Senior Cyber Security Engineer

About Us

We are the independent expert in assurance and risk management. Driven by our purpose, to safeguard life, property, and the environment, we empower our customers and their stakeholders with facts and reliable insights so that critical decisions can be made with confidence. As a trusted voice for many of the world’s most successful organizations, we use our knowledge to advance safety and performance, set industry benchmarks, and inspire and invent solutions to tackle global transformations.

About the Role

DNV Energy Systems is seeking a Senior Cyber Security Engineer who gets genuine satisfaction from closing vulnerabilities, not just finding them. In this role, you will work closely with product and engineering teams to actively reduce risk, meet compliance requirements, and embed secure, sustainable practices that last. Reporting to the Digital Portfolio Manager, you will be the primary security engineering resource for the UK&I digital product portfolio. You will own the security posture of the portfolio end‑to‑end, from tooling and triage through to remediation support, assessment execution, and audit preparation. This is an individual contributor role with substantial scope. You'll be the one closest to the work, with direct influence over how security is practised across the portfolio. There is genuine opportunity for the function to grow around you as the team expands. You will work across multiple products and engineering teams simultaneously, acting as the technical security authority for the region. You’ll be joining teams that value security and want to get it right, giving you the platform to drive meaningful, lasting improvements.

What You’ll Do

• Vulnerability Management & Tooling
• Maintain and operate SAST/DAST tooling (including Veracode) across the digital portfolio
• Lead CVE triage, assessing severity, exploitability and remediation priority across all products
• Track and manage vulnerability remediation to closure, working directly with engineering teams
• Maintain the portfolio security risk register, ensuring visibility of open issues and remediation status
• Security Assessment & Audit
• Plan and execute security assessments across the product portfolio against DNV standards and industry frameworks (eg OWASP ASVS)
• Support audit preparation and evidence gathering for internal and external audit cycles
• Maintain assessment documentation, findings registers and remediation tracking artefacts
• Secure Development Practice
• Embed security into the software development lifecycle (SDL/SSDLC) across product teams
• Conduct threat modelling and architecture review for new and materially changed products
• Advise development teams on secure coding practices, dependency management and secrets handling
• Act as technical security subject matter expert, the first point of contact for engineering and product teams when security questions arise

Benefits

• Exceptional Development and career progression opportunities with regular development discussions with your manager
• Non‑contractual Profit Share Scheme
• Lifestyle benefits: 26 days annual leave + bank holidays, opportunity for up to 10 days unpaid leave, sabbatical leave, flexible working options
• Wellbeing benefits: Private Medical, Dental Insurance, Health Assessments, Gym allowance, company contribution towards eye tests and glasses (for computer/laptop users), flu vaccinations, Employee Assistance Programme (EAP) with free confidential support, free fruit in offices
• Financial Benefits: Pension Scheme with employer pension contributions up to 9%, Life Assurance and Income Protection
• Travel benefits: Season Ticket Loan, Cycle to Work Scheme, Electric Vehicle Salary Sacrifice Scheme (personal use)
• Re‑imbursement of relevant Professional Membership Fees (up to £570)
• Access to employee retail discount site for high street and online shopping

DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity.

About You

We’re looking for a Cyber Security Engineer who is focused on practical outcomes and understands that lasting remediation comes from a combination of strong technical fixes, clear communication, good documentation, and solid process.

Essential

• Experience with application security tooling (SAST, DAST, SCA) including commercial platforms such as Veracode
• Experience with CVE triage and vulnerability management across multi‑product environments
• Working knowledge of OWASP Top 10, ASVS, and common web application attack vectors
• Experience executing or supporting security assessments and audit preparation
• Ability to communicate technical security risk clearly to non‑security audiences, including product and senior stakeholders
• Comfortable working as an individual contributor across multiple products simultaneously

Desirable

• Experience with cloud‑hosted applications and infrastructure security (AWS, Azure or GCP)
• Familiarity with ISO 27005, ISO 27001 or equivalent risk management frameworks
• Exposure to threat modelling methodologies (STRIDE, PASTA or similar)
• Relevant security certifications (CEH, OSCP, CISSP, CompTIA Security+ or equivalent)
• Experience in energy, infrastructure, engineering consultancy or other regulated technical environments

Equivalents

We recognise that equivalent tools and frameworks exist across the industry. If your experience is with comparable tooling or your background doesn't map neatly to our list, we’d still like to hear from you – we are interested in your underlying capability and the value you’d bring to the role.