68 jobs found

Job Title: Cyber Security Lead Location: Plymouth, Devon Compensation: £57,300 + Benefits Role Type: Full time / Permanent Role ID: SF73469 At Babcock we're working to create a safe and secure world, together, and if you join us, you can play your part as a Cyber Security Lead at our Devonport Royal Dockyard site. The role As a Cyber Security Lead, you'll play a critical role in protecting digital systems that support some of the UK's most important defence infrastructure programmes. Working across major infrastructure projects within the Defence Nuclear Enterprise, you'll lead the delivery of secure-by-design solutions, ensuring systems meet strict Ministry of Defence cyber security and risk assurance requirements. Day-to-day, you'll have an exciting opportunity to operate at the forefront of cyber security in defence, shaping security architecture, influencing programme delivery, and protecting essential national capabilities. You'll collaborate with engineers, architects, and delivery teams, helping to embed security into every stage of the lifecycle while advancing your own career in a highly complex and rewarding environment. Responsibilities Leading secure by design assurance activities across complex programmes Conducting threat modelling and cyber risk assessments using recognised frameworks Developing risk treatment plans and implementing mitigation strategies Producing technical security evidence including risk assessments and vulnerability analysis Supporting programme teams, architects, and engineers to embed cyber security best practice Essential Experience Strong experience delivering secure by design or cyber security assurance activities Experience working within defence, government, or highly regulated environments In-depth knowledge of cyber security frameworks such as NIST, ISO 27001, and ISO 27005 Proven ability to conduct threat modelling and risk assessments Experience influencing multidisciplinary teams including engineering and DevOps functions Qualifications Relevant professional experience in cyber security, information security, or risk assurance Professional certifications such as Certified Information Systems Security Professional, Certified Information Security Manager, or equivalent are desirable Security Clearance The successful candidate must be a sole UK National who is able to achieve and maintain Security Check (SC) security clearance for this role. Many of the positions within our company are subject to national security clearance and Trade Control restrictions. This means that your eligibility for certain roles may be affected by your place of birth, nationality, current or former citizenship, and any residency you hold or have held. Further details are available at United Kingdom Security Vetting: clearance levels - GOV.UK (). Benefits Generous holiday allowance Matched contribution pension scheme, with life assurance Access to a Digital GP, annual health check, and nutritional consultations through Aviva DigiCare+ Employee share scheme Employee shopping savings portal Payment of Professional Fees Reservists in the armed forces receive 10-days special paid leave Holiday Trading is a benefit that allows UK Babcock employees to buy additional leave or to sell up to one working week of annual leave from their annual entitlement. There is an annual Window to request this benefit. 'Be Kind Day' enables employees to take one working day's paid leave a year (or equivalent hours) to undertake volunteering work with their chosen organisation or registered charity Excellent development opportunities and benefits package including an employee assistance programme supporting physical, mental and financial wellbeing. We are a disability confident committed employer. If you have a disability or need any reasonable adjustments during the application and selection stages, please email with the subject header 'Reasonable adjustments requirement'. We're committed to building an inclusive culture where everyone's free to thrive. We are happy to talk about flexible working - please ask about alternative patterns of work at interview. Closing date: 24/06/2026

Aircall is a unicorn, AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, resolve issues faster, and scale customer-facing teams. We're redefining customer communications by bringing voice, SMS, WhatsApp, and AI together into one seamless workspace. Our momentum comes from a simple idea: help teams work smarter, not harder. Aircall's AI Voice Agent automates routine calls, AI Assist streamlines post-call work, and AI Assist Pro delivers real-time guidance so people can do their best work. The result is higher revenue, faster resolutions, and teams that scale with confidence. Aircall is headquartered in Paris, our European HQ, with a strong North American presence anchored in Seattle, our North American HQ, and teams across Madrid, London, Berlin, San Francisco, New York City, Sydney, and Mexico City. We've built a product customers love and a business that's scaling quickly, backed by world-class investors and driven by rapid AI innovation across multiple product lines. At Aircall, you'll join a company in motion. We're ambitious, product-driven, and execution-focused, with visible impact, fast decisions, and real growth. How we work at Aircall: We're customer-obsessed, data-driven, and focused on delivering meaningful outcomes. We value ownership, continuous learning, and thoughtful speed. If you thrive in a collaborative, fast-moving environment where trust and impact matter, you'll feel at home here. About the role: As a Security Engineer, Product Security, you will help Aircall build and ship secure products by working closely with engineering teams and product managers to identify risk early, reduce vulnerabilities, and improve security quality across the software development lifecycle. You'll support secure-by-design practices and help ensure security is integrated into how teams design, build, test, and release software. In this role, you'll be hands-on across threat modelling, vulnerability detection and remediation, and security testing. You will partner with engineers to make security practical and actionable - helping teams move quickly while raising the security bar. You'll also have a strong bias to leveraging AI to scale. Key Responsabilities: Partner with engineering teams to review designs and implementation plans, identifying security risks early and recommending mitigations. Perform threat modelling for new features and major changes, helping teams document risks, assumptions, and security controls. Identify and help remediate common vulnerability classes across services and APIs (e.g., auth/authz, injection, data exposure, logic flaws). Triage and support remediation of vulnerabilities identified through SAST/DAST tools, internal testing, or third-party findings. Conduct security testing and validation, including targeted manual testing for high-risk areas. Help improve secure development practices by creating reusable guidance, checklists, and secure patterns for engineering teams. Contribute to security tooling and automation that improves coverage, reduces false positives, and streamlines security reviews. Assist with product security incidents by supporting investigation, impact analysis, and follow-up remediation. Communicate security risks clearly and pragmatically, helping teams prioritize effectively and ship safely. Document learnings and contribute to evolving product security processes and standards. Requirements: 2-5 years of experience in Product Security, Application Security, or software engineering with a strong security focus. Strong understanding of web application and API security fundamentals and common vulnerability classes (OWASP Top 10). Experience performing security reviews, threat modelling, or secure architecture assessments for software systems. Familiarity with security testing tools and practices (SAST/DAST, dependency scanning, fuzzing, manual testing). Comfort reading and reviewing production code in at least one language (e.g., Python, Go, Java, JavaScript/TypeScript). Exposure to automated or AI-assisted security tools or workflows, and interest in applying them to improve developer experience and security outcomes. Ability to work cross-functionally with engineering teams and communicate findings in a constructive, actionable way. Proven ability to drive remediation efforts and follow through on risk reduction outcomes. Nice-to-have: Experience with cloud-native architectures (AWS/GCP/Azure), microservices, Kubernetes, service-to-service authentication, and secrets management. Experience tuning security tools to reduce noise and improve signal (e.g., improving rules, baselines, or pipelines). Familiarity with secure SDLC practices and security champions programs. Exposure to bug bounty/vulnerability disclosure or working with external researchers. Experience improving internal security automation or developer workflows (including using AI-assisted tooling). Why join us? Key moment to join Aircall in terms of growth and opportunities Our people matter, work-life balance is important at Aircall Fast-learning environment, entrepreneurial and strong team spirit 45+ Nationalities: cosmopolite & amp; multi-cultural mindset Competitive salary package & amp; benefits DE&I Statement: At Aircall, we believe diversity, equity and inclusion - irrespective of origins, identity, background and orientations - are core to our journey. We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We're working to create a place filled with diverse people who can enrich and learn from one another. We're committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive. We are strongly committed to hiring a diverse and multicultural team and we encourage applications from traditionally underrepresented backgrounds.

About the company Allica is the UK's fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech. Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers. Technology sits at the centre of Allica. We design and build the platforms that power the bank, working closely with every part of the business to deliver real impact for customers. Our teams move quickly, focus on outcomes, and take ownership from concept through to delivery. We solve complex problems, modernise processes, and enable the business to scale with confidence. What makes us different is the level of influence and autonomy engineers have. We work without the weight of legacy systems, which means we can focus on building for the future. Everyone contributes ideas and helps shape how we operate, and roles evolve as the organisation grows. This is a place for people who want to have a tangible impact and do their best work in a modern, collaborative environment. Role Description The Full Stack Engineer contributes to the design and delivery of products within a squad, helping to build secure, reliable, and accessible software while maintaining high engineering standards and a good developer experience. You will use your skills in Spring Boot microservices (Kotlin/Java) and modern web technologies (React/TypeScript) to deliver features across the stack. Our backend services run as containerised applications on Azure Container Apps, and our web applications are deployed via Azure Static Web Apps; you will help ensure the services and applications you work on are production-ready and make effective use of these platforms. You will contribute to good engineering practices in observability, CI/CD, security, performance, and accessibility, helping systems meet the standards expected of a UK bank. You will contribute to Architecture Decision Records (ADRs) and follow organisation-wide patterns and standards. You are hands-on and collaborative: you help design features, write code, review changes, and work closely with engineers, Product, and Design to deliver valuable outcomes. You use approved GenAI tools such as GitHub Copilot, Codex or Claude Code responsibly to improve productivity and quality, while validating outputs carefully. Success in this role is measured by the consistent delivery of high-quality features, contribution to reliable and maintainable systems, improvements to the codebase and operational health of services, and your growth in technical capability and ownership. Principal Accountabilities Contribute to the end-to-end design and delivery of features across the full stack using: Backend: Kotlin/Java Spring Boot microservices, containerised and deployed on Azure Container Apps, exposing REST/OpenAPI APIs and integrating with other services and data stores. Frontend: React/TypeScript, shared design system components, and agreed architectural patterns, deployed on Azure Static Web Apps. Contribute to technical design discussions and help produce clear ADRs for significant decisions, documenting context, options, trade-offs, and outcomes in line with organisation standards. Support the squad's services in production by contributing to SLOs and operational metrics, monitoring systems, responding to incidents, and helping to reduce recurring issues and improve reliability. Apply secure and compliant engineering practices Follow secure coding standards and contribute to threat modelling activities. Ensure logging, audit trails, and data handling meet regulatory and privacy requirements. Ensure accessibility standards are met in user-facing features. Help strengthen observability and operational excellence within the squad by contributing to metrics, tracing, logs, dashboards, runbooks, and alerts, and using them effectively in day-to-day engineering work. Contribute to improvements in developer experience, including CI/CD pipelines, test strategy, local development workflows, and release practices, in line with wider engineering standards and cloud deployment patterns. Use AI-assisted engineering responsibly Use approved tools like GitHub Copilot, Codex or Claude Code to improve speed, quality, and consistency. Validate and refine AI-generated code to ensure correctness, maintainability, and compliance. Share feedback and effective practices with the team. Collaborate closely with Product Managers and Designers to understand requirements, shape practical solutions, and deliver work aligned to product goals and timelines. Maintain high standards of code quality, testing, documentation, and maintainability across the squad's codebase, while helping to reduce technical debt. Support other engineers through pairing, code review, and knowledge sharing, contributing positively to the growth and effectiveness of the squad. Personal Attributes & Experience Experience building and operating Spring Boot microservices in Kotlin or Java, including REST APIs, integrations, and containerised deployments on a major cloud platform (Azure preferred; AWS or Google Cloud also relevant). Good knowledge of React and TypeScript, with practical experience building accessible, maintainable, and performant user interfaces. Ability to design and deliver well-structured features within an existing architecture, with an understanding of trade-offs around scalability, maintainability, and delivery pace. Good understanding of distributed systems fundamentals appropriate to microservices, such as resilience, latency, and failure handling. Good understanding of secure coding practices, privacy considerations, and security expectations for production systems. Experience with testing, CI/CD pipelines, and observability tooling; familiarity with Azure DevOps Pipelines and Azure deployment services is beneficial. Ability to improve code quality through refactoring, clearer abstractions, and maintaining sensible boundaries between modules and services. Experience collaborating through code review, pairing, and technical discussions to help improve team outcomes. Experience using GenAI tools such as GitHub Copilot, Codex or Claude Code to improve productivity and code quality, with a clear understanding of their limitations and the need for review and validation. Strong communication and collaboration skills, with the ability to work effectively with engineers, Product Design & other stakeholders. Working at the company At the company we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers. Our employees are at the heart of everything we do, so our benefits are designed with you in mind: Full onboarding support and continued development opportunities Options for flexible working Regular social activities Pension contributions Discretionary bonus scheme Private health cover Life assurance Family friendly policies including enhanced Maternity & Paternity leave Flexible working We know the '9-to-5' isn't right for everyone. That's why the company is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate. Diversity We're a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.

Overview Join the company Cloud Object Store (ACOS) team as a Software Engineer with a focus on security. The ACOS team, which is part of the company Services Engineering organisation, is one of the most critical infrastructure teams at the company, storing and serving petabytes of data across the company's services. The ASE organization builds and operates the cloud infrastructure underpinning the company's services, bringing together compute, storage, networking, and security into a unified the company Cloud platform. In this role you'll work at the intersection of distributed systems engineering and security - building the authentication, authorisation, and encryption foundations that protect data at exabyte scale. The security challenges in a large scale cloud object store are deep and varied. You will work on problems such as designing and evolving authentication systems to meet modern security standards; implementing and improving encryption at rest schemes with robust key lifecycle management at scale; building IAM policy enforcement at high throughput; driving compliance for a multi region storage platform; and conducting threat modeling for a system handling hundreds of thousands of requests per second. You'll also contribute to broader storage engineering work - durability, availability, multi tenancy, and performance - making this a well rounded SWE role with a security first mindset. Responsibilities Own and contribute to security infrastructure projects across authentication, authorisation, and encryption - building platforms that the rest of the storage org consumes. Implement and evolve authentication systems to meet modern security standards: improving credential security, integrating with other company services, and ensuring consistent auth across storage products. Build and maintain encryption at rest infrastructure: key lifecycle management, encryption standard upgrades, and ensuring cryptographic coverage at scale. Participate in threat modeling for new and existing features; embed security reviews into the design and launch process. Identify, scope, and lead projects that span security, reliability, isolation, scalability, and maintainability - this is a broad SWE role, not a pure security role. Work across teams to identify improvement areas, build consensus, and participate in roadmap and security planning discussions. Collaborate with the company's Security and Privacy orgs, serving as the storage org's point of contact for security matters. Preferred Qualifications Experience with IAM systems, STS/short lived credentials, or policy based access control. Hands on experience with encryption infrastructure: key rotation, envelope encryption, or integrating with secret managers (e.g., HashiCorp Vault, AWS KMS, or equivalent). Familiarity with compliance frameworks such as PCI DSS or SOX in a cloud infrastructure context. Experience with threat modelling methodologies or conducting security design reviews. Minimum Qualifications Solid backend software engineering experience with strong computer science fundamentals: networking, distributed systems, and security concepts. Good understanding of authentication and authorisation: familiarity with protocols such as SigV4, OAuth2, mTLS, or IAM style policy systems. Understanding of cryptographic fundamentals: symmetric encryption, key hierarchies, certificate management, or secret management systems. Experience driving complex projects end to end and collaborating across teams.

Job Description Your impact Are you looking to be part of a company driving innovation and creating cutting edge technology? At Leonardo you could be part of one of the UK's most exciting and challenging projects. Do you think you are up to the challenge? We are looking for people that are and who relish the buzz of a busy schedule to join our Design Integrity team. In this role you will work as part of a multi disciplined team, learning, developing and enhancing your Product Security management skills. As a Product Cyber Resilience Manager, you will: Undertake the production of Security Managements Plans, work package descriptions and cost estimates in support of product bids, services and proposals. Review and provide guidance of security risk assessments, risk mitigation plans, mitigation gap analysis and preparation of security management documentation for system Accreditation, such as solution hardening guidance and security operating procedures. Defining product security requirements, advising development teams on suitable implementation standards and techniques and overseeing product development activities. Liaison with Security Accreditors and Security Assurance Coordinators in support of security Accreditation. Participate in internal and external discipline working groups and with academic partners covering Product Cyber Resilience and Product Security for various established and emerging standards. Contribute to continual improvement of the engineering capability You will be responsible for the management of Product Security Risk of all the product families within your sector. You will be accountable to the respective product family System Design Authority (the Risk Owner), providing subject matter advice to the Integrated Product Team, whilst collaborating with your fellow Product Cyber Resilience Managers (PCRMs) across the Electronics Business Unit. The role involves conducting risk assessments, developing and implementing product security strategies and collaborating with cross-functional teams, including Leonardo's Cyber Security Business Unit, to embed product and cyber security best practices throughout the product development lifecycle. You will be responsible for determining product cyber resilience objectives through security risk management techniques in relation to the Integrated Sensing products and then working with the engineering teams to achieve those objectives through the architecture and design of the solution. You'll also support the product assurance activities to verify compliance to those objectives and the transition to operations and ongoing through-life support. What you'll bring In broad terms, you should have as many of the following as possible: Bachelor's degree in Electronics Engineering and/or a related subject e.g. functional safety assessment methods or safety risk management system for complex products based on a recognised framework in a highly regulated industry such as aerospace, nuclear, automotive, rail or oil & gas Practical experience of the System Development Life Cycle, Software Development Life Cycle, V-Models and Agile frameworks. Experience in managing product information security, including risk assessment, threat modelling, vulnerability management, and incident response Strong knowledge of cybersecurity standards and best practices, such as ISO 27001, NIST Cybersecurity Framework, and Knowledge of UK/NATO Information Assurance/Accreditation frameworks; Familiarity with the application of cyber resilience controls to embedded systems. Experience with cybersecurity tools and technologies, such as SIEM, IDS/IPS, DLP, and endpoint protection Proficiency in cybersecurity frameworks, such as MITRE ATT&CK and the Cybersecurity Capability Maturity Model (CMMC) Excellent problem-solving and analytical skills Strong communication and collaboration abilities Certifications such as CISSP, CISM, or CEH are a plus Security Clearance This role is subject to pre-employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). For more information and guidance please visit: You must have the ability to obtain UK SC security clearance and work within UKEO and US ITAR TAA restrictions. Why join us At Leonardo, our people are at the heart of everything we do. We offer a comprehensive, company-funded benefits package that supports your wellbeing, career development, and work-life balance. Whether you're looking to grow professionally, care for your health, or plan for the future, we're here to help you thrive. Time to Recharge:Enjoy generous leave with the opportunity to accrue up to 12 additional flexi-days each year. Secure your Future:Benefit from our award-winning pension scheme with up to 15% employer contribution. Your Wellbeing Matters:Free access to mental health support, financial advice, and employee-led networks championing inclusion and diversity (Enable, Pride, Equalise, Armed Forces, Carers, Wellbeing and Ethnicity). Rewarding Performance: All employees at management level and below are eligible for our bonus scheme. Never Stop Learning: Free access to 4,000+ online courses via Coursera and LinkedIn Learning. Refer a friend:Receive a financial reward through our referral programme. Tailored Perks: Spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more. Flexible working:Flexible hours with hybrid working options. For part time opportunities, please talk to us about what might be possible for this role. For a full list of our company benefits please visit our website. Leonardo is a global leader in Aerospace, Defence, and Security. Headquartered in Italy, we employ over 53,000 people worldwide including 8,500 across 9 sites in the UK. Our employees are not just part of a team-they are key contributors to shaping innovation, advancing technology, and enhancing global safety. At Leonardo we are committed to building an inclusive, accessible, and welcoming workplace. We believe that a diverse workforce sparks creativity, drives innovation, and leads to better outcomes for our people and our customers. If you have any accessibility requirements to support you during the recruitment process, just let us know. Be part of something bigger - apply now! Primary Location GB - Edinburgh Additional Locations GB - Newcastle Contract Type Permanent Hybrid Working Hybrid

We'd all like amazing work to do, and real work life balance. That's waiting for you at Sainsbury's. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you'll realise that ours is a modern software engineering environment because it has to be. We've made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech. Job Title / Role Senior Information Security Analyst - Product Assurance Reporting to Information Security Manager - Sainsbury's Division/Dept Data Governance and Information Security Location Holborn, Coventry, Manchester (Flexible) In a nutshell As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle. You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives. The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. Whilst this role isn't 'hands on' candidates are expected to have an in depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures. What you need to do Good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment. Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail. Review requests to ensure they comply with company policy and best security practice prior to approval. Conduct in depth risk assessments and threat modelling alongside producing detailed documentation. Present findings to management alongside recommendations on how to secure our systems. Advocate for innovative security solutions through persuasive quantitative evidence and presentation. Mentor, engage and help educate junior colleagues across the InfoSec family. Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business. Ensure that risks have been raised and being able to comprehensively explain the issues. Provide subject matter expertise on the InfoSec domain that the candidate is expert at. Evaluate requests from our suppliers to ensure they are fit for purpose. Deliver weekly reporting to management and other stakeholders. Co ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues. Provide support to the Information Security Manager. What you need to know and show A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture. Familiarity with common Mobile Device and Endpoint Management solutions. An understanding of the Microsoft Defender suite of products. Awareness of Email & Web Security Gateway technologies. Ability to understanding the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi site deployments (inc. international). Consideration on how to assess the security of purchased Software as a Service products. Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot. Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite. Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing. Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds. Risk Management experience and understanding of Risk Management Frameworks. Strong analytical and report writing skills. Appreciation of containerisation technologies such as Docker, Kubernetes etc. Experience with logging, monitoring, load balancing/proxies and API gateways. Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet. In depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI DSS and Cyber Kill Chain. Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies. The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing. Strong understanding of the changing threat landscape and how this may affect our systems. The ability to challenge concerns and report through appropriate channels. Self drive, motivation and the ability to work independently to deliver expected outcomes. Excellent teamwork and problem solving skills by blending technical knowledge with business requirements. In depth understanding of data and security risks in a large enterprise. Desirable Qualifications You will have two (or more) of the following: CompTIA CASP+, Cloud+, Security+, Network+, Linux+ CSA CCSK / CCAK (ISC) CISSP / CCSP / SSCP ISACA CISA / CISM / CRISC / CGEIT AWS Certified Security or Certified Solutions Architect GCP Professional Cloud Security Engineer GIAC Cloud Security Automation Microsoft Certified Azure Solutions Architect Expert Microsoft Certified Cybersecurity Architect Expert MSc. Information/Cyber Security (not essential) Benefits Colleague discount across our multi brands - Sainsbury's, Argos, TU Clothing and Habitat. Holiday allowance. Bonus scheme. Pension plan. Special offers on gym memberships, restaurants, holidays, retail vouchers and more. Work life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals. In addition to the above benefits, you will receive a 10% colleague discount after 4 weeks, increasing to 15% on certain days. You are eligible for a performance related bonus up to 20% of salary. You receive an annual holiday allowance with the option to purchase additional days. Also available benefits include season ticket loans, interest free car loan up to £10k, cycle to work scheme, health cash plans, pay advance, employee assistance programme, private healthcare, and access to a wide range of discounts. The company also offers up to 26 weeks' pay for maternity or adoption leave and up to 4 weeks' pay for paternity leave.

Discover your future at Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. Job Overview We are Citi's Application, Platform and Engineering team, a start up with the exciting mission of shaping the direction of travel for the entire bank under the Chief Technology Office, by defining the tech and engineering strategy for the bank. We are a team of talented engineers, product managers and tech SMEs, taking ambiguous concepts and making them real by engineering cutting edge products at planetary scale! We are solely focused on the most modern technology and engineering disciplines such as generative AI, cloud, security, modern app stacks (with Golang, Gatekeeper), open source and the latest and greatest in the Kubernetes ecosystem. Generative AI is a growing space, as a result, we ask that you share with us any specific AI engineering projects utilising LLMs that you're proud of in your application. Ideally these projects should show off complex and clever architectures or a systematic evaluation of an LLM's behaviour. You might be a good fit if you Bring your deep dive application security engineering expertise from building production systems Thrive in a results driven environment, where flexibility fuels impact Be a game changer, ready to step beyond your designated role Love the synergy of pair programming? So do we! Seize the opportunity to secure AI applications at scale. Jump in! A relentless passion to learn more about AI security, LLM attacks, and bringing your knowledge to shape Citi's secure AI future. What you'll do within the Tech Strategy team: Build secure AI products from 0-1-Engineer production grade, business facing AI platforms with security built-in from day one Ethical hacking and red team activities Conduct penetration testing, vulnerability research, and attack simulation to make our products bulletproof Design and build security tools and frameworks Create automated security solutions that scale across fast paced development cycles Secure novel AI attack surfaces Identify and mitigate LLM specific vulnerabilities, prompt injection attacks, and AI model security risks through hands on testing Lead "shift left" security Embed security practices throughout our rapid development lifecycle while maintaining velocity Mentor security practices Guide other engineers on secure coding, vulnerability remediation, and security first thinking Experience That Will Help You Succeed In This Role Production system builder with security focus proven track record of architecting and building secure, large scale production applications and business facing platforms from the ground up Ethical hacking and penetration testing expertise hands on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses State of the art security engineeringwith Go, Python, JavaScript - you build both security tools and secure production systems in fast paced environments HashiCorp Vault mastery deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise scale secrets management Enterprise authentication & authorization designing and implementing OAuth, JWT, RBAC, and complex identity systems with fine grained access controls in business critical applications API security and threat modelling securing REST/GraphQL APIs, conducting threat assessments, and implementing advanced security patterns in high traffic production systems AI/ML security and vulnerability research understanding of LLM vulnerabilities, model security, prompt injection attacks, and AI specific threat vectors through hands on testing Security automation and tooling- automating manual security processes Cloud native security securing containerized applications in Kubernetes, service mesh security, and cloud native security patterns at enterprise scale Incident response and forensics experience investigating, analyzing, and responding to security incidents in live production systems What We Believe In We do not have boundaries between security engineering and product development, and we expect all our technical staff to contribute to both as needed. We take a product focused approach to security and care about building solutions that are robust, scalable, and easy for developers to use. We enjoy working in a fast paced team tackling cutting edge security problems by constantly testing and learning. We enjoy pair programming for our security tools; we are lean in our approach and remove bureaucracy where we see it. We believe in delivering secure solutions fast, iterating and pivoting as we go, rather than defining the perfect security framework upfront. What we'll provide you This is a unique role that will put you in the position to be part of a new venture and actively drive change. Every day there will be new challenges that will help you develop new skills that can drive your career. By joining Citi London, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: Benefits 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Visit ourGlobal Benefitspage to learn more. Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Job Family Group: Technology Job Family: Applications Development Time Type: Full time Most Relevant Skills Please see the requirements listed above. Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.

Senior Security Engineer - AI Products & PlatformsApplylocations: London United Kingdomtime type: Full timeposted on: Posted Todayjob requisition id: Discover your future at Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. Job Overview We are Citi's Application, Platform and Engineering team, a start-up with the exciting mission of shaping the direction of travel for the entire bank under the Chief Technology Office, by defining the tech and engineering strategy for the bank. We are a team of talented engineers, product managers and tech SMEs, taking ambiguous concepts and making them real by engineering cutting edge products at planetary scale! We are solely focused on the most modern technology and engineering disciplines such as generative AI, cloud, security, modern app stacks (with Golang, Gatekeeper), open source and the latest and greatest in the Kubernetes ecosystem. Generative AI is a growing space, as a result, we ask that you share with us any specific AI engineering projects utilising LLMs that you're proud of in your application. Ideally these projects should show off complex and clever architectures or a systematic evaluation of an LLM's behaviour. You might be a good fit if you Bring your deep-dive application security engineering expertise from building production systems Thrive in a results-driven environment, where flexibility fuels impact Be a game-changer, ready to step beyond your designated role Love the synergy of pair programming? So do we! Seize the opportunity to secure AI applications at scale. Jump in! A relentless passion to learn more about AI security, LLM attacks, and bringing your knowledge to shape Citi's secure AI future. What you'll do within the Tech Strategy team: Build secure AI products from 0-1 - Engineer production-grade, business-facing AI platforms with security built-in from day one Ethical hacking and red team activities - Conduct penetration testing, vulnerability research, and attack simulation to make our products bulletproof Design and build security tools and frameworks - Create automated security solutions that scale across fast-paced development cycles Secure novel AI attack surfaces - Identify and mitigate LLM-specific vulnerabilities, prompt injection attacks, and AI model security risks through hands-on testing Lead "shift left" security - Embed security practices throughout our rapid development lifecycle while maintaining velocity Mentor security practices - Guide other engineers on secure coding, vulnerability remediation, and security-first thinking Experience That Will Help You Succeed In This Role Production system builder with security focus - proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up Ethical hacking and penetration testing expertise - hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses State-of-the-art security engineering with Go, Python, JavaScript - you build both security tools and secure production systems in fast-paced environments HashiCorp Vault mastery - deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise-scale secrets management Enterprise authentication & authorization - designing and implementing OAuth, JWT, RBAC, and complex identity systems with fine-grained access controls in business-critical applications API security and threat modelling - securing REST/GraphQL APIs, conducting threat assessments, and implementing advanced security patterns in high-traffic production systems AI/ML security and vulnerability research - understanding of LLM vulnerabilities, model security, prompt injection attacks, and AI-specific threat vectors through hands-on testing Security automation and tooling - automating manual security processes Cloud-native security - securing containerized applications in Kubernetes, service mesh security, and cloud-native security patterns at enterprise scale Incident response and forensics - experience investigating, analyzing, and responding to security incidents in live production systems What We Believe In We do not have boundaries between security engineering and product development, and we expect all our technical staff to contribute to both as needed. We take a product-focused approach to security and care about building solutions that are robust, scalable, and easy for developers to use. We enjoy working in a fast-paced team tackling cutting-edge security problems by constantly testing and learning. We enjoy pair programming for our security tools; we are lean in our approach and remove bureaucracy where we see it. We believe in delivering secure solutions fast, iterating and pivoting as we go, rather than defining the perfect security framework upfront. What we'll provide you This is a unique role that will put you in the position to be part of a new venture and actively drive change. Every day there will be new challenges that will help you develop new skills that can drive your career.By joining Citi London, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretional annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friendsVisit our Global Benefits page to learn more. Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Job Family Group: Technology Job Family: Applications Development Time Type: Full time Most Relevant Skills Please see the requirements listed above. Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.

About Us: Solirius Reply , part of the Reply Group , is a technology consultancy and digital transformation partner that helps organisations solve complex challenges through strategy, design, engineering, and delivery. We work closely with our clients to deliver secure, accessible, user-focused services that evolve with their needs. By combining deep technical expertise with people-centred design, we create solutions that deliver meaningful, lasting impact. Our consultants partner directly with client teams, embedding into organisations to understand their goals, challenges, and users. This collaborative approach enables us to deliver tailored solutions that drive measurable outcomes across public and private sectors. Past and present clients include the Ministry of Justice, Department for Education, Ministry of Housing, Communities and Local Government, UEFA, International Olympic Committee, and Mercedes-Benz. Our services span the full digital delivery lifecycle, including architecture, engineering, delivery management, user-centred design, business analysis, data, DevOps, and AI. We operate as a collaborative and inclusive organisation that empowers our people to take ownership, innovate, and develop their expertise. As an equal opportunities employer, we are committed to encouraging equality, diversity, and social mobility, while creating opportunities for our teams to work on meaningful projects that deliver lasting impact About You: You are a motivated and adaptable professional with a strong analytical mindset and a passion for using technology to solve real-world problems. You enjoy working in collaborative, agile teams and take pride in delivering high-quality solutions that make a tangible impact. With strong communication skills and a consultative approach, you're comfortable engaging with clients, understanding their needs, and translating them into effective outcomes. The Role: We are seeking experienced Security Architects to support our public sector and enterprise clients in delivering secure digital services and technology transformation initiatives. The role involves engaging with multiple stakeholders to understand business objectives, identify security risks, and design security architectures that enable the safe delivery of business outcomes. You will work closely with solution architects, engineering teams, delivery managers, and client leadership to ensure that security is embedded by design and aligned with organisational risk appetites. As a Security Architect, you will operate with a high degree of autonomy, applying your expertise to resolve complex security challenges and providing authoritative guidance across projects and programmes. You will also contribute to the growth of the Security Practice by developing new service offerings, maintaining security standards and artefacts, supporting business development activities, and mentoring junior colleagues. In addition to technical leadership, you will help identify and shape new opportunities by engaging with client stakeholders to understand strategic security objectives and deliver value-driven outcomes. You will be a confident communicator, capable of influencing senior stakeholders, facilitating workshops, and building consensus across multidisciplinary teams. Key Responsibilities: Design end-to-end security architectures that align with business, technical, regulatory, and security requirements. Develop security strategies and controls for cloud-native, hybrid, and on-premise environments. Conduct security architecture reviews and provide recommendations to mitigate identified risks. Translate business and technical requirements into secure, scalable, and resilient designs. Ensure alignment with enterprise security architecture, governance frameworks, and organisational standards. Support Agile delivery teams by embedding security-by-design principles throughout the software development lifecycle. Define and document security patterns, reference architectures, and reusable security artefacts. Lead threat modelling activities and identify appropriate mitigation strategies. Collaborate with stakeholders across business, product, operations, and engineering teams to drive secure decision-making. Advise on identity and access management approaches, including authentication, authorisation, and privileged access controls. Ensure security, privacy, compliance, and risk management requirements are incorporated into solutions. Support security assurance activities, including risk assessments, security testing, and accreditation processes. Contribute to DevSecOps initiatives, promoting automation and continuous security practices. Produce clear architectural documentation, including security views, high-level designs, and security artefacts. Mentor junior team members and contribute to the development of the wider Security Practice. Key Experience: Extensive experience engaging with stakeholders at all levels, including senior leadership and C-suite executives. Proven experience operating within client-facing and/or consultancy environments. Demonstrated experience designing and implementing enterprise security architectures. Strong understanding of security architecture methodologies and frameworks. Experience conducting threat modelling and security risk assessments. Experience supporting security assurance activities within regulated environments. Proven ability to balance security requirements with operational and business objectives. Experience designing secure architectures across cloud and hybrid environments. Strong understanding of security controls for applications, infrastructure, data, and identity. Experience working within Agile delivery environments and integrating security into delivery processes. Familiarity with public sector security requirements and accreditation approaches is highly desirable. Experience supporting compliance initiatives involving standards and regulatory frameworks. Key Skills: Advanced knowledge of cloud security across Microsoft Azure, AWS, Google Cloud Platform (GCP), and Microsoft 365. Expertise in Zero Trust security principles and secure-by-design methodologies. Strong understanding of identity and access management technologies, including federation, SSO, MFA, and privileged access management. Experience with threat modelling methodologies such as STRIDE, PASTA, or equivalent. Knowledge of security frameworks and standards including: - ISO 27001 - NIST Cybersecurity Framework - NIST 800-53 - CIS Controls - SABSA - TOGAF Understanding of security operations concepts, incident response, and detection capabilities. Knowledge of application security principles, including secure coding practices and OWASP guidance. Experience with DevSecOps practices and security automation. Familiarity with container and Kubernetes security. Understanding of encryption, key management, and data protection principles. Strong documentation, communication, and stakeholder management skills. Competitive Salary Bonus Scheme Private Healthcare Insurance 25 Days Annual Leave + Bank Holidays Up to 10 days allocated for development training per year Enhanced Parental Leave Paid Fertility Leave (5 Days) Statutory & Contributory Pension EAP with Gym Membership Benefits Cycle to Work and Electric Vehicle schemes Flexible Working Annual Away Days/Company Socials Diversity and Inclusion As an equal opportunities employer, we are committed to creating a work environment that supports, celebrates, encourages and respects all individuals, where all processes are based on merit, competence and business needs. Encouraging high social mobility is really important to us. We foster an inclusive culture by welcoming different perspectives, enabling equitable opportunities and promoting open dialogue. This commitment is reflected in initiatives such as our gender diversity group and our focus on mental health and wellbeing. Whatever stage you are at, you will find an environment where you can thrive. Should you require further assistance or require any reasonable adjustments to be put in place to better support your application process, please do not hesitate to raise this with us. As a Disability Confident employer, we are committed to ensuring our recruitment process is accessible and inclusive, enabling all candidates to demonstrate their skills, experience and potential.

Job Summary Corpay is currently looking to hire a Senior Frontend Engineer within our Alpha division. This position falls under our Cross Border line of business and is located in London. In this role, you will contribute to the design and development of our eMoney and FX payment systems. You will report directly to the Engineering Manager and collaborate closely with Product, Design, and Engineering teams. Work Environment This position operates in a hybrid work environment. Corpay will set you up for success by providing an assigned workspace or home office setup and company issued equipment. Responsibilities Provide significant contribution to the design, development, and maintenance of secure and scalable payment systems. Collaborate with engineering managers, designers, and product teams to gather and analyse requirements, implement technical standards, ensuring best practices and alignment with UI/UX principles. Meaningful participation in code reviews, offering and receiving constructive feedback to enhance code quality and ensure secure coding practices are maintained. Implement features based on requirements gathered from cross functional teams, aligning them with business needs and technical objectives. Mentor junior engineers by providing constructive feedback, sharing knowledge, and fostering professional growth within the team. Assist in the documentation of software development processes, ensuring compliance with internal policies and industry standards. Utilise data handling and processing techniques to support efficient and optimised system performance. Support the monitoring of system performance, identifying areas for improvement and optimisation under the guidance of more senior engineers. Contribute to architectural discussions, providing feedback and suggestions to improve system design and technical direction. Communicate progress and technical challenges effectively to stakeholders, both technical and non technical. Qualifications & Skills Bachelor's degree in Computer Science, Engineering, Finance, or a related field, or equivalent relevant experience. Minimum of 5 years of experience in software engineering, with at least 1-2 years in a Software Engineer role within fintech, asset management, FX, payment processing, or eMoney sectors. Strong experience building modern, scalable front-end applications using React and TypeScript, with a deep understanding of component design, state management, performance, and accessibility. Experience using modern front-end build tools and frameworks such as Vite, and familiarity with contemporary front-end workflows and tooling. Ability to build responsive, accessible, and reusable UI components based on Figma designs, with a strong understanding of UI/UX principles. Experience with styling approaches such as TailwindCSS, SCSS, or CSS in JS, and understanding of cross browser compatibility. Working knowledge of backend development using Node.js and TypeScript, with the ability to contribute to services built with NestJS or similar frameworks when required. Solid understanding of API design and consumption (REST, authentication, validation, error handling) and how front end applications integrate with distributed backend systems. Experience deploying and maintaining services on cloud platforms, preferably AWS (e.g., Lambda, API Gateway, S3, DynamoDB), and working with CI/CD pipelines using GitHub Actions, CircleCI, or AWS CodePipeline. Familiarity with modern testing practices and tools (e.g., Jest, Vitest), including writing unit and integration tests. Basic understanding of secure development practices and familiarity with threat modelling and risk assessment techniques. Good time management and organisational skills, with the ability to work on multiple tasks simultaneously. Effective verbal and written communication skills, with the ability to explain technical concepts to technical and non technical colleagues. A collaborative mindset, with a proven ability to work well within teams and build strong working relationships across departments. Benefits & Perks 4 X Life insurance Pension scheme - 5% employer contribution Private Healthcare 25 days Holiday (plus Holiday Buy/Sell) Access to LinkedIn Learning Free rewards and discounts via Gratitudes Equal Opportunity Employer Corpay is committed to providing equal employment opportunities to all applicants and employees. Employment decisions are made without regard to race, color, religion, sex (including pregnancy), gender, gender identity or expression, sexual orientation, national origin, ancestry, age, disability, marital status, genetic information, military or veteran status, or any other characteristic protected by applicable law. Corpay is committed to fostering an inclusive workplace where individuals are respected and valued for their diverse perspectives, experiences, and contributions. If you require reasonable accommodation during any part of the application or interview process, please notify a representative of the Human Resources Department.

Duco is empowering financial services to transform the work undertaken in Operations by automating manual work and elevating humans from task workers to decision makers. We do this with a combination of proprietary technique, innovative cloud computing, artificial intelligence technology, and deep subject matter expertise. Our agentic Operations platform gives firms the ability to unlock full end-to-end reconciliation, data trust and automation of their data, regardless of source, format or structure. By partnering with the industry's leading firms, we are helping to rethink operating models, increase efficiency, strengthen governance and regulatory compliance, reduce risk, streamline processes and build the workforce of the future. More than 10,000 users across 30+ countries process billions of data records every week using the platform. Duco is headquartered in London, with offices in New York, Wroclaw, Antwerp and Singapore. Customers include global banks, investment managers, exchanges and insurance firms, such as CIBC Mellon, ING and Man Group. The role We are looking for a Head of Information Security to own our end-to-end security posture, govern our risk and compliance programme, and lead our IT Operations function. This is a VP Level role with company wide scope. With approximately 200 employees across London, New York, Wroclaw, Antwerp, and Singapore, we move fast, build with purpose, and hold ourselves to a high bar. As we scale, information security, governance, and IT operations sit at the heart of that ambition. What you will be doing Security architecture and engineering Define security architecture standards and lead threat modelling across the organisation Establish and maintain long term security architecture aligned to business strategy and regulatory requirements Guide technology decisions at an enterprise level, including cloud strategy and zero trust adoption Oversee penetration testing, DLP, and advanced threat detection programmes Own the vulnerability management programme Implement enterprise frameworks including IAM, SIEM, and data classification Anticipate emerging threats, leverage AI/ML for predictive security, and set the technology vision Lead the Security Incident Response Programme Governance, risk, and compliance (GRC) Define and own the GRC programme, including the ISMS, policy framework, risk registers, and audit readiness Implement and maintain compliance with ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, and relevant financial services regulations Understand the GRC landscape, implement appropriate controls, and adapt as the threat and regulatory environment shifts Own execution of GRC strategy across the organisation; ensure frameworks are scalable and adaptable Own the Third Party Risk Management (TRPM) programme, including vendor assessments and ongoing oversight IT operations Define and own the IT Operations programme, setting strategy and standards for the function Own execution of IT Operations strategy; ensure frameworks are scalable and adaptable as Duco grows Ensure operational excellence across infrastructure, tooling, and end user support Leadership and stakeholder management Lead, mentor, and develop a high performing team across InfoSec, GRC, and IT Ops Build strategic relationships with clients, regulators, and internal stakeholders Engage effectively with large, complex, and multi national enterprise clients that have mission critical operations requirements, building trust and credibility at the most senior levels Recognise, influence, and resolve critical issues that may affect company direction Create strategies that cross organisational boundaries to achieve broad business goals Work with industry peers and working groups to develop solutions that benefit the wider market Enterprise Client Assurance: Act as a key partner to Duco's Client Success and Pre Sales teams. This involves speaking directly with the CISOs and security teams of global financial institutions to assure them of Duco's risk management and data privacy practices Core Competencies Technical leadership: Proven track record of strategic impact at company wide and industry wide levels; recognised internally and externally as an InfoSec expert, with evidence of exceptional technical and people leadership End to end ownership: Develop proven solutions and replicate them across teams; design systems and frameworks built to last; own execution of security, GRC, and IT Ops strategy; ensure frameworks are scalable, adaptable, and aligned to business strategy and executive level risk expectations Market knowledge: Deep understanding of the security and risk landscape across fintech and beyond; evaluate and integrate advanced security technologies and GRC best practices; act as a recognised industry leader through regulatory advisory groups and industry events Scope and influence: Operate across all departments; build sponsorship for strategic initiatives and drive them through; influence executive peers, board decisions, and global regulatory compliance strategy What We Are Looking For 8+ years of progressive experience in information security, with at least 3 years in a senior or leadership role Hands on experience owning ISO 27001 and SOC 1 and SOC 2 programmes, not just supporting them Demonstrated experience managing security incidents end to end, including client and regulatory communications Strong understanding of cloud security, particularly AWS, including IAM, logging, and observability infrastructure Experience operating in a B2B SaaS or fintech environment, with exposure to enterprise client security requirements Track record of building and managing TPRM programmes at scale Excellent stakeholder management skills; comfortable presenting to the board and to client security teams in equal measure Ability to make pragmatic decisions based on company culture and risk appetite Strong written communication skills: able to translate complex security topics into clear, plain language communications for non technical audiences Experience leading and developing a small, high performing team Familiarity with AI governance and the security implications of agentic AI systems Beneficial Experience Experience with DLP, SIEM, or SOC build outs Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer Experience in capital markets, asset management, or securities services

About 9fin 9fin is the AI platform powering global debt markets - the world's largest asset class at over $145 trillion. Debt markets are vast, global, and mission-critical, yet still run on fragmented data, PDFs, and manual workflows. 9fin replaces this broken infrastructure with a single platform that centralises proprietary credit data, deep analysis, and high-value workflows across global markets. Today, 9fin powers teams at 300+ blue-chip institutions worldwide, including global banks, asset managers, private equity firms, law firms, and advisors. The business is scaling at exceptional speed, with rapid expansion in the US and best-in-class retention driven by deep workflow adoption. We're at a defining inflection point. With proven product-market fit and strong, global market pull, 9fin is accelerating toward becoming the category-defining platform for debt markets worldwide. The Opportunity We're looking for a Senior Product Security Engineer to join one of our software engineering teams and help shape the security of our products as we continue to scale. This role will be embedded within a team responsible for some of the most security critical parts of the 9fin platform. The team works on the systems and controls that protect sensitive customer information, ensuring data is stored, accessed and processed securely throughout its lifecycle. You'll work alongside product engineers day to day, participating in planning, design discussions, refinement sessions and technical decision making. You'll help the team make sound architectural decisions about how sensitive information is stored, processed and accessed, balancing security requirements with product and engineering goals. The team operates at the intersection of application security, cloud security, data protection and AI security. You'll help shape how 9fin approaches challenges such as tenant isolation, access control, confidential data handling and the secure use of AI systems. While embedded within product engineering, you'll remain closely connected to our Platform Engineering and Information Security teams, helping drive a consistent approach to security across 9fin. This is a hands on engineering role. You won't be building product features full time, but you should be comfortable reading, reviewing and writing production code when security requirements demand it. What you'll work on Embed within a product engineering team and help shape the security of our products from design through to production. Influence architecture, design and implementation decisions to ensure security is considered from the outset. Partner with Product Engineering, Platform Engineering and Information Security teams to identify risks, define appropriate controls, and build secure by default systems. Contribute code, reviews and technical guidance where security expertise is required. Act as a security advocate and trusted advisor within the team, helping balance risk, usability and delivery. What we're looking for Significant experience securing modern software systems and applications. Strong understanding of secure software architecture, threat modelling and security engineering practices. Deep familiarity with cloud native architectures and security controls, particularly within AWS. Experience designing systems that handle sensitive, confidential or regulated data. Comfortable reading, reviewing and writing production code, ideally with experience in Python or similar backend technologies. Familiar with the security considerations of modern data stores such as PostgreSQL. Pragmatic judgement and the ability to balance security, product and engineering needs. Ability to influence engineers and stakeholders across multiple teams without relying on formal authority. Familiarisation with SOC2 and ISO 42001 is a bonus. What success looks like Security considerations are embedded into product design discussions rather than introduced late in the delivery process. Teams can move quickly because secure patterns, architectural guidance and security controls are well understood. Risks are identified and addressed before they become incidents. Security is seen as an enabler of product delivery rather than a gatekeeper. Why this role matters Security cannot be something that happens after software has been designed. As 9fin continues to expand its platform and handle increasingly sensitive customer information, we need security expertise embedded where decisions are being made. This role will help ensure that security is considered from the earliest stages of product development, allowing us to move quickly while maintaining the trust our customers place in us. Benefits We're a scaling start up and we enjoy sharing our success, when the company succeeds, we always reinvest that in our people. We also offer huge amounts of responsibility, an abundance of opportunity for growth and a platform to truly excel. Financial & Insurance Competitive Salary (our salary bands are benchmarked at the top end of the market) Equity options Pension (your minimum contributions are 4% with 9fin matching up to 7%) Private Medical Insurance Paid sick leave with Income Protection for long periods of illness Group Life Assurance Season Ticket Loan & Cycle to Work schemes Time off 25 holiday days per year Local public holidays (with the ability to exchange them for alternative days) Hybrid working model, to allow you the flexibility to decide how, where and when you do your best work Work abroad for up to 3 months a year 1 month paid sabbatical after 5 years of service Enhanced parental leave & flexible working arrangements available Training & Culture Professional learning and development budget Quarterly team socials Summer and Winter company social events 9fin is an equal opportunities employer At 9fin we are dedicated to building and promoting a fair and inclusive workplace where everyone can reach their full potential and truly belong. We recognize that building diverse teams enables a more creative and productive environment. If you're excited about this role but your experience doesn't perfectly align with the job description, we encourage you to apply anyway. You might just be who we're looking for - either for this role, or perhaps another.

We're looking for a Cyber Threat & Vulnerability Analyst to join our Cyber Security team, helping protect the systems that deliver essential water services to millions of customers every day. You'll play a key role in identifying, assessing, and reducing cyber risk across a large and complex technology estate, making sure vulnerabilities are understood, prioritised, and fixed before they can be exploited. It's a hands-on role where you'll work closely with technical teams and business stakeholders to keep our services safe, resilient, and running smoothly. What you'll be doing as a Cyber Threat & Vulnerability Analyst: As a Cyber Threat & Vulnerability Analyst, you'll be responsible for supporting and improving how we identify, assess, and manage cyber vulnerabilities across the organisation. You'll help shape how we reduce cyber risk and strengthen our overall security posture. Support end-to-end vulnerability management across IT and operational technology environments Help shape and improve threat and vulnerability management processes, frameworks, and ways of working Work with technical and business teams to prioritise and remediate vulnerabilities based on risk Investigate new vulnerabilities and recommend clear, practical mitigation actions Support integration of vulnerability scanning tools into existing systems and processes Build and maintain dashboards that show cyber risk, trends, and remediation progress in a clear way Contribute to threat assessments and support proactive threat hunting activities Help ensure alignment with standards such as General Data Protection Regulation, Payment Card Industry Data Security Standard, Network and Information Systems Regulations, and International Organisation for Standardisation 27001 Monitor vulnerability management tools and processes, identifying ways to improve effectiveness and reduce risk Base location: Reading - Clearwater Court Working pattern or hours: 36 hours Monday to Friday, hybrid working Necessary requirements for the role: Must be eligible to obtain Counter Terrorist Check security clearance What you should bring to the role The must-haves (essential criteria) for this opportunity include: Experience supporting vulnerability management, patching, or cyber risk reduction in a complex environment Understanding of cyber security concepts, including vulnerability management and threat assessment approaches Ability to work with technical teams to support remediation of security issues Experience or understanding of security tooling such as vulnerability scanners or similar technologies Ability to communicate technical issues clearly to both technical and non-technical audiences Awareness of how security risks are managed across different technology environments (for example cloud, servers, end-user devices, or operational systems) A relevant cyber security qualification or industry certification such as Certified Information Systems Security Professional, Certified Information Security Manager, or Certified Cloud Security Professional Extra qualities that would be a great fit for our team: Experience working with large enterprise or critical infrastructure environments Familiarity with threat intelligence or threat modelling approaches Experience supporting or improving security processes and governance Exposure to operational technology or legacy infrastructure environments Additional cyber security certifications such as Certified Threat Intelligence Analyst, Certified Vulnerability Assessor, Offensive Security Certified Professional, or similar What's in it for you? Competitive salary up to £65,000 per annum depending on experience Annual Leave - 26 days holiday per year increasing to 30 with the length of service (plus bank holidays) Performance-related pay plan directly linked to company performance measures and targets Generous Pension Scheme through AON Access to lots of benefits to help you take care of you and your family's health and wellbeing, and your finances - from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance. Find out more about our benefits and perks (Please note different T&Cs apply if on secondment) Who are we? We're the UK's largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It's a big job and we've got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come. Learn more about our purpose and values Working at Thames Wate r Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you'll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits. If you're looking for a sustainable and successful career where you can make a daily difference to millions of people's lives while helping to protect the world of water for future generations, we'll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet. Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more. We're committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that's extra time, accessible formats, or anything else just let us know, we're here to help and support. When a crisis happens, we all rally around to support our customers. As part of Team Thames, you'll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It's also a great opportunity to learn more about our business and meet colleagues. Disclaimer: due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment.

Product Cyber Resilience ManagerSkip to main contentThis website uses cookies to improve your experience. Please read our privacy policy for more information. Cyber Resilience Manager page is loaded Product Cyber Resilience ManagerApplylocations: GB - Edinburgh: GB - Newcastletime type: Full timeposted on: Posted Todayjob requisition id: R Job Description: Salary: £60,000 to £80,000Leonardo UK operates a grade-based salary framework with broad bands. The salary range shown reflects the approved grade band for this role, or a narrower hiring range published within that band, and is benchmarked against the external market. Exceptions above the standard range are managed through governance controls to protect internal equity. Your impact Ready to make your mark on next generation products and help define the resilience of tomorrow's defence technology?As a Product Cyber Resilience Manager within our Radar and Advanced Targeting (RATs) business, you'll join a multi discipline team at the forefront of innovation and play a pivotal role in protecting some of the UK's most advanced systems. You'll shape the product security strategy from concept to delivery and champion strengthening product integrity and support exciting technical challenges, ensuring a strong security culture across the business.As a Product Cyber Resilience Manager, you will: Undertake the production of Security Managements Plans, work package descriptions and cost estimates in support of product bids, services and proposals. Review and provide guidance of security risk assessments, risk mitigation plans, mitigation gap analysis and preparation of security management documentation for system Accreditation, such as solution hardening guidance and security operating procedures. Defining product security requirements, advising development teams on suitable implementation standards and techniques and overseeing product development activities. Liaison with Security Accreditors and Security Assurance Coordinators in support of security Accreditation. Participate in internal and external discipline working groups and with academic partners covering Product Cyber Resilience and Product Security for various established and emerging standards. Contribute to continual improvement of the engineering capability.You will be responsible for the management of Product Security Risk of all the product families within your sector. You will be accountable to the respective product family System Design Authority (the Risk Owner), providing subject matter advice to the Integrated Product Team, whilst collaborating with your fellow Product Cyber Resilience Managers (PCRMs) across the Electronics Business Unit. The role involves conducting risk assessments, developing and implementing product security strategies and collaborating with cross-functional teams, including Leonardo's Cyber Security Business Unit, to embed product and cyber security best practices throughout the product development lifecycle.You will be responsible for determining product cyber resilience objectives through security risk management techniques in relation to the Integrated Sensing products and then working with the engineering teams to achieve those objectives through the architecture and design of the solution. You'll also support the product assurance activities to verify compliance to those objectives and the transition to operations and ongoing through-life support. What you'll bring Experience with product security assessment methods or security risk management systems for complex products based on a recognised framework in a highly regulated industry such as aerospace, nuclear, automotive, rail or oil & gas. Practical experience of the System Development Life Cycle, Software Development Life Cycle, V-Models and Agile frameworks. Experience in managing product information security, including risk assessment, threat modelling, vulnerability management, and incident response. Strong knowledge of cybersecurity standards and best practices, such as ISO 27001, NIST Cybersecurity Framework, and Knowledge of UK/NATO Information Assurance/Accreditation frameworks; Familiarity with the application of cyber resilience controls to embedded systems. Experience with cybersecurity tools and technologies, such as SIEM, IDS/IPS, DLP, and endpoint protection. Proficiency in cybersecurity frameworks, such as MITRE ATT&CK and the Cybersecurity Capability Maturity Model (CMMC). Certifications such as CISSP, CISM, or CEH are a plus.This is not an exhaustive list, and we are keen to hear from you even if you might not have experience in all the above. The most important skill is a good attitude and willingness to learn. Security Clearance This role is subject to pre-employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). For more information and guidance please visit: must have the ability to obtain UK SC security clearance and work within UKEO and US ITAR TAA restrictions. Why join us At Leonardo, our people are at the heart of everything we do. We offer a comprehensive, company-funded benefits package that supports your wellbeing, career development, and work-life balance. Whether you're looking to grow professionally, care for your health, or plan for the future, we're here to help you thrive. Time to Recharge: Enjoy generous leave with the opportunity to accrue up to 12 additional flexi-days each year. Secure your Future: Benefit from our award-winning pension scheme with up to 15% employer contribution. Your Wellbeing Matters: Free access to mental health support, financial advice, and employee-led networks championing inclusion and diversity (Enable, Pride, Equalise, Armed Forces, Carers, Wellbeing and Ethnicity). Rewarding Performance: All employees at management level and below are eligible for our bonus scheme. Never Stop Learning: Free access to 4,000+ online courses via Coursera and LinkedIn Learning. Refer a friend: Receive a financial reward through our referral programme. Tailored Perks: Spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more. Flexible working: Flexible hours with hybrid working options. For part time opportunities, please talk to us about what might be possible for this role.For a full list of our company benefits please visit our website.Leonardo is a global leader in Aerospace, Defence, and Security. Headquartered in Italy, we employ over 53,000 people worldwide including 8,500 across 9 sites in the UK. Our employees are not just part of a team-they are key contributors to shaping innovation, advancing technology, and enhancing global safety.At Leonardo we are committed to building an inclusive, accessible, and welcoming workplace. We believe that a diverse workforce sparks creativity, drives innovation, and leads to better outcomes for our people and our customers. If you have any accessibility requirements to support you during the recruitment process, just let us know.Be part of something bigger - apply now!