Security Engineer

About Applied Computing

Applied Computing was founded in 2024 to build Orbital, a physics-informed foundation model for energy operations. We’re live across oil and gas, refineries, and petrochemicals, working towards our mission: sustainable abundance for a growing planet. The hydrocarbon industry keeps the world running. But its complexity has left operators tied to legacy systems, making critical decisions on less than 10% of available data. We built Orbital to change that. It’s a foundation model built specifically for energy that lets companies use AI at scale, harnessing all of their operational data and optimising in real time for any metric. Decisions get faster, operations get safer, and carbon intensity falls. We’ve raised over $32 million, including one of the largest seed rounds for an AI company in the UK. We’re just getting started.

The Role

Security here is not a compliance function with a budget and a slide deck. We take compliance seriously and it is woven into how the team operates. It is an engineering problem that needs solving every day, by someone who gets stuck in. Our security team is small and honest about it. A hands‑on CISO, a Compliance Manager, a Lead Security Researcher who spends his time on the offensive side, and a junior engineer who was the IT lead six months ago and is now doing the best work of their career. We need someone to sit in the middle of that and pull it forward. The work is real and the ambition is high. We are maturing our DevSecOps capability, driving continuous improvement across our cloud posture, and targeting SOC 2 Type 2 certification within three to six months. Nobody is going to hand you a roadmap. You will help build it. If that sounds like the kind of problem you want to own, read on.

Key Responsibilities

• DevSecOps & Secure SDLC
  • Design and implement security gates within CI/CD pipelines using GitHub Actions and related tooling
  • Define and enforce secure coding standards and automated checks across development workflows
  • Work closely with engineering teams to embed security early in the development lifecycle without becoming a blocker
  • Champion a shift‑left security culture across the organisation
• Cloud Security
  • Own and maintain the cloud security posture across AWS (primary), Azure (development), and M365
  • Use Wiz to continuously monitor, prioritise, and remediate cloud security findings
  • Develop and enforce cloud security standards, IAM policies, and guardrails
  • Identify and close gaps in cloud architecture before they become incidents
• Vulnerability Management
  • Lead the vulnerability management programme, triage, prioritise, track and remediate across the estate
  • Manage the intake of security findings from internal and external sources and ensure nothing falls through the cracks
  • Produce clear, actionable remediation guidance for engineering and infrastructure teams and where needed, roll up your sleeves and raise the PR yourself
  • Track and report on risk reduction over time to the CISO
• Mentoring & Team Development
  • Provide day‑to‑day mentoring and technical guidance to the junior security engineer
  • Review their work, share your thinking, and help them develop both technically and professionally
  • Contribute to a team culture where curiosity is valued and problems are solved collaboratively

Essential Experience

• Hands‑on experience with Terraform for infrastructure as code and security configuration management
• Proficiency with Microsoft Sentinel – building detections, managing alerts, and investigating incidents
• Working knowledge of Wiz or a comparable cloud security posture management tool
• Strong understanding of DevSecOps principles and practical experience integrating security into GitHub‑based CI/CD pipelines
• Solid AWS security experience – IAM, security groups, logging, monitoring, and remediation
• Familiarity with M365 and Azure security configurations
• Experience delivering against SOC 2 and/or ISO 27001 requirements in a hands‑on engineering capacity
• Proven ability to manage and prioritise a vulnerability backlog under real‑world constraint

What We Are Looking For

The technical skills matter. So does everything else. We need someone who does not wait to be told what the problem is. Someone who is curious enough to go looking, confident enough to say what they find, and grounded enough to triage a ticket pile on a Tuesday morning without treating it as beneath them. The role will move between housekeeping and high‑stakes projects in the same week. The junior engineer on the team needs more than a colleague. They need someone who will invest in them, not just review their work but help them think differently. If mentoring energises you, that matters here. Our Lead Security Researcher already owns the offensive side of AI and ML security. What we need is someone who can hold the defensive line, securing model pipelines, understanding prompt injection risks, thinking about supply chain exposure in AI systems. It is not a requirement for this role. But if you have been in that space, you will hit the ground running.

What Success Looks Like

• 30 Days
  • You know where the bodies are buried. You have mapped the cloud posture, walked the pipelines, understood the compliance gap, and formed a view on what needs to happen first. You are not still finding your feet, you are already contributing.
• 60 Days
  • Your mark is already visible. The DevSecOps capability is stronger, vulnerability management has a process that people follow, and the SOC 2 Type 2 workstream is moving with momentum. The junior engineer is already doing things they were not doing before you arrived.
• 6–12 Months
  • SOC 2 Type 2 is done. Not in progress, done. The cloud posture is measurably stronger, and you can prove it. Security is part of how the engineering team works, not something that happens to them after the fact. You have raised the floor, and you are still raising it.