Principal Security Engineer Our client, a leading global supplier for IT services, requires Principal Security Engineer to be based at their client's office in London, UK. This is a hybrid role - you can work remotely in the UK and attend the London office 4 days per week . This is a 6+ month temporary contract to start ASAP Day rate: Competitive Market rate Senior hands-on secure engineer responsible for secure-by-design and operational security across the programme. Validate every delivery activity from a cyber security perspective - from threat model at requirements capture, through architecture and design approval, build assurance, security testing, live validation, hyper-care, and operational handover to BAU and external assurance. The principal authority on threat modelling, control validation, and security evidence across the CIS Controls v8.1 IG3 scope. Key Responsibilities Operate as senior cyber architect and SME within the programme's structured operating model - actively engaged from requirements capture through to BAU handover, owning Definition-of-Done evidence at every gate. Break down each Master Programme Plan activity into discrete People/Process/Technology tasks viewed through a cyber security lens - define the validation and assurance criteria, embed them as DoD acceptance criteria, and evidence them before status can advance. Requirements: author threat model v1, control intent statement, and compensating controls; validate requirements against current operational baseline and monitoring posture. Architecture (LEAD): author security architecture, safeguard mapping, and trust boundaries; approve the threat model; chair Security Council review of the architecture pack. Design (LEAD): approve detailed security design, evidence template, and telemetry specification; validate operational controls in the design; confirm evidence-capture feasibility before build commences. Build: run periodic build-vs-design reviews, architecture drift checks, and re-approve changes; configure operational controls, prepare security testing, support agent rollout, validate log feeds. Test (LEAD): sign off that the security architecture is proven by test evidence; revalidate the threat model; lead security testing, penetration testing, control validation, and evidence pack creation. Deploy: provide production architecture sign-off; confirm final control mapping in Continuous Control Monitoring (CCM); run live security validation, monitoring tuning, alert calibration, and IR playbook readiness. Hyper-care (LEAD): address security-architecture defects, approve in-warranty changes; lead control monitoring and tuning; produce security evidence and establish Key Risk Indicator (KRI) baselines. Handover: hand architecture over to the Security Council, lodge the final threat model, ensure the CCM tile goes live; transition operational controls to L1 SOC operations with a complete evidence pack to external assurance. Liaise directly with external assurance providers on threat-model defensibility, control effectiveness, and evidence chain across the CIS Controls v8.1 IG3 scope. Chair or jointly chair the Security Council review at the architecture stage gate; participate in TDA decisions at the design stage gate. People: Led security engineering across the programme; senior peer to Security Solution Architects, Cyber Operations, and the MSSP L1 SOC interface. Process: Embedded structured operating-model discipline into every security validation and assurance step; Definition-of-Done evidence at every gate, no exceptions. Technology: Delivered secure-by-design as bui personally signed off every architecture and operational handover, with an audit-traceable evidence chain from threat model to live monitoring Key Requirements Essential Skills: 12+ years cyber engineering and security architecture experience at enterprise scale. 5+ years hands-on security design AND validation - comfortable both as architect (design authority) and as engineer (hands-on implementer). Direct experience with CIS Controls v8.1, NIST CSF, ISO 27001/27002 control frameworks. Threat modelling at scale - proven authorship using STRIDE, MITRE ATT&CK, OWASP - across multiple in-scope controls. Hands-on penetration testing, security testing, and control validation track record. Workflow discipline - operates comfortably within Definition-of-Done, evidence-at-gate frameworks. Exceptional executive-level interactions, presentation, and engagement - proven ability to influence CISO, Security Council, External Assurance, and cross-functional senior stakeholders across Procurement, Architecture, and Technology heads. Retail or large dispersed-estate enterprise experience strongly preferred. CISSP (Certified Information Systems Security Professional) One of: CISM, CISA, CCSP, SABSA Practitioner, or CRISC One penetration-testing certification: OSCP, GIAC GPEN, or CEH (or equivalent demonstrable experience) Tooling & Methodology Proficiency: Hands-on with leading enterprise PM tools - Jira, Azure DevOps, MS Project, or equivalent - and willing to adopt (the programme's tool) on the job at senior architect and SME level. End-to-end Agile delivery - Scrum/Kanban - combined with DevSecOps deep hands-on practice (security gates Embedded in CI/CD). SAFe PI Planning participation as the cyber security representative. Executive-grade MS PowerPoint - Security Council paper authoring, threat-model presentation, design narrative for Programme Board. Advanced dashboards and modelling - one or more of Advanced MS Excel, PowerBI, Python, or Copilot - for KRI baselines, control-effectiveness analytics, and risk reporting. Budgeting awareness - security control cost shaping and total-cost-of-ownership analysis . Desirable Skills: Direct hands-on experience at senior architect/SME level. Practical DevSecOps Foundation or SANS GIAC GCSA. SABSA for Architects. Microsoft Threat Modeling Tool/OWASP Threat Dragon authorship. PowerBI Data Analyst (PL-300) for KRI and risk dashboards. CompTIA CASP+ or PenTest+ GIAC GCIH, GCFA, GCIA, or GREM AWS Security Specialty or Azure Security Engineer/Security Architect Expert BMC Helix Certified Professional (SecOps) ISO 27001 Lead Auditor or Lead Implementer TOGAF 9.2 awareness Due to the volume of applications received, unfortunately we cannot respond to everyone. If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.
12/06/2026
Contractor
Principal Security Engineer Our client, a leading global supplier for IT services, requires Principal Security Engineer to be based at their client's office in London, UK. This is a hybrid role - you can work remotely in the UK and attend the London office 4 days per week . This is a 6+ month temporary contract to start ASAP Day rate: Competitive Market rate Senior hands-on secure engineer responsible for secure-by-design and operational security across the programme. Validate every delivery activity from a cyber security perspective - from threat model at requirements capture, through architecture and design approval, build assurance, security testing, live validation, hyper-care, and operational handover to BAU and external assurance. The principal authority on threat modelling, control validation, and security evidence across the CIS Controls v8.1 IG3 scope. Key Responsibilities Operate as senior cyber architect and SME within the programme's structured operating model - actively engaged from requirements capture through to BAU handover, owning Definition-of-Done evidence at every gate. Break down each Master Programme Plan activity into discrete People/Process/Technology tasks viewed through a cyber security lens - define the validation and assurance criteria, embed them as DoD acceptance criteria, and evidence them before status can advance. Requirements: author threat model v1, control intent statement, and compensating controls; validate requirements against current operational baseline and monitoring posture. Architecture (LEAD): author security architecture, safeguard mapping, and trust boundaries; approve the threat model; chair Security Council review of the architecture pack. Design (LEAD): approve detailed security design, evidence template, and telemetry specification; validate operational controls in the design; confirm evidence-capture feasibility before build commences. Build: run periodic build-vs-design reviews, architecture drift checks, and re-approve changes; configure operational controls, prepare security testing, support agent rollout, validate log feeds. Test (LEAD): sign off that the security architecture is proven by test evidence; revalidate the threat model; lead security testing, penetration testing, control validation, and evidence pack creation. Deploy: provide production architecture sign-off; confirm final control mapping in Continuous Control Monitoring (CCM); run live security validation, monitoring tuning, alert calibration, and IR playbook readiness. Hyper-care (LEAD): address security-architecture defects, approve in-warranty changes; lead control monitoring and tuning; produce security evidence and establish Key Risk Indicator (KRI) baselines. Handover: hand architecture over to the Security Council, lodge the final threat model, ensure the CCM tile goes live; transition operational controls to L1 SOC operations with a complete evidence pack to external assurance. Liaise directly with external assurance providers on threat-model defensibility, control effectiveness, and evidence chain across the CIS Controls v8.1 IG3 scope. Chair or jointly chair the Security Council review at the architecture stage gate; participate in TDA decisions at the design stage gate. People: Led security engineering across the programme; senior peer to Security Solution Architects, Cyber Operations, and the MSSP L1 SOC interface. Process: Embedded structured operating-model discipline into every security validation and assurance step; Definition-of-Done evidence at every gate, no exceptions. Technology: Delivered secure-by-design as bui personally signed off every architecture and operational handover, with an audit-traceable evidence chain from threat model to live monitoring Key Requirements Essential Skills: 12+ years cyber engineering and security architecture experience at enterprise scale. 5+ years hands-on security design AND validation - comfortable both as architect (design authority) and as engineer (hands-on implementer). Direct experience with CIS Controls v8.1, NIST CSF, ISO 27001/27002 control frameworks. Threat modelling at scale - proven authorship using STRIDE, MITRE ATT&CK, OWASP - across multiple in-scope controls. Hands-on penetration testing, security testing, and control validation track record. Workflow discipline - operates comfortably within Definition-of-Done, evidence-at-gate frameworks. Exceptional executive-level interactions, presentation, and engagement - proven ability to influence CISO, Security Council, External Assurance, and cross-functional senior stakeholders across Procurement, Architecture, and Technology heads. Retail or large dispersed-estate enterprise experience strongly preferred. CISSP (Certified Information Systems Security Professional) One of: CISM, CISA, CCSP, SABSA Practitioner, or CRISC One penetration-testing certification: OSCP, GIAC GPEN, or CEH (or equivalent demonstrable experience) Tooling & Methodology Proficiency: Hands-on with leading enterprise PM tools - Jira, Azure DevOps, MS Project, or equivalent - and willing to adopt (the programme's tool) on the job at senior architect and SME level. End-to-end Agile delivery - Scrum/Kanban - combined with DevSecOps deep hands-on practice (security gates Embedded in CI/CD). SAFe PI Planning participation as the cyber security representative. Executive-grade MS PowerPoint - Security Council paper authoring, threat-model presentation, design narrative for Programme Board. Advanced dashboards and modelling - one or more of Advanced MS Excel, PowerBI, Python, or Copilot - for KRI baselines, control-effectiveness analytics, and risk reporting. Budgeting awareness - security control cost shaping and total-cost-of-ownership analysis . Desirable Skills: Direct hands-on experience at senior architect/SME level. Practical DevSecOps Foundation or SANS GIAC GCSA. SABSA for Architects. Microsoft Threat Modeling Tool/OWASP Threat Dragon authorship. PowerBI Data Analyst (PL-300) for KRI and risk dashboards. CompTIA CASP+ or PenTest+ GIAC GCIH, GCFA, GCIA, or GREM AWS Security Specialty or Azure Security Engineer/Security Architect Expert BMC Helix Certified Professional (SecOps) ISO 27001 Lead Auditor or Lead Implementer TOGAF 9.2 awareness Due to the volume of applications received, unfortunately we cannot respond to everyone. If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.
Senior Cyber Security Analyst - Application Security / DevSecOps / Secure Design/SAST, DAST - London Contract (12 Months, Hybrid 8 Days onsite per month, remote rest). Inside of IR35 - must use umbrella. £600 per day. We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high performing security engineering and assurance team. This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments. The successful consultant will operate across cloud native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure by design principles across enterprise scale platforms. Key Responsibilities Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms Define and implement secure by design principles across software engineering and DevOps teams Embed security controls into CI/CD pipelines using modern DevSecOps practices Lead and support SAST, DAST, SCA, and container security integration activities Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices Work closely with development teams to triage vulnerabilities and support remediation activities Define security requirements for modern application architectures including APIs, Microservices, Kubernetes/Containers, Cloud native platforms Support secure architecture reviews across AWS and/or Azure environments Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams Support vulnerability management, security governance, and secure delivery processes Required Skills & Experience Application Security & Secure SDLC OWASP Top 10 / ASVS Secure coding practices Threat modelling (STRIDE / MITRE ATT&CK) Security architecture and design reviews Vulnerability management and remediation Secure Software Development Lifecycle (SSDLC) DevSecOps & CI/CD Security integration of security tooling into CI/CD pipelines Experience with: GitHub, GitLab, Jenkins, Azure DevOps Hands on experience with: SAST, DAST, SCA, Secrets scanning, Container security, Cloud & Platform Security, AWS and/or Azure security, Kubernetes / Docker / container security, API security, IAM / Identity Federation / SSO, WAF and cloud native security tooling, Infrastructure as Code security (Terraform / Checkov / tfsec) Security tooling experience with: SonarQube, Checkmarx, Veracode, Fortify, OWASP ZAP, Burp Suite, Snyk, Aqua, Wiz, Prisma Cloud, Defender for Cloud, Sentinel Ideal Background 8-15+ years in Cyber Security Strong focus on Application Security and DevSecOps Experience working closely with engineering and platform teams Strong stakeholder engagement and communication skills Experience within regulated or enterprise environments (Financial services, government, or large scale enterprise) highly desirable Certifications desirable: CISSP, SABSA, GIAC, ISO 27001, Cloud security certifications (AWS / Azure) Rates depend on experience and client requirements.
09/06/2026
Full time
Senior Cyber Security Analyst - Application Security / DevSecOps / Secure Design/SAST, DAST - London Contract (12 Months, Hybrid 8 Days onsite per month, remote rest). Inside of IR35 - must use umbrella. £600 per day. We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high performing security engineering and assurance team. This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments. The successful consultant will operate across cloud native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure by design principles across enterprise scale platforms. Key Responsibilities Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms Define and implement secure by design principles across software engineering and DevOps teams Embed security controls into CI/CD pipelines using modern DevSecOps practices Lead and support SAST, DAST, SCA, and container security integration activities Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices Work closely with development teams to triage vulnerabilities and support remediation activities Define security requirements for modern application architectures including APIs, Microservices, Kubernetes/Containers, Cloud native platforms Support secure architecture reviews across AWS and/or Azure environments Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams Support vulnerability management, security governance, and secure delivery processes Required Skills & Experience Application Security & Secure SDLC OWASP Top 10 / ASVS Secure coding practices Threat modelling (STRIDE / MITRE ATT&CK) Security architecture and design reviews Vulnerability management and remediation Secure Software Development Lifecycle (SSDLC) DevSecOps & CI/CD Security integration of security tooling into CI/CD pipelines Experience with: GitHub, GitLab, Jenkins, Azure DevOps Hands on experience with: SAST, DAST, SCA, Secrets scanning, Container security, Cloud & Platform Security, AWS and/or Azure security, Kubernetes / Docker / container security, API security, IAM / Identity Federation / SSO, WAF and cloud native security tooling, Infrastructure as Code security (Terraform / Checkov / tfsec) Security tooling experience with: SonarQube, Checkmarx, Veracode, Fortify, OWASP ZAP, Burp Suite, Snyk, Aqua, Wiz, Prisma Cloud, Defender for Cloud, Sentinel Ideal Background 8-15+ years in Cyber Security Strong focus on Application Security and DevSecOps Experience working closely with engineering and platform teams Strong stakeholder engagement and communication skills Experience within regulated or enterprise environments (Financial services, government, or large scale enterprise) highly desirable Certifications desirable: CISSP, SABSA, GIAC, ISO 27001, Cloud security certifications (AWS / Azure) Rates depend on experience and client requirements.
Senior Security Engineer (AI & DevSecOps) at iProov About iProov iProov provides science-based biometric solutions that enable the world's most security-conscious organizations to streamline secure remote onboarding and authentication for digital and physical access. Our award-winning liveness technology and iSOC offer unmatched resilience against deepfakes and generative AI threats while ensuring effortless, scalable user experiences. Trusted by leading governments and enterprises, including the U.S. Department of Homeland Security, U.K. Home Office, GovTech Singapore, ING, and UBS, iProov sets the standard in biometric identity assurance. This global trust is built not only on our technology but on the strength of the people behind it. For us, diversity at iProov is about reflecting the customers we serve, holding the principles of equality and inclusion at the heart of everything we do and all that we stand for, embracing differences, creating possibilities, and growing together. We aim to foster a culture where individuals of all backgrounds feel confident in bringing their whole selves to work, feel included, and their talents are nurtured, empowering them to contribute fully to our purpose. The Role Reports to: Head of Cybersecurity Location: WeWork Waterloo - Hybrid Comp: $ (Base) + Company Performance Bonus (20%) + Share Options + US iProov Benefits The role was created specifically to provide the technical security depth that will allow us to accelerate our adoption of agentic AI, equipping developers and data scientists building our biometric products with the tools and workflows to use AI safely and at pace. You will work as the direct counterpart to our GRC focused InfoSec Manager, owning the engineering and implementation side of our security posture across cloud infrastructure, developer workflows, AI systems, and our core security toolstack. This is a role for someone who has built and shipped software or infrastructure and brings that experience into a security context. How you can make an impact Architect and deploy the secure technical framework that governs the security controls for how our developers and scientists use agentic AI, including AI coding assistants, autonomous agents, and LLM integrated tooling. Given that these systems can autonomously access data, execute code, and interact with external services, the guardrails you design will need to address a substantially broader attack surface than traditional AI tooling, and must hold up in a context where the underlying data is among the most sensitive we handle. Be the primary technical security voice in decisions around the use and deployment of externally developed AI, ensuring the right controls are in place from the onset. Continuously mature automated security controls into CI/CD pipelines and infrastructure as code deployments, championing the DevSecOps culture across a large engineering organisation. Take hands on ownership of our core security technology stack, including Wiz, CrowdStrike, Google SecOps, and Tailscale, ensuring these platforms are correctly configured, tuned, and integrated. Drive continuous technical delivery of strategic security initiatives, systematically identifying, triaging, and closing gaps across our cloud environments, internal networks, and developer workflows. Provide technical oversight of the security of the data pipelines feeding our internal AI systems and, critically, the permissions and access boundaries of agentic AI systems reaching out into other environments, enforcing the principle of least privilege, maintaining audit trails, and ensuring sensitive data and code integrity is handled with the rigour required. Complement the work of our existing biometric and product focused Red Team by owning security coverage of the DevSecOps surface, the build pipeline, internal toolchain, cloud environments and developer infrastructure. Act as the primary technical security partner to our GRC focused InfoSec Manager, translating governance and compliance mandates into concrete, automated engineering controls. Represent the technical security function in external audits. This includes presenting evidence of controls, articulating the security posture of our cloud and AI environments to auditors, and working closely with the InfoSec Manager to ensure the technical substance behind our compliance position is clearly and credibly communicated. Qualifications A foundational background in software engineering or DevOps before moving into a dedicated security role: you understand how code is written, tested, and deployed, and that experience is central to how you approach security problems. Proven, hands on experience securing modern cloud infrastructure and containerised environments, with a solid understanding of infrastructure as code principles and the security implications of how infrastructure is defined and provisioned. Proficiency in deploying and administering enterprise security platforms, ideally with direct experience managing tools spanning CNAPP, EDR, SIEM, and zero trust networking. A heavy and active user of AI in both professional and personal contexts, including agentic AI tools and coding assistants, with a grounded understanding of the evolving AI threat landscape, including model supply chain risks, prompt injection, data exfiltration, agent misuse, and LLM specific attack vectors. Scripting and automation capability, particularly in Python, to build internal tooling, automate security checks, and reduce reliance on manual processes across the security function. Prior experience or a demonstrated practical interest in securing AI workloads, data pipelines, and machine learning environments. The communication skills to collaborate effectively with highly technical stakeholders, champion security initiatives without hindering developer productivity, and translate risk into language that resonates with both engineering peers and business leadership, including the confidence to present technical security evidence clearly in formal external audit settings. Benefits 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service - up to an extra 5 days off per year based on your continuous service) Growth Shares allocated after passing probation (6 months of service) Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme Nursery Sacrifice Scheme Work Overseas Perk - Work globally for up to 2 weeks Life Assurance SmartHealth - Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family Benefit from personalized 1:1 career coaching with our in house Occupational Psychologist Award winning L&D platform with personal allocated training budgets Enhanced paid family leave Flexible hybrid working environment Free Barista Coffee/Tea, biscuits with fruit in the WeWork office Free access to WeWork discounts and free online well being sessions Vitality Health - a range of options available on this below The Vitality Programme includes a number of reward benefits that all employees have access to as part of the plan, for example: Private Health cover including Dental, Optical, and Audiology 50% off monthly gym memberships Apple watches significantly discounted based member vitality status Half price trainers with Runners Need Weekly rewards - Free coffee with Café Nero Monthly rewards - Free Cinema ticket Discounts on travel with Expedia (hotels) and Mr & Mrs Smith with discounts getting greater throughout the year based on a members vitality status Amazon prime free months based on activity Up to 25% cashback at Waitrose when buying healthy foods75% off stays at Champneys Health Spas Allen Carr's £299 no smoking programme for free Access to Vitality Healthy Mind with 30% off Headspace subscriptions and the ability to earn Vitality points for using Buddhify, Calm and Headspace Discounts on Weight Watchers As an equal opportunities employer, we encourage applications from people of all backgrounds. We're committed to building a workforce that is representative of the people we serve.
08/06/2026
Full time
Senior Security Engineer (AI & DevSecOps) at iProov About iProov iProov provides science-based biometric solutions that enable the world's most security-conscious organizations to streamline secure remote onboarding and authentication for digital and physical access. Our award-winning liveness technology and iSOC offer unmatched resilience against deepfakes and generative AI threats while ensuring effortless, scalable user experiences. Trusted by leading governments and enterprises, including the U.S. Department of Homeland Security, U.K. Home Office, GovTech Singapore, ING, and UBS, iProov sets the standard in biometric identity assurance. This global trust is built not only on our technology but on the strength of the people behind it. For us, diversity at iProov is about reflecting the customers we serve, holding the principles of equality and inclusion at the heart of everything we do and all that we stand for, embracing differences, creating possibilities, and growing together. We aim to foster a culture where individuals of all backgrounds feel confident in bringing their whole selves to work, feel included, and their talents are nurtured, empowering them to contribute fully to our purpose. The Role Reports to: Head of Cybersecurity Location: WeWork Waterloo - Hybrid Comp: $ (Base) + Company Performance Bonus (20%) + Share Options + US iProov Benefits The role was created specifically to provide the technical security depth that will allow us to accelerate our adoption of agentic AI, equipping developers and data scientists building our biometric products with the tools and workflows to use AI safely and at pace. You will work as the direct counterpart to our GRC focused InfoSec Manager, owning the engineering and implementation side of our security posture across cloud infrastructure, developer workflows, AI systems, and our core security toolstack. This is a role for someone who has built and shipped software or infrastructure and brings that experience into a security context. How you can make an impact Architect and deploy the secure technical framework that governs the security controls for how our developers and scientists use agentic AI, including AI coding assistants, autonomous agents, and LLM integrated tooling. Given that these systems can autonomously access data, execute code, and interact with external services, the guardrails you design will need to address a substantially broader attack surface than traditional AI tooling, and must hold up in a context where the underlying data is among the most sensitive we handle. Be the primary technical security voice in decisions around the use and deployment of externally developed AI, ensuring the right controls are in place from the onset. Continuously mature automated security controls into CI/CD pipelines and infrastructure as code deployments, championing the DevSecOps culture across a large engineering organisation. Take hands on ownership of our core security technology stack, including Wiz, CrowdStrike, Google SecOps, and Tailscale, ensuring these platforms are correctly configured, tuned, and integrated. Drive continuous technical delivery of strategic security initiatives, systematically identifying, triaging, and closing gaps across our cloud environments, internal networks, and developer workflows. Provide technical oversight of the security of the data pipelines feeding our internal AI systems and, critically, the permissions and access boundaries of agentic AI systems reaching out into other environments, enforcing the principle of least privilege, maintaining audit trails, and ensuring sensitive data and code integrity is handled with the rigour required. Complement the work of our existing biometric and product focused Red Team by owning security coverage of the DevSecOps surface, the build pipeline, internal toolchain, cloud environments and developer infrastructure. Act as the primary technical security partner to our GRC focused InfoSec Manager, translating governance and compliance mandates into concrete, automated engineering controls. Represent the technical security function in external audits. This includes presenting evidence of controls, articulating the security posture of our cloud and AI environments to auditors, and working closely with the InfoSec Manager to ensure the technical substance behind our compliance position is clearly and credibly communicated. Qualifications A foundational background in software engineering or DevOps before moving into a dedicated security role: you understand how code is written, tested, and deployed, and that experience is central to how you approach security problems. Proven, hands on experience securing modern cloud infrastructure and containerised environments, with a solid understanding of infrastructure as code principles and the security implications of how infrastructure is defined and provisioned. Proficiency in deploying and administering enterprise security platforms, ideally with direct experience managing tools spanning CNAPP, EDR, SIEM, and zero trust networking. A heavy and active user of AI in both professional and personal contexts, including agentic AI tools and coding assistants, with a grounded understanding of the evolving AI threat landscape, including model supply chain risks, prompt injection, data exfiltration, agent misuse, and LLM specific attack vectors. Scripting and automation capability, particularly in Python, to build internal tooling, automate security checks, and reduce reliance on manual processes across the security function. Prior experience or a demonstrated practical interest in securing AI workloads, data pipelines, and machine learning environments. The communication skills to collaborate effectively with highly technical stakeholders, champion security initiatives without hindering developer productivity, and translate risk into language that resonates with both engineering peers and business leadership, including the confidence to present technical security evidence clearly in formal external audit settings. Benefits 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service - up to an extra 5 days off per year based on your continuous service) Growth Shares allocated after passing probation (6 months of service) Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme Nursery Sacrifice Scheme Work Overseas Perk - Work globally for up to 2 weeks Life Assurance SmartHealth - Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family Benefit from personalized 1:1 career coaching with our in house Occupational Psychologist Award winning L&D platform with personal allocated training budgets Enhanced paid family leave Flexible hybrid working environment Free Barista Coffee/Tea, biscuits with fruit in the WeWork office Free access to WeWork discounts and free online well being sessions Vitality Health - a range of options available on this below The Vitality Programme includes a number of reward benefits that all employees have access to as part of the plan, for example: Private Health cover including Dental, Optical, and Audiology 50% off monthly gym memberships Apple watches significantly discounted based member vitality status Half price trainers with Runners Need Weekly rewards - Free coffee with Café Nero Monthly rewards - Free Cinema ticket Discounts on travel with Expedia (hotels) and Mr & Mrs Smith with discounts getting greater throughout the year based on a members vitality status Amazon prime free months based on activity Up to 25% cashback at Waitrose when buying healthy foods75% off stays at Champneys Health Spas Allen Carr's £299 no smoking programme for free Access to Vitality Healthy Mind with 30% off Headspace subscriptions and the ability to earn Vitality points for using Buddhify, Calm and Headspace Discounts on Weight Watchers As an equal opportunities employer, we encourage applications from people of all backgrounds. We're committed to building a workforce that is representative of the people we serve.
Senior Software Engineer - Python / AWS / Cloud-Native Engineering SC or DV Cleared Government Programme AWS Python Terraform Microservices Location: UK (Hybrid / Remote) Security Clearance: SC or DV required Engagement: Contract (Inside IR35) Sector: Public Sector / Defence / National Infrastructure We are supporting a major secure government programme building modern cloud-native and AI-enabled digital capability within a highly technical AWS engineering environment. The team are looking for a strong Senior Python Software Engineer with experience delivering scalable backend services, microservices platforms and event-driven cloud solutions within AWS environments. This role sits inside a highly engineering-led team working across Python development, AWS infrastructure, DevOps automation and cloud-native platform delivery. The environment is heavily focused around scalable distributed systems, modern CI/CD practices and cloud-native engineering capability. This is not a traditional enterprise development environment - they need engineers comfortable operating across backend engineering, cloud integration and modern AWS-hosted microservices architectures. Key responsibilities Designing and developing Python backend services and APIs Building scalable cloud-native applications within AWS environments Developing event-driven and microservices-based systems Supporting CI/CD and automated deployment pipelines Working closely with DevOps, platform and cloud engineering teams Supporting secure and resilient distributed systems Contributing to technical design, engineering standards and delivery quality Operating within Agile engineering teams delivering modern cloud-native services Core skills required Strong Python engineering experience AWS cloud-native engineering REST APIs / backend services Microservices and event-driven architectures Terraform / Infrastructure as Code CI/CD pipelines Docker / containerisation Cloud integration experience GitHub Actions / GitLab CI / Jenkins Experience working within Agile engineering teams Highly desirable FastAPI / Flask AWS Lambda / ECS / API Gateway SNS / SQS / EventBridge Kubernetes / EKS DevSecOps experience AI / LLM integration exposure Secure government or regulated environment experience SC, enhanced SC or DV clearance Environment & culture The engineering environment is modern, fast-moving and highly collaborative. The team work closely across software engineering, DevOps, platform engineering and automation functions, with strong focus around delivery quality, automation and cloud-native best practice. Candidates with experience across government digital services, AWS-hosted platforms and modern DevOps engineering environments will align particularly well.
06/06/2026
Full time
Senior Software Engineer - Python / AWS / Cloud-Native Engineering SC or DV Cleared Government Programme AWS Python Terraform Microservices Location: UK (Hybrid / Remote) Security Clearance: SC or DV required Engagement: Contract (Inside IR35) Sector: Public Sector / Defence / National Infrastructure We are supporting a major secure government programme building modern cloud-native and AI-enabled digital capability within a highly technical AWS engineering environment. The team are looking for a strong Senior Python Software Engineer with experience delivering scalable backend services, microservices platforms and event-driven cloud solutions within AWS environments. This role sits inside a highly engineering-led team working across Python development, AWS infrastructure, DevOps automation and cloud-native platform delivery. The environment is heavily focused around scalable distributed systems, modern CI/CD practices and cloud-native engineering capability. This is not a traditional enterprise development environment - they need engineers comfortable operating across backend engineering, cloud integration and modern AWS-hosted microservices architectures. Key responsibilities Designing and developing Python backend services and APIs Building scalable cloud-native applications within AWS environments Developing event-driven and microservices-based systems Supporting CI/CD and automated deployment pipelines Working closely with DevOps, platform and cloud engineering teams Supporting secure and resilient distributed systems Contributing to technical design, engineering standards and delivery quality Operating within Agile engineering teams delivering modern cloud-native services Core skills required Strong Python engineering experience AWS cloud-native engineering REST APIs / backend services Microservices and event-driven architectures Terraform / Infrastructure as Code CI/CD pipelines Docker / containerisation Cloud integration experience GitHub Actions / GitLab CI / Jenkins Experience working within Agile engineering teams Highly desirable FastAPI / Flask AWS Lambda / ECS / API Gateway SNS / SQS / EventBridge Kubernetes / EKS DevSecOps experience AI / LLM integration exposure Secure government or regulated environment experience SC, enhanced SC or DV clearance Environment & culture The engineering environment is modern, fast-moving and highly collaborative. The team work closely across software engineering, DevOps, platform engineering and automation functions, with strong focus around delivery quality, automation and cloud-native best practice. Candidates with experience across government digital services, AWS-hosted platforms and modern DevOps engineering environments will align particularly well.
Senior Delivery Manager Salary: competitive depending upon experience + benefits Where the job is based: hybrid (home-based & working with Kerv Digital office/customer site visits as required) UK HQ, Seven House, 18 High Street, Longbridge, B31 2UQ Who we are: Dive into a world where technology meets innovation. At Kerv Digital, we're not just another tech company. We re the problem solvers, the magicians who transform complex challenges into seamless digital experiences. Utilising a powerful blend of Power Platform, DevSecOps, Data experiences, and Software Engineering, we create business solutions that truly resonate with our clients driving extreme value! With our roots planted in Birmingham and branches spreading across the globe from London to Bangalore, we're a proud member of the Kerv Group - a dynamic £112m revenue technology consultancy leader with a dedicated team of over 700 professionals, partnering with 800+ sector leaders. People come first always we are incredibly proud of our unparalleled work culture. Not just words on paper, we wear our "Great Place to Work" certifications from the UK and India like badges of honour. Dive into an ocean of opportunities in an atmosphere that celebrates collaboration. Sharpen your prowess with a global multi-discipline team and be guided by the industry's most forward-thinking architects. This role is a 6 month FTC Who we are looking for: The oft-sought, seldom found, inspired agile software, digital or IT delivery owner capable of ensuring we provide dazzling software and solutions across a huge array of technologies and platforms. You ll be paired with a Solution Architect to take care of the technical wizardry on each project, along with a talented team of front and backend developers with support from the Technical Directors and Commercial Managers to boot. All backgrounds will always be considered and experience here is far more important, we re really open to Project Managers that have a solid transferable background that are looking to deliver a mix of well governed Business Transformation, Dynamics 365 delivery, Bespoke Development projects using our mature blend of agile and waterfall approaches and tools as appropriate. Ability to guide our clients through an Agile Scrum delivery and manage the Scrum ceremonies is essential. Required Experience: Meeting customers, listening carefully and understanding their business Creating and maintaining the environment in which the project will succeed Working with on/off-shore development/implementation teams Establishing and operating governance structures within projects to ensure effective decision making and robust assurance Managing project cost base and time tracking Identifying and delivering change control and project upsell Wrestling detailed requirements and designs into an implementable plan Managing an agile development process, including stewarding planning sessions, scrums and show and tell), working alongside our delivery managers Reporting project status to the cloudThing operations board and the client, effectively managing stakeholder expectations Software, Digital or IT Project Management using a structured Agile approach Excellent written and presentation skills, the ability to think on feet and make decisions Other tasks as reasonably requested (yes, our lawyers asked for that one) Senior Delivery Manager: 5+ Years delivery management experience Delivery Manager: 2-5 Years delivery management experience We re also looking for people that fit how we work, which is something like; happiest working under their own direction, but fully supported when needed an obvious attention to detail, we want you to obsess about the little things! an escalation handler, able to achieve win-win outcomes by utilising the skills across the team ability to work effectively with remote teams in India / UK ability to work flexibly to deliver on-time to tight timescales What we can do for you: We re a transparent, honest and fiercely equal employer that believes completely in providing the best possible work experience for our employee s: • Real Flexibility we re a family first organisation, and if the work gets done, you can work when and wherever you want. A healthy approach for most of our teams seems to be splitting three ways between home, customer sites and the office. • Awesome Environment all of our employee s will tell you that we foster an easy going environment, are experts at what we do and care deeply about what we work on that s in large part because we re privately owned by those that work day-to-day in the business, and the company was started specifically to find a way for people to take more enjoyment from their work. • Interesting Work these days most of our customers are household names and many of our projects have an important impact on the world around us. The kind of things we do regularly include working with not-for-profits to transform how they leverage technology, working with public bodies to shape digital services and working with top tier private entities to bring genuinely new and meaningful products and services to market. • Great Benefits all the usual suspects and then some. Some highlights include our choose-your-own tech approach to end-user devices, well stocked cupboards with tasty goodies (we re a food first company too), excellent professional development support including frequent in-house training for tech. you can t get trained on anywhere else and private healthcare. Full disclosure; some benefits can only be provided after probation. • Recognition & Growth Recognized as a 'Great Place to Work' in both the UK and India, our commitment to excellence goes beyond our products and services. Our culture is a testament to the dedicated technologists who work tirelessly to drive our vision forward. Being a part of Kerv Digital means embracing a culture of innovation, collaboration, and mutual respect. Our teams in the UK and India thrive in an atmosphere that promotes continuous learning and growth. Join us at Kerv Digital, where we don t just build groundbreaking technology - we build future. Don t take our word for it though, check out our impartial Glass Door reviews More on equality: At Kerv, we re building something special and we re building it to last. We want everybody to feel valued, included and love working together. With an uncompromising pursuit of amazing employee experience, we always strive to do the right thing. We believe and will relentlessly promote and support the power of diversity, equality and belonging, through collaboration and creating exceptional solutions together. Please note: By submitting an application you agree to Kerv Digital s Trakstar Privacy Notice - Kerv
02/10/2025
Contractor
Senior Delivery Manager Salary: competitive depending upon experience + benefits Where the job is based: hybrid (home-based & working with Kerv Digital office/customer site visits as required) UK HQ, Seven House, 18 High Street, Longbridge, B31 2UQ Who we are: Dive into a world where technology meets innovation. At Kerv Digital, we're not just another tech company. We re the problem solvers, the magicians who transform complex challenges into seamless digital experiences. Utilising a powerful blend of Power Platform, DevSecOps, Data experiences, and Software Engineering, we create business solutions that truly resonate with our clients driving extreme value! With our roots planted in Birmingham and branches spreading across the globe from London to Bangalore, we're a proud member of the Kerv Group - a dynamic £112m revenue technology consultancy leader with a dedicated team of over 700 professionals, partnering with 800+ sector leaders. People come first always we are incredibly proud of our unparalleled work culture. Not just words on paper, we wear our "Great Place to Work" certifications from the UK and India like badges of honour. Dive into an ocean of opportunities in an atmosphere that celebrates collaboration. Sharpen your prowess with a global multi-discipline team and be guided by the industry's most forward-thinking architects. This role is a 6 month FTC Who we are looking for: The oft-sought, seldom found, inspired agile software, digital or IT delivery owner capable of ensuring we provide dazzling software and solutions across a huge array of technologies and platforms. You ll be paired with a Solution Architect to take care of the technical wizardry on each project, along with a talented team of front and backend developers with support from the Technical Directors and Commercial Managers to boot. All backgrounds will always be considered and experience here is far more important, we re really open to Project Managers that have a solid transferable background that are looking to deliver a mix of well governed Business Transformation, Dynamics 365 delivery, Bespoke Development projects using our mature blend of agile and waterfall approaches and tools as appropriate. Ability to guide our clients through an Agile Scrum delivery and manage the Scrum ceremonies is essential. Required Experience: Meeting customers, listening carefully and understanding their business Creating and maintaining the environment in which the project will succeed Working with on/off-shore development/implementation teams Establishing and operating governance structures within projects to ensure effective decision making and robust assurance Managing project cost base and time tracking Identifying and delivering change control and project upsell Wrestling detailed requirements and designs into an implementable plan Managing an agile development process, including stewarding planning sessions, scrums and show and tell), working alongside our delivery managers Reporting project status to the cloudThing operations board and the client, effectively managing stakeholder expectations Software, Digital or IT Project Management using a structured Agile approach Excellent written and presentation skills, the ability to think on feet and make decisions Other tasks as reasonably requested (yes, our lawyers asked for that one) Senior Delivery Manager: 5+ Years delivery management experience Delivery Manager: 2-5 Years delivery management experience We re also looking for people that fit how we work, which is something like; happiest working under their own direction, but fully supported when needed an obvious attention to detail, we want you to obsess about the little things! an escalation handler, able to achieve win-win outcomes by utilising the skills across the team ability to work effectively with remote teams in India / UK ability to work flexibly to deliver on-time to tight timescales What we can do for you: We re a transparent, honest and fiercely equal employer that believes completely in providing the best possible work experience for our employee s: • Real Flexibility we re a family first organisation, and if the work gets done, you can work when and wherever you want. A healthy approach for most of our teams seems to be splitting three ways between home, customer sites and the office. • Awesome Environment all of our employee s will tell you that we foster an easy going environment, are experts at what we do and care deeply about what we work on that s in large part because we re privately owned by those that work day-to-day in the business, and the company was started specifically to find a way for people to take more enjoyment from their work. • Interesting Work these days most of our customers are household names and many of our projects have an important impact on the world around us. The kind of things we do regularly include working with not-for-profits to transform how they leverage technology, working with public bodies to shape digital services and working with top tier private entities to bring genuinely new and meaningful products and services to market. • Great Benefits all the usual suspects and then some. Some highlights include our choose-your-own tech approach to end-user devices, well stocked cupboards with tasty goodies (we re a food first company too), excellent professional development support including frequent in-house training for tech. you can t get trained on anywhere else and private healthcare. Full disclosure; some benefits can only be provided after probation. • Recognition & Growth Recognized as a 'Great Place to Work' in both the UK and India, our commitment to excellence goes beyond our products and services. Our culture is a testament to the dedicated technologists who work tirelessly to drive our vision forward. Being a part of Kerv Digital means embracing a culture of innovation, collaboration, and mutual respect. Our teams in the UK and India thrive in an atmosphere that promotes continuous learning and growth. Join us at Kerv Digital, where we don t just build groundbreaking technology - we build future. Don t take our word for it though, check out our impartial Glass Door reviews More on equality: At Kerv, we re building something special and we re building it to last. We want everybody to feel valued, included and love working together. With an uncompromising pursuit of amazing employee experience, we always strive to do the right thing. We believe and will relentlessly promote and support the power of diversity, equality and belonging, through collaboration and creating exceptional solutions together. Please note: By submitting an application you agree to Kerv Digital s Trakstar Privacy Notice - Kerv
Enterprise Architect Looking for your next big architecture challenge? Do you thrive at the intersection of technology vision and practical delivery? Want to play a key role in shaping the future of digital solutions in a professional services setting? This Enterprise Architect opportunity will see you influencing strategy, modernising Legacy systems, and designing solutions that have real impact, both internally and for clients. Role: Enterprise Architect Location: London & Ipswich Hybrid pattern: 3 days per week, 2 days remote Salary: £90,000 - £95,000 per annum Industry: Mid-tier law firm (professional services) You'll be reporting into the IT Director, working with senior stakeholders, clients, technical teams and suppliers to deliver flexible, scalable solutions aligned with ambitious growth plans. What's in it for you You'll be joining a forward-thinking, people-focused environment where innovation is encouraged and professional growth is actively supported. Expect a strong benefits package including private healthcare, enhanced leave, profit share and performance bonuses, pension contributions, life assurance, gym discounts, electric car scheme, and an agile/hybrid working policy that trusts you to deliver. You'll also enjoy the freedom to shape architectural strategy and directly influence how technology enables transformation. What you'll be doing Designing innovative, scalable technology solutions that modernise systems, reduce technical debt and enable new services Setting and aligning architecture with business strategy and long-term vision Driving integration of cloud platforms (Microsoft Azure), data management, and modern development practices Championing DevSecOps principles, including CI/CD, Infrastructure as Code, and automation Facilitating workshops with internal teams and external clients to gather requirements and drive adoption Staying ahead of emerging tech trends to introduce new tools and methodologies What we're looking for Proven track record as an Enterprise Architect or similar, ideally in professional services (legal experience a plus) Strong background in software engineering, system architecture, and cloud solutions (Azure) Familiarity with APIs, frameworks, and integration patterns Confident communicator, able to simplify complex concepts and influence diverse stakeholders Comfortable in Agile environments and product-led delivery Curious, analytical mindset with a passion for innovation and continuous improvement If you're ready to lead on transformative architecture projects and want to be part of a collaborative, ambitious environment, APPLY NOW.
02/10/2025
Full time
Enterprise Architect Looking for your next big architecture challenge? Do you thrive at the intersection of technology vision and practical delivery? Want to play a key role in shaping the future of digital solutions in a professional services setting? This Enterprise Architect opportunity will see you influencing strategy, modernising Legacy systems, and designing solutions that have real impact, both internally and for clients. Role: Enterprise Architect Location: London & Ipswich Hybrid pattern: 3 days per week, 2 days remote Salary: £90,000 - £95,000 per annum Industry: Mid-tier law firm (professional services) You'll be reporting into the IT Director, working with senior stakeholders, clients, technical teams and suppliers to deliver flexible, scalable solutions aligned with ambitious growth plans. What's in it for you You'll be joining a forward-thinking, people-focused environment where innovation is encouraged and professional growth is actively supported. Expect a strong benefits package including private healthcare, enhanced leave, profit share and performance bonuses, pension contributions, life assurance, gym discounts, electric car scheme, and an agile/hybrid working policy that trusts you to deliver. You'll also enjoy the freedom to shape architectural strategy and directly influence how technology enables transformation. What you'll be doing Designing innovative, scalable technology solutions that modernise systems, reduce technical debt and enable new services Setting and aligning architecture with business strategy and long-term vision Driving integration of cloud platforms (Microsoft Azure), data management, and modern development practices Championing DevSecOps principles, including CI/CD, Infrastructure as Code, and automation Facilitating workshops with internal teams and external clients to gather requirements and drive adoption Staying ahead of emerging tech trends to introduce new tools and methodologies What we're looking for Proven track record as an Enterprise Architect or similar, ideally in professional services (legal experience a plus) Strong background in software engineering, system architecture, and cloud solutions (Azure) Familiarity with APIs, frameworks, and integration patterns Confident communicator, able to simplify complex concepts and influence diverse stakeholders Comfortable in Agile environments and product-led delivery Curious, analytical mindset with a passion for innovation and continuous improvement If you're ready to lead on transformative architecture projects and want to be part of a collaborative, ambitious environment, APPLY NOW.
