Enterprise Security Engineer (AI & Enterprise Security) in London

Hybrid Remote • United Kingdom / Ireland

About CloudBees

CloudBees enables enterprises to deliver scalable, compliant, and secure software, empowering developers to do their best work. Seamlessly integrating into any hybrid and heterogeneous environment, CloudBees is more than a tool—it's a strategic partner in your cloud transformation journey, ensuring security, compliance, and operational efficiency while enhancing the developer experience across your entire software development lifecycle.

About the Role

We're looking for a motivated engineer to help secure the most critical AI initiatives across the business. Most application security engineers spend their careers on the product side. This role puts you on the other side: AI-era security for the business itself, not the product customers use. You'll work alongside the CISO on problems most companies don't have a playbook for yet.

The work is product security with an enterprise scope. Internal apps, AI tools, and agents are products that need the same threat modeling, secure design, and engineering rigour as anything customer-facing. Alongside enterprise security work, you'll build tooling, automation, and agents that help the broader security team scale with AI.

This is a hands-on role. Bring initiative. We'll give you the problems worth solving.

What You'll Do

• Secure Development Standards
  • Develop secure SDLC standards for internal apps and AI workflows
  • Build patterns, reference architectures, and the documentation teams need to self-serve
  • Work with business teams to raise the profile of security and adopt secure practices, especially for AI and low-code
• Threat modeling and risk assessment
  • Conduct threat modeling, risk assessments, and technical security reviews for enterprise systems, internal apps, and AI and agentic deployments
  • Identify and prioritize security risks; advise risk, compliance, audit, and business teams on mitigations
  • Translate findings into actionable enterprise controls and detection requirements
• AI and agentic security
  • Design safeguards for enterprise AI tooling, including agents and non-human identities
  • Evaluate and integrate emerging AI/ML security tools
  • Stay current with the AI security landscape
• Building and automation
  • Engineer and automate AI-first security workflows that scale the wider Security team
  • Build for the enterprise domain in a way that benefits Product Security, SOC, and GRC

What You Bring

• Security expertise
  • Hands-on experience in software and enterprise security
  • Desirable: working knowledge in any of SaaS, cloud, IAM, or endpoint security
• Secure SDLC
  • Proficiency in secure SDLC fundamentals, including threat modelling, secure design, vulnerability management, and CI/CD security
• Engineering and tooling
  • Comfortable writing and reviewing code (Python, Go, TypeScript, or similar)
  • Experience building integrations and automating security workflows
  • Experience with security tools at scale — SAST, DAST, SIEM, endpoint, cloud, identity, AI/ML, vulnerability management platforms
• AI and agentic security knowledge
  • Understanding of AI/ML security risks, attack vectors, and vulnerabilities
  • Familiarity with agentic AI frameworks and generative AI tools
• Communication and interpersonal skills
  • Exceptional written and verbal communication; able to translate complex security concepts for any audience
  • Strong interpersonal skills; build trust and credibility quickly across technical and non-technical teams
  • Drive outcomes through collaboration
• Mindset
  • Self-starter with initiative and ownership
  • Hacker mindset — figures out the problem, then solves it
  • Thrives in ambiguity

Working Conditions

Hybrid - Full time. Travel required. Adjustments will be considered to accommodate individual needs in line with applicable equality and disability legislation.

Equal Opportunity Statement

CloudBees is committed to providing equal opportunities in employment. We value diversity and inclusion and make decisions based on skills, qualifications, and experience. We do not discriminate on the basis of age, disability, gender identity, marital or civil status, pregnancy, maternity, race, religion or belief, sex, or sexual orientation, in accordance with applicable laws.

Data Protection Statement

All personal data collected during the recruitment process will be processed in line with CloudBees’s Privacy Policy and applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).

Disclaimer

This job description provides an overview of the role and key responsibilities. It is not an exhaustive list, and responsibilities may evolve in line with business needs.