Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security strategy and embed secure practices in software development.
- Company: Orgvue transforms workforce planning for top enterprises globally.
- Benefits: Enjoy hybrid work, wellness perks, gym membership, and generous holiday.
- Why this job: Join a dynamic team shaping security in innovative tech environments.
- Qualifications: Extensive security engineering experience with cloud expertise required.
- Other info: No sponsorship available; agency engagement not accepted.
The predicted salary is between 72000 - 100000 £ per year.
Join to apply for the Principal Security Engineer role at Orgvue
1 week ago Be among the first 25 applicants
Join to apply for the Principal Security Engineer role at Orgvue
Orgvue is an organisational design and planning platform that empowers your business to transform its workforce by understanding the work people do and the skills they have. Our platform connects strategy to structure, providing clarity of vision, so you can build a more adaptable, better performing organisation that thrives in a constantly changing world of work.
The world\’s largest and best-known enterprises and consulting firms use Orgvue to visualise and model current and future states of the organisation and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney.
Role
The Principal Security Engineer is a strategic, hands-on leader responsible for evaluating, evolving, and executing Orgvue\’s security engineering strategy across our entire application development and cloud-hosting estate. Partnering closely with Information Security, Engineering, and Product teams, you will embed secure-by-design principles throughout the software-development lifecycle (SDLC), champion modern DevSecOps practices, and ensure that security is a first-class citizen in everything we build and operate.
This role reports directly to the Chief Technology Officer (CTO) and maintains a dotted-line relationship with the VP of TechOps.
Responsibilities
- Security Strategy & Governance – Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR)
- Secure SDLC & DevSecOps – Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply-chain security; automate enforcement through CI/CD pipelines
- Cloud & Infrastructure Security – Design and implement robust controls for AWS (primary) and Azure/GCP (secondary): IAM, network segmentation, KMS, secrets management, WAF, EDR, and zero-trust patterns
- Identity & Access Management (IAM) – Own enterprise IAM strategy, including RBAC, least-privilege provisioning, SSO, federation (OIDC/SAML), and privileged-access workflows
- Monitoring, Detection & Response – Define audit logging, metrics, and telemetry requirements; integrate with SIEM/SOAR to deliver actionable alerts and playbooks for engineering-led incident response
- Threat Modeling & Risk Assessment – Conduct regular architecture and code-level reviews, drive remediation plans, and present risk posture to leadership
- Tooling & Automation – Evaluate, select, and integrate security tooling (SAST, DAST, SCA, container scanners, CSPM, CWPP) and champion IaC/Terraform modules for reusable controls
- Collaboration & Mentorship – Act as a trusted advisor to engineering squads, provide security training, and mentor senior engineers on emerging attack vectors and defensive techniques
- Compliance & Audits – Partner with InfoSec and Legal to prepare evidence, manage technical controls, and remediate audit findings
- InfoSec Partnership – Collaborate proactively with the Information Security team on policy development, threat intelligence sharing, incident response, and compliance initiatives, ensuring organisation-wide alignment
- Engineering Partnership & Enablement – Work hand-in-hand with engineering squads to raise security awareness, improve secure coding practices, and foster a culture of shared security ownership
- Architecture Alignment – Partner closely with Orgvue\’s Principal Architect to ensure security patterns, controls, and roadmaps align with overall system architecture and future technical strategy
We are unable to offer Sponsorship for this position and are we not engaging with agencies.
Requirements
- Extensive experience in security engineering and/or software engineering with a strong security focus, including demonstrated leadership of complex security initiatives
- Expert-level knowledge of at least one major cloud platform (AWS preferred) and its native security services
- Proven success embedding security within modern microservice, container, and serverless architectures
- Proficiency with Infrastructure-as-Code (Terraform, CloudFormation) and Kubernetes security hardening (admission controllers, network policies)
- Strong understanding of and practical experience of software engineering and how security can be an enabler to success as an engineer
- Experience working within high-sensitivity data environments
- Strong awareness of compliance standards and the requirements on software teams, especially for ISO27001 and SOC2. FedRAMP experience advantageous
- Demonstrated experience performing threat modelling, penetration test scoping, and vulnerability management
- Deep understanding of IAM concepts, encryption/key-management, and secure network design
- Excellent communication skills with ability to translate technical risk to non-technical stakeholders
Preferred, But Not Essential
- Certifications such as CISSP, CSSLP, AWS Certified Security
- Familiarity with data privacy controls (tokenization, field-level encryption, data mesh)
- Experience implementing security and governance programs for emergent AI tooling and capabilities
Benefits
- Hybrid working – 1+ days a week in the London office
- Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
- Subsidised Gym Membership
- Private Medical Insurance (including Dental and Vision) and Life Assurance
- 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
- Summer Fridays (half-day Fridays for the months of July and August)
- Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
- Season ticket Loan
- Cycle to Work Scheme
- Annual Discretionary Bonus
\’Here at Orgvue we promote individualism and a diverse workforce to build on our future success\’
Seniority level
-
Seniority level
Mid-Senior level
Employment type
-
Employment type
Full-time
Job function
-
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at Orgvue by 2x
Get notified about new Principal Security Engineer jobs in London, England, United Kingdom .
Security Architects (DV Security Clearance)
London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 3 weeks ago
London, England, United Kingdom 2 months ago
Cloud Security Architect, UK Security Operations
London, England, United Kingdom 5 days ago
Security Engineer/Architect – Hedge Fund – up to £185,000 + bonus
Senior Security Engineer – Automation – £850 per day
London, England, United Kingdom 1 week ago
London, England, United Kingdom 3 weeks ago
London, England, United Kingdom 13 hours ago
London, England, United Kingdom 1 month ago
Technical Architect (DV Security Clearance)
London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 1 day ago
London, England, United Kingdom 4 weeks ago
Principal Infrastructure Security Engineer – Platform
London, England, United Kingdom 3 weeks ago
Senior Security Engineer, Detection and Response
London, England, United Kingdom 3 days ago
Mandiant Cloud Security Architect, Mandiant, Google Cloud
London, England, United Kingdom 4 days ago
London, England, United Kingdom 1 week ago
Senior Consultant or Manager, Security Engineer – Financial Services, Enterprise Security
Greater London, England, United Kingdom 1 week ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 3 weeks ago
Senior Security Engineer – Security Technology Delivery
Greater London, England, United Kingdom 2 weeks ago
Senior Security and Infrastructure Engineer
London Area, United Kingdom £70,000.00-£80,000.00 21 hours ago
London, England, United Kingdom 1 month ago
London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 1 week ago
Senior Security Engineer – Ecommerce – 6 Month Contract
London, England, United Kingdom 1 week ago
London, England, United Kingdom 3 months ago
Senior Physical Security System Engineer
London, England, United Kingdom 4 days ago
Sr. Security Engineer, AppSec – Amazon Stores Security
London, England, United Kingdom 1 week ago
London, England, United Kingdom 2 months ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Principal Security Engineer employer: Orgvue
Contact Detail:
Orgvue Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Engineer
✨Tip Number 1
Familiarise yourself with Orgvue's platform and its security needs. Understanding how their organisational design and planning tools work will help you articulate how your security strategies can enhance their offerings.
✨Tip Number 2
Network with current employees or industry professionals who have experience in security engineering within cloud environments. This can provide insights into Orgvue's culture and expectations, which can be invaluable during interviews.
✨Tip Number 3
Stay updated on the latest trends in security engineering, especially around AWS and DevSecOps practices. Being able to discuss recent developments or case studies can demonstrate your passion and expertise in the field.
✨Tip Number 4
Prepare to discuss specific examples of how you've successfully embedded security into software development processes in previous roles. Highlighting your hands-on experience will show that you can effectively lead security initiatives at Orgvue.
We think you need these skills to ace Principal Security Engineer
Some tips for your application 🫡
Understand the Role: Before you start writing your application, make sure you fully understand the responsibilities and requirements of the Principal Security Engineer position at Orgvue. Tailor your application to highlight how your skills and experiences align with their needs.
Highlight Relevant Experience: In your CV and cover letter, focus on your extensive experience in security engineering and software engineering. Provide specific examples of complex security initiatives you've led and how you've embedded security within modern architectures.
Showcase Technical Skills: Make sure to detail your expert-level knowledge of cloud platforms, particularly AWS, and your proficiency with Infrastructure-as-Code tools like Terraform. Mention any relevant certifications, such as CISSP or AWS Certified Security, to strengthen your application.
Communicate Effectively: Use clear and concise language in your application. Remember that you may need to explain technical concepts to non-technical stakeholders, so demonstrate your ability to translate complex security risks into understandable terms.
How to prepare for a job interview at Orgvue
✨Understand the Security Landscape
Familiarise yourself with Orgvue's security engineering strategy and the specific compliance frameworks mentioned in the job description, such as NIST CSF and ISO 27001. Be prepared to discuss how your experience aligns with these standards and how you can contribute to their implementation.
✨Showcase Your Technical Expertise
Highlight your expert-level knowledge of cloud platforms, particularly AWS, and discuss your experience with security services. Be ready to provide examples of how you've embedded security within microservices, containers, or serverless architectures in previous roles.
✨Demonstrate Collaboration Skills
Since the role involves working closely with various teams, prepare to share examples of how you've successfully collaborated with engineering and information security teams in the past. Emphasise your ability to communicate technical risks to non-technical stakeholders.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world security challenges. Think about past experiences where you conducted threat modelling or vulnerability management, and be ready to explain your thought process and the outcomes.
