Lead Cyber Security Engineer in Cardiff

Our client is a leading digital and technology consultancy, recognised among The Times Top 100 Companies to Work For, delivering secure, large‑scale platforms across cloud‑first environments. The organisation partners with clients to build resilient, scalable systems with security engineered at their core.

This opportunity is suited to someone ready to take ownership of security engineering practices across modern cloud platforms, combining hands‑on technical expertise with leadership, mentoring, and influence across engineering teams.

You’ll have the opportunity to:

• Lead security engineering across cloud and application platforms
• Define and evolve security testing methodologies and tooling
• Embed security into CI/CD pipelines and DevSecOps practices
• Influence secure‑by‑design engineering approaches across teams
• Lead threat modelling and communicate risks effectively
• Mentor engineers and support capability growth within the function
• Shape how security is implemented across modern, scalable platforms

Your Responsibilities:

• Lead and deliver security testing and engineering activities across platforms
• Perform and oversee penetration testing, code reviews, and security assessments
• Develop and implement secure development and testing practices
• Integrate security tooling into continuous delivery pipelines
• Work closely with engineering teams to ensure security is embedded early
• Lead threat modelling exercises across systems and architectures
• Support adoption of security frameworks and compliance standards
• Mentor and develop engineers within the security capability
• Stay current with emerging threats, vulnerabilities, and techniques

Key Requirements:

• Strong experience securing web applications and cloud platforms (AWS or Azure)
• Hands‑on experience with manual and automated security testing
• Strong understanding of secure coding and SDLC practices
• Experience working within CI/CD and DevSecOps environments
• Knowledge of security frameworks such as: NCSC, NIST, CIS, OWASP, ISO27001, PCI DSS / GDPR
• Strong understanding of common attack vectors (e.g. XSS, SQL injection)
• Scripting or programming capability across Linux/Windows environments
• Strong communication skills with ability to explain technical concepts clearly
• Experience mentoring or leading small technical teams

You will gain exposure with:

• Enterprise‑scale cloud platforms and modern security architectures
• DevSecOps tooling and integrated security pipelines
• Advanced security testing techniques and real‑world threat scenarios
• Security tooling such as Burp Suite, Nmap, Nessus, Metasploit
• Enterprise security platforms (WAF, SIEM, IDS/IPS)
• Agile delivery environments and collaborative engineering teams

Additional Requirements

• Must be a UK citizen
• Must be eligible for UK Security Clearance, in line with project requirements

Why Join?

• Take ownership of security engineering within a modern cloud‑first environment
• Influence how security is embedded across large‑scale platforms
• Work in a technically strong, collaborative engineering culture
• Remote‑first model with flexibility and autonomy
• Competitive salary and bonus structure

Interested? Apply now.