At a Glance
- Tasks: Lead security engineering and testing for innovative platforms and services.
- Company: Dynamic tech company focused on security and growth.
- Benefits: Hybrid/remote work, 35 days annual leave, enhanced pension, and private health.
- Other info: Join a collaborative environment with opportunities for professional development.
- Why this job: Make a real impact in security while mentoring the next generation of engineers.
- Qualifications: Expertise in web application security and cloud platforms, plus mentoring skills.
The predicted salary is between 70000 - 90000 £ per year.
A senior technical role leading security engineering and testing across a growing portfolio of platforms and services.
The Role
- Lead security engineering and testing efforts, setting direction on methodology, tooling, and engagement scoping.
- Work alongside agile delivery teams to embed good security practice throughout the software development lifecycle and help grow the skills of more junior engineers.
- Lead security testing engagements, including penetration tests on web applications, networks, and infrastructure.
- Define and evolve our security testing methodology, outputs, and tool selection.
- Conduct source code reviews and embed security into CI/CD pipelines.
- Coach and develop a small team, supporting performance and career growth.
- Advise customers and colleagues on security best practice, translating complexity for varied audiences.
Experience
- Expertise securing web applications and cloud platforms (AWS or Azure).
- Hands-on experience with manual and automated security testing tools.
- Strong knowledge of security standards such as NCSC, NIST, OWASP ASVS, GDPR, and PCI.
- Familiarity with common attack vectors including OWASP Top 10, XSS, SQL injection, and MITM.
- Experience in Continuous Security, CI, and CD practices.
- Proven ability to mentor and develop team members.
- Scripting or programming experience across Windows, Linux, or macOS.
Desirable
- Penetration testing qualification such as OSCP, CREST, or TIGER.
- Experience with tools including Burp Suite, OWASP-ZAP, Nmap, Nessus, or Metasploit.
- Background working in agile delivery environments.
- Active involvement in the security community.
Package
- Share options
- Hybrid/Remote working - Belfast
- 35 days annual leave inc stat
- Enhanced pension scheme
- Private health
Please apply now if you are meeting the above criteria or contact Andrew Harrison directly.
Skills: Penetration testing, Web application, Cloud security, OWASP, CI/CD, DevSecOps
Benefits: Work From Home
Lead Security Engineer employer: Ocho
As a Lead Security Engineer, you will thrive in a dynamic and supportive environment that prioritises employee growth and well-being. With a hybrid/remote working model based in Belfast, you will enjoy an impressive benefits package including 35 days of annual leave, an enhanced pension scheme, and private health coverage. Our culture fosters collaboration and continuous learning, empowering you to lead security initiatives while mentoring junior engineers and making a meaningful impact on our security practices.
StudySmarter Expert Advice🤫
We think this is how you could land Lead Security Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the security community, attend meetups, and connect with potential colleagues on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your security projects, whether it's a blog about your latest penetration test or a GitHub repo with your scripts. This gives us something tangible to discuss during interviews.
✨Tip Number 3
Prepare for those technical interviews! Brush up on your knowledge of security standards and common attack vectors. We recommend practising mock interviews with friends or using online platforms to get comfortable with the format.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Lead Security Engineer
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that match the Lead Security Engineer role. Highlight your expertise in security testing, cloud platforms, and any relevant qualifications like OSCP or CREST.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you're passionate about security engineering. Share specific examples of how you've led security initiatives or mentored junior engineers in the past.
Showcase Your Technical Skills:Don’t forget to mention your hands-on experience with tools like Burp Suite or OWASP-ZAP. We want to see your familiarity with security standards and methodologies, so be clear about your technical prowess.
Apply Through Our Website:We encourage you to apply directly through our website for the best chance of getting noticed. It’s the easiest way for us to keep track of your application and ensure it reaches the right people!
How to prepare for a job interview at Ocho
✨Know Your Security Standards
Make sure you brush up on key security standards like NCSC, NIST, and OWASP ASVS. Being able to discuss these confidently will show that you’re not just familiar with them but can also apply them in real-world scenarios.
✨Showcase Your Hands-On Experience
Prepare to talk about your hands-on experience with security testing tools like Burp Suite or OWASP-ZAP. Have specific examples ready where you’ve used these tools effectively, especially in penetration testing engagements.
✨Demonstrate Your Mentoring Skills
Since the role involves coaching junior engineers, think of instances where you’ve mentored others. Be ready to share how you helped them grow and what strategies you used to develop their skills.
✨Engage with the Security Community
Mention any active involvement you have in the security community. Whether it’s attending conferences, participating in forums, or contributing to open-source projects, showing your passion for security will set you apart.
