Senior Security Engineer - Secure Development & DevSecOps | Pension De-risking Market Leader

[Up to c. £225k Comp Package | Hybrid Working - 3 Days in Office]

We’re partnering with a leading pensions investment firm undergoing a major cloud-native technology transformation, embedding security into every layer of software delivery. This is a rare opportunity to join a highly technical security engineering team with full leadership backing, directly shaping secure-by-design systems that safeguard billions in assets and over a million pension holders. If you’re passionate about automation, developer enablement, and driving security culture within engineering-led teams, this role offers real influence and impact at scale...

Key Responsibilities

• Integrate security controls across the full software development lifecycle - from threat modelling and design to secure coding and CI/CD pipeline enforcement
• Build and automate security tooling into developer workflows, including SAST, DAST, secrets management, dependency scanning and policy-as-code guardrails
• Create reusable infrastructure-as-code modules and templates to enable consistent security patterns across cloud-native deployments (AWS focus)
• Collaborate closely with developers and platform engineers to embed security seamlessly into engineering processes without blocking delivery velocity
• Translate emerging threats into actionable design guidance, continuously refining security architecture and developer enablement
• Support incident response and remediation efforts where necessary, ensuring resilience across cloud and hybrid environments
• Contribute to broader security engineering capabilities, including Identity & Access Management and Security Architecture functions

What You’ll Bring...

• 4-10 years’ hands-on experience in Security Engineering, DevSecOps, or Software Engineering roles with a strong SDLC focus
• Proven track record embedding security controls into CI/CD pipelines and developer tooling
• Hands-on expertise with Terraform, GitLab CI, AWS Security Hub, Wiz (or similar tooling)
• Deep understanding of cloud-native architectures including serverless, containers, and API-driven infrastructure (AWS)
• Strong scripting and automation skills to develop policy-as-code and security guardrails
• Confident communicator who can influence engineering teams and champion security culture across technical stakeholders
• Familiarity with security frameworks such as NIST, OWASP ASVS, and CIS Benchmarks
• (Preferred) Experience driving security maturity within regulated industries such as financial services
• (Preferred) Certifications such as AWS Security Specialty, CSSLP, or GIAC DevSecOps

...