Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Senior Security Engineer

Policy Expert
London
8 months ago
Applications closed

Related Jobs

View all jobs

Senior Security Engineer

Senior Security Engineer | £500 - £700 | Outside IR35 | 3 Months | Fully Remote

Security Engineer

Senior Cloud Security Operations Engineer

Senior Cybersecurity & Compliance Architect

Operational Technology (OT) Cyber Security Engineer

Policy Expert - Senior Security Engineer

Were on a mission to make: The most successful insurance disruptor people want to stay with for life

Are you ready to transform the insurance industry with innovative technology? At Policy Expert, we are on a mission to revolutionizeHome,Pet, andMotorinsurance, making it clear, fair, and great value for customers. Since our inception in 2011, our breakthrough thinking and proprietary tech have won us over1.5 million customersand the title of the UKs No.1-rated home insurance provider for9 years.

About the DevSecOps team:

At Policy Expert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Becoming part of the DevSecOps team means joining a high-impact, forward-thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisations competitive edge and fostering customer trust.

Your day to day:

  • Lead the application and API security initiatives, ensuring robust protection mechanisms are in place.
  • Own and drive the Application Security Posture Management (ASPM) function.
  • Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
  • Configure and manage security tooling such as ASPM, CSPM, IAM/PAM, WAF, including writing custom security rules for the CI/CD pipeline.
  • Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.
  • Participate in first responder rota where you would be the point of contact for consulting on security queries from development team, reviewing state of security through internal or external threat intelligence, and responding to security alerts.
  • Perform and support internal pentesting efforts, identifying and mitigating vulnerabilities in our applications and APIs.


Who are you:

  • Proven experience delivering web application and API security improvements across an organisation.
  • Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM and CSPM.
  • Hands-on experience with IAM solutions such as Auth0, or AWS Cognito.
  • Strong background in threat modelling and vulnerability management.
  • Strong background in AWS, cloud computing concepts, and cloud security best practices.


Bonus points if:

  • Previous experience as a software engineer.
  • Experience running a security champion program.
  • Knowledge of security incident management and response.
  • Relevant certifications such as OSCP, OSWP, CISSP, AWS Security Specialty, or similar.


Interview Process:

  1. 15 minute Chat with someone from our Internal Talent Team.
  2. 90 minute Technical Interview with our Lead DevSecOps Engineer.
  3. 60 minute Culture fit interview with Tech Principal of Platform Engineering and non-technical person.


Benefits:

This role will be based in our London office in a 50/50 Hybrid mode.

Generous Pension contribution scheme.

Private medical & Dental cover.

Learning budget of £1,000 a year + Study leave (with encouragement to use it).

Enhanced maternity & paternity.

Travel season ticket loan.

Access to a wide selection of London O2 events and use of a Private Lounge.

Employee Wellbeing Programme.

What We Stand for and Next Steps:We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on an individuals skills, knowledge, and experience. The quality and growing diversity of our team is a testament to this commitment.

At Policy Expert, we are committed to fostering an inclusive and supportive environment for all candidates. If you require any reasonable adjustments during the interview process to accommodate your needs, please do not hesitate to let us know. We are dedicated to ensuring every candidate has an equal opportunity to succeed and will work with you to provide the necessary support.

We aim to be in touch within 14 working days of your application - you will be notified if successful or unsuccessful. Please be encouraged to apply even if you do not meet all the requirements.J-18808-Ljbffr

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Neurodiversity in Cyber Security Careers: Turning Different Thinking into a Superpower

Cyber security is all about thinking like an attacker, spotting unusual patterns, protecting systems & responding calmly when everything looks like it’s on fire. It’s a discipline built on curiosity, persistence & noticing things other people miss. That’s exactly why it can be such a good fit for many neurodivergent people. If you live with ADHD, autism or dyslexia, you may have been told your brain is “too distracted”, “too literal” or “too disorganised” for a security role. In reality, the traits that can make traditional office work tough often line up beautifully with cyber security work – from hyperfocus in incident response to meticulous analysis in threat hunting. This guide is written for cyber security job seekers in the UK. We’ll look at: What neurodiversity means in a cyber context How ADHD, autism & dyslexia strengths map to different security roles Practical workplace adjustments you can ask for under UK law How to talk about neurodivergence during applications & interviews By the end, you’ll have a clearer sense of where you might thrive in cyber security – & how to turn “different thinking” into a genuine superpower.

Jobs

Cyber Security Hiring Trends 2026: What to Watch Out For (For Job Seekers & Recruiters)

As we move into 2026, the cyber security jobs market in the UK is changing fast. Attackers are scaling up with automation & AI, cloud estates are more complex, & regulators are tightening expectations around resilience & data protection. At the same time, budgets are under pressure & some organisations are consolidating their tech teams. Despite all this, demand for cyber security skills remains strong. Skilled defenders, engineers & leaders are still hard to find, & the stakes are only getting higher. Whether you are a cyber security job seeker planning your next move, or a recruiter building security teams, understanding the key cyber security hiring trends for 2026 will help you make better decisions.

Jobs

Cyber Security Recruitment Trends 2025 (UK): What Job Seekers Must Know About Today’s Hiring Process

Summary: UK cyber security hiring has shifted from title‑led CV screens to capability‑driven assessments that emphasise incident readiness, cloud & identity security, detection engineering, governance/risk/compliance (GRC), measurable MTTR/coverage gains & secure‑by‑default engineering. This guide explains what’s changed, what to expect in interviews, & how to prepare—especially for SOC analysts, detection engineers, blue/purple teamers, penetration testers, cloud security engineers, DFIR, AppSec, GRC & security architecture. Who this is for: SOC & detection engineers, security operations leads, DFIR analysts, penetration testers/red teamers, purple teamers, AppSec/DevSecOps engineers, security architects, cloud security engineers, identity/IAM engineers, vulnerability managers, GRC/compliance specialists, product security & security programme managers targeting roles in the UK.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.