Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join a dynamic team to integrate security into software development and automate security tooling.
- Company: Be part of a leading pensions investment firm transforming its technology with a focus on security.
- Benefits: Enjoy a competitive salary package and hybrid working options for better work-life balance.
- Why this job: Make a real impact by shaping secure systems that protect billions in assets and enhance security culture.
- Qualifications: 4-10 years in Security Engineering or DevSecOps, with hands-on experience in CI/CD and cloud-native architectures.
- Other info: Opportunity to influence engineering teams and contribute to broader security capabilities.
We’re partnering with a leading pensions investment firm undergoing a major cloud-native technology transformation, embedding security into every layer of software delivery. This is a rare opportunity to join a highly technical security engineering team with full leadership backing, directly shaping secure-by-design systems that safeguard billions in assets and over a million pension holders. If you’re passionate about automation, developer enablement, and driving security culture within engineering-led teams, this role offers real influence and impact at scale.
Key Responsibilities
- Integrate security controls across the full software development lifecycle - from threat modelling and design to secure coding and CI/CD pipeline enforcement.
- Build and automate security tooling into developer workflows, including SAST, DAST, secrets management, dependency scanning and policy-as-code guardrails.
- Create reusable infrastructure-as-code modules and templates to enable consistent security patterns across cloud-native deployments (AWS focus).
- Collaborate closely with developers and platform engineers to embed security seamlessly into engineering processes without blocking delivery velocity.
- Translate emerging threats into actionable design guidance, continuously refining security architecture and developer enablement.
- Support incident response and remediation efforts where necessary, ensuring resilience across cloud and hybrid environments.
- Contribute to broader security engineering capabilities, including Identity & Access Management and Security Architecture functions.
What You’ll Bring...
- 4-10 years’ hands-on experience in Security Engineering, DevSecOps, or Software Engineering roles with a strong SDLC focus.
- Proven track record embedding security controls into CI/CD pipelines and developer tooling.
- Hands-on expertise with Terraform, GitLab CI, AWS Security Hub, Wiz (or similar tooling).
- Deep understanding of cloud-native architectures including serverless, containers, and API-driven infrastructure (AWS).
- Strong scripting and automation skills to develop policy-as-code and security guardrails.
- Confident communicator who can influence engineering teams and champion security culture across technical stakeholders.
- Familiarity with security frameworks such as NIST, OWASP ASVS, and CIS Benchmarks.
- (Preferred) Experience driving security maturity within regulated industries such as financial services.
- (Preferred) Certifications such as AWS Security Specialty, CSSLP, or GIAC DevSecOps.
Senior Security Engineer - Secure Development & DevSecOps | Pension De-risking Market Leader employer: Techfellow Limited
Contact Detail:
Techfellow Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Security Engineer - Secure Development & DevSecOps | Pension De-risking Market Leader
✨Tip Number 1
Familiarise yourself with the specific security frameworks mentioned in the job description, such as NIST and OWASP ASVS. Being able to discuss these frameworks in detail during your conversations will demonstrate your expertise and alignment with the company's security culture.
✨Tip Number 2
Showcase your hands-on experience with tools like Terraform and GitLab CI by preparing examples of how you've integrated security into CI/CD pipelines. Be ready to discuss specific challenges you faced and how you overcame them, as this will highlight your problem-solving skills.
✨Tip Number 3
Network with professionals in the pensions investment and financial services sectors. Engaging with industry peers can provide insights into the company’s culture and expectations, which can be invaluable during interviews.
✨Tip Number 4
Prepare to discuss your approach to embedding security within engineering teams. Think about how you can influence and champion a security culture without hindering delivery velocity, as this is a key aspect of the role.
We think you need these skills to ace Senior Security Engineer - Secure Development & DevSecOps | Pension De-risking Market Leader
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Security Engineering, DevSecOps, and Software Engineering. Focus on your hands-on expertise with tools like Terraform and AWS Security Hub, as well as your experience embedding security controls into CI/CD pipelines.
Craft a Compelling Cover Letter: In your cover letter, express your passion for automation and developer enablement. Mention specific examples of how you've driven security culture within engineering teams and the impact it had on project delivery.
Showcase Relevant Projects: Include details about projects where you integrated security into the software development lifecycle. Highlight your contributions to threat modelling, secure coding practices, and the use of security tooling in developer workflows.
Highlight Communication Skills: Since the role requires influencing engineering teams, emphasise your communication skills. Provide examples of how you've successfully collaborated with developers and platform engineers to embed security without hindering delivery velocity.
How to prepare for a job interview at Techfellow Limited
✨Showcase Your Technical Expertise
Be prepared to discuss your hands-on experience with security engineering and DevSecOps. Highlight specific projects where you've integrated security controls into CI/CD pipelines or automated security tooling, especially in cloud-native environments like AWS.
✨Demonstrate Your Problem-Solving Skills
Expect scenario-based questions that assess your ability to translate emerging threats into actionable design guidance. Prepare examples of how you've tackled security challenges in previous roles, particularly in fast-paced development settings.
✨Communicate Effectively
As a confident communicator, you should be ready to explain complex security concepts to non-technical stakeholders. Practice articulating how you've influenced engineering teams and fostered a security culture within organisations.
✨Familiarise Yourself with Relevant Frameworks
Brush up on security frameworks such as NIST, OWASP ASVS, and CIS Benchmarks. Be ready to discuss how these frameworks have informed your approach to security architecture and compliance in past projects.
