consulting on security queries from development team, reviewing state of security through internal or external threat intelligence, and responding to security alerts.
  • Perform and support internal pentesting efforts, identifying and mitigating vulnerabilities in our applications and APIs.


Who are you:

  • Proven experience delivering web application and API security improvements across an organisation.
  • Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM and CSPM.
  • Hands-on experience with IAM solutions such as Auth0, or AWS Cognito.
  • Strong background in threat modelling and vulnerability management.
  • Strong background in AWS, cloud computing concepts, and cloud security best practices.


Bonus points if:

  • Previous experience as a software engineer.
  • Experience running a security champion program.
  • Knowledge of security incident management and response.
  • Relevant certifications such as OSCP, OSWP, CISSP, AWS Security Specialty, or similar.


Interview Process:

  1. 15 minute Chat with someone from our Internal Talent Team.
  2. 90 minute Technical Interview with our Lead DevSecOps Engineer.
  3. 60 minute Culture fit interview with Tech Principal of Platform Engineering and non-technical person.


Benefits:

This role will be based in our London office in a 50/50 Hybrid mode.

Generous Pension contribution scheme.

Private medical & Dental cover.

Learning budget of £1,000 a year + Study leave (with encouragement to use it).

Enhanced maternity & paternity.

Travel season ticket loan.

Access to a wide selection of London O2 events and use of a Private Lounge.

Employee Wellbeing Programme.

What We Stand for and Next Steps:We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on an individuals skills, knowledge, and experience. The quality and growing diversity of our team is a testament to this commitment.

At Policy Expert, we are committed to fostering an inclusive and supportive environment for all candidates. If you require any reasonable adjustments during the interview process to accommodate your needs, please do not hesitate to let us know. We are dedicated to ensuring every candidate has an equal opportunity to succeed and will work with you to provide the necessary support.

We aim to be in touch within 14 working days of your application - you will be notified if successful or unsuccessful. Please be encouraged to apply even if you do not meet all the requirements.J-18808-Ljbffr

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.