Senior Cyber Engineer

Senior Cyber Engineer

Full-Time 60000 - 80000 £ / year (est.) Home office (partial)
Dormont Manufacturing Co

At a Glance

  • Tasks: Enhance application and cloud security while collaborating with diverse teams.
  • Company: Join the Financial Times, a leading news organisation known for integrity and innovation.
  • Benefits: Competitive salary, inclusive culture, and opportunities for personal and professional growth.
  • Other info: Dynamic workplace with a commitment to diversity and inclusion.
  • Why this job: Make a real impact in cybersecurity while working with cutting-edge technology.
  • Qualifications: Experience in application and cloud security, especially in AWS environments.

The predicted salary is between 60000 - 80000 £ per year.

About Us

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing. Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere.

Our Commitment to Diversity, Equity and Inclusion

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

The Role Overview

We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native, AWS-hosted technology estate. This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default.

You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and infrastructure-as-code workflows. This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right teams.

Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil. We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks.

Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands-on and close to the technical work.

What you’ll bring to the role

  • Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS-hosted, cloud-native environments.
  • Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction.
  • Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams.
  • Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths.
  • Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions and risk reduction.
  • CI/CD and code security: hands‑on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning.
  • Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk.
  • Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation. Depending on team structure, this may include line management.
  • AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential.

Key Responsibilities

  • Improve application security guardrails – Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and useful to engineering teams.
  • Improve cloud and IaC security guardrails – Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale.
  • Drive vulnerability management – Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third‑party advisories are triaged, prioritised and remediated.
  • Drive cloud misconfiguration management – Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows.
  • Run practical threat modelling – Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes.
  • Build automation and tooling – Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand.
  • Support secure architecture decisions – Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes.
  • Partner with engineering teams – Work closely with product, platform and software engineering teams to embed security into design, delivery and operational practices.
  • Support incidents and lessons learned – Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and guidance.
  • Mentor others – Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include line management of one or two security engineers.

Required Experience, Essential:

  • Strong practical experience in application security and cloud security, ideally with a balanced focus across both.
  • Hands‑on AWS security experience, including common misconfiguration patterns and practical remediation approaches.
  • Experience improving vulnerability management across engineering teams, including prioritisation, ownership, remediation tracking and noise reduction.
  • Experience in improving cloud or IaC misconfiguration management at scale in a developer-friendly way.
  • Experience integrating, tuning or improving security tooling in CI/CD workflows, such as SAST, software composition analysis, secret scanning or IaC scanning.
  • Experience running practical threat-modelling sessions that influence design, delivery or remediation decisions.
  • Ability to write scripts or small tools, ideally in Python, to automate security workflows or improve visibility.
  • Strong communication and collaboration skills, with the ability to influence engineers and technical leaders without relying on gatekeeping.
  • Evidence of improving application security, cloud security or vulnerability management practices in a real engineering environment.
  • Familiarity with Agile or Scrum ways of working.

Desirable

  • Experience with leveraging AI for AppSec and CloudSec.
  • AWS Certified Security – Speciality or equivalent practical AWS security experience.
  • Terraform or CloudFormation expertise.
  • Incident-management or incident-response experience.
  • Experience with Splunk or similar logging/SIEM platforms.
  • Experience with security metrics, dashboards or reporting that helped drive measurable risk reduction.
  • Experience mentoring or line-managing security engineers.

Accessibility

We are a disability confident employer and Valuable 500 signatory. Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help.

Further information

At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all information provided is authentic and accurately represents your skills, experience, and qualifications. Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent hiring process for all.

Senior Cyber Engineer employer: Dormont Manufacturing Co

The Financial Times is an exceptional employer that fosters a warm, collaborative culture where curiosity and ambitious thinking are celebrated. Employees benefit from diverse growth opportunities, mentorship, and a commitment to diversity, equity, and inclusion, all while contributing to meaningful journalism that impacts millions globally. With a focus on innovation and employee wellbeing, the FT provides a dynamic environment for professionals looking to make a difference in the world of news and technology.

Dormont Manufacturing Co

Contact Details:

Dormont Manufacturing Co Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Senior Cyber Engineer

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Dormont Manufacturing Co, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through Dormont Manufacturing Co

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Dormont Manufacturing Co. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Senior Cyber Engineer

Application Security
Cloud Security
AWS Security
Vulnerability Management
Infrastructure-as-Code (IaC) Security
Threat Modelling
CI/CD Security Tooling

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Dormont Manufacturing Co insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Dormont Manufacturing Co that you’re committed to staying ahead in the game.

How to prepare for a job interview at Dormont Manufacturing Co

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at Dormont Manufacturing Co to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Dormont Manufacturing Co.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.