Lead Software Security Engineer

The Lead Security Engineer role is responsible for technical oversight of secure product development, security testing and security operations. You will work closely with FCA product owners, architects, service managers, and third-party suppliers who provide the development resources to the FCA to:

• Embed secure engineering practices in development workflows, ensuring compliance with Secure by Design principles
• Conduct structured and ad hoc security reviews of code, infrastructure and CI/CD pipelines
• Define and document secure development lifecycle (SDLC) processes aligned with product needs
• Lead security education initiatives for development teams and product stakeholders
• Establish and enforce security requirements for new features, APIs and system enhancements
• Assess and improve security maturity, advocating risk-based methodologies, tooling and automation

What will you get from the role?

• Opportunity to grow in a technology-focused career with meaningful skill development
• Supportive and collaborative team culture, fostering strong internal and cross-team connections
• Purpose-driven environment, united by a shared commitment to public service and impact
• Emphasis on work-life balance, prioritising smart working over excessive hours
• Empowering workplace that values autonomy, trust and effective decision-making
• Genuine commitment to diversity, inclusion and leadership with strong interpersonal skills

Which skills are required?

• Minimum experience in commercial software development, secure coding practices and cloud security services (ideally AWS)
• Experience in reviewing code security, leading cyber incident resolution and improving security processes in development teams
• Experience working with microservices architecture and implementing security tooling in a development context

Essential:

• Strong commercial awareness, assessing supplier proposals and driving cost-effective security solutions
• Ability to integrate security with software innovation while ensuring adherence to organisational standards
• Expertise in security methodologies, including threat modelling and risk assessment
• Deep understanding of technology trends and industry standards in information security
• Proven track record of delivering security-focused assets, including incident reports, secure coding templates and training programmes

Desirable:

• Familiarity with the FCA, its remit, and strategic priorities
• Relevant security certifications, including CompTIA Security+, GSEC, CySA+, CCSP, OSCP or CISSP

Our Values & Diversity:

We are proud to be an inclusive employer and our ambition is to cultivate a culture for all employees that respects their individual strengths, views, and experiences. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation.

Benefits of working at the FCA:

• 25 days holiday per year plus bank holidays
• Hybrid working (work from home up to 60% of your time)
• Private healthcare with Bupa
• A non-contributory Pension of at least 8% of basic salary each month
• Life assurance of eight times your basic salary
• Income protection
• Competitive flexible benefits scheme which gives you the opportunity to create a personalised benefits package, tailored to suit your lifestyle.

Application Support:

We are dedicated to removing barriers and ensuring our application process is accessible to everyone. We offer a range of adjustments to make your application experience as comfortable and straightforward as possible.

Useful Information and Timeline:

• This role is graded as: Lead Associate - Regulatory
• Advert Closing Date: Midnight 07 July
• CV Review/Shortlist: w/c 07 July
• First Round Case Study Assessment: w/c 14 July
• Competency Based Interview: w/c 28 July

If you have a question, please contact: benjamin.paulon@fca.org.uk. Applications must be submitted through our online portal. Applications sent via email will not be accepted.