At a Glance
- Tasks: Design and implement security measures in a dynamic tech environment.
- Company: Join a pioneering AI company focused on sustainable energy solutions.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Collaborative team culture with a focus on continuous improvement and innovation.
- Why this job: Be part of a mission to revolutionise energy operations with cutting-edge technology.
- Qualifications: Experience in DevSecOps, cloud security, and mentoring junior engineers.
The predicted salary is between 60000 - 80000 £ per year.
About Applied Computing
Applied Computing was founded in 2024 to build Orbital, a physics-informed foundation model for energy operations. We’re live across oil and gas, refineries, and petrochemicals, working towards our mission: sustainable abundance for a growing planet. The hydrocarbon industry keeps the world running. But its complexity has left operators tied to legacy systems, making critical decisions on less than 10% of available data. We built Orbital to change that. It’s a foundation model built specifically for energy that lets companies use AI at scale, harnessing all of their operational data and optimising in real time for any metric. Decisions get faster, operations get safer, and carbon intensity falls. We’ve raised over $32 million, including one of the largest seed rounds for an AI company in the UK. We’re just getting started.
The Role
Security here is not a compliance function with a budget and a slide deck. We take compliance seriously and it is woven into how the team operates. It is an engineering problem that needs solving every day, by someone who gets stuck in. Our security team is small and honest about it. A hands‑on CISO, a Compliance Manager, a Lead Security Researcher who spends his time on the offensive side, and a junior engineer who was the IT lead six months ago and is now doing the best work of their career. We need someone to sit in the middle of that and pull it forward. The work is real and the ambition is high. We are maturing our DevSecOps capability, driving continuous improvement across our cloud posture, and targeting SOC 2 Type 2 certification within three to six months. Nobody is going to hand you a roadmap. You will help build it. If that sounds like the kind of problem you want to own, read on.
Key Responsibilities
- DevSecOps & Secure SDLC
- Design and implement security gates within CI/CD pipelines using GitHub Actions and related tooling
- Define and enforce secure coding standards and automated checks across development workflows
- Work closely with engineering teams to embed security early in the development lifecycle without becoming a blocker
- Champion a shift‑left security culture across the organisation
- Cloud Security
- Own and maintain the cloud security posture across AWS (primary), Azure (development), and M365
- Use Wiz to continuously monitor, prioritise, and remediate cloud security findings
- Develop and enforce cloud security standards, IAM policies, and guardrails
- Identify and close gaps in cloud architecture before they become incidents
- Vulnerability Management
- Lead the vulnerability management programme, triage, prioritise, track and remediate across the estate
- Manage the intake of security findings from internal and external sources and ensure nothing falls through the cracks
- Produce clear, actionable remediation guidance for engineering and infrastructure teams and where needed, roll up your sleeves and raise the PR yourself
- Track and report on risk reduction over time to the CISO
- Mentoring & Team Development
- Provide day‑to‑day mentoring and technical guidance to the junior security engineer
- Review their work, share your thinking, and help them develop both technically and professionally
- Contribute to a team culture where curiosity is valued and problems are solved collaboratively
Essential Experience
- Hands‑on experience with Terraform for infrastructure as code and security configuration management
- Proficiency with Microsoft Sentinel – building detections, managing alerts, and investigating incidents
- Working knowledge of Wiz or a comparable cloud security posture management tool
- Strong understanding of DevSecOps principles and practical experience integrating security into GitHub‑based CI/CD pipelines
- Solid AWS security experience – IAM, security groups, logging, monitoring, and remediation
- Familiarity with M365 and Azure security configurations
- Experience delivering against SOC 2 and/or ISO 27001 requirements in a hands‑on engineering capacity
- Proven ability to manage and prioritise a vulnerability backlog under real‑world constraint
What We Are Looking For
The technical skills matter. So does everything else. We need someone who does not wait to be told what the problem is. Someone who is curious enough to go looking, confident enough to say what they find, and grounded enough to triage a ticket pile on a Tuesday morning without treating it as beneath them. The role will move between housekeeping and high‑stakes projects in the same week. The junior engineer on the team needs more than a colleague. They need someone who will invest in them, not just review their work but help them think differently. If mentoring energises you, that matters here. Our Lead Security Researcher already owns the offensive side of AI and ML security. What we need is someone who can hold the defensive line, securing model pipelines, understanding prompt injection risks, thinking about supply chain exposure in AI systems. It is not a requirement for this role. But if you have been in that space, you will hit the ground running.
What Success Looks Like
- 30 Days
- You know where the bodies are buried. You have mapped the cloud posture, walked the pipelines, understood the compliance gap, and formed a view on what needs to happen first. You are not still finding your feet, you are already contributing.
- 60 Days
- Your mark is already visible. The DevSecOps capability is stronger, vulnerability management has a process that people follow, and the SOC 2 Type 2 workstream is moving with momentum. The junior engineer is already doing things they were not doing before you arrived.
- 6–12 Months
- SOC 2 Type 2 is done. Not in progress, done. The cloud posture is measurably stronger, and you can prove it. Security is part of how the engineering team works, not something that happens to them after the fact. You have raised the floor, and you are still raising it.
Security Engineer employer: Applied Computing
At Applied Computing, we pride ourselves on fostering a dynamic and innovative work environment where every team member plays a crucial role in shaping the future of energy operations. Our commitment to employee growth is evident through hands-on mentoring and the opportunity to tackle real-world challenges in a collaborative culture that values curiosity and initiative. Located in a vibrant sector of the UK, we offer competitive benefits and the chance to be part of a pioneering team dedicated to achieving sustainable abundance for our planet.
StudySmarter Expert Advice🤫
We think this is how you could land Security Engineer
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Applied Computing, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Applied Computing
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Applied Computing. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Security Engineer
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Applied Computing insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Applied Computing that you’re committed to staying ahead in the game.
How to prepare for a job interview at Applied Computing
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Applied Computing to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Applied Computing.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.