At a Glance
- Tasks: Enhance application security and collaborate with engineers to streamline secure practices.
- Company: Join a forward-thinking tech company focused on cloud-native solutions.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic role with a focus on innovation and collaboration.
- Why this job: Make a real impact by improving security in modern engineering environments.
- Qualifications: Experience in application security and strong communication skills are essential.
The predicted salary is between 50000 - 65000 £ per year.
Requirements:
- You do not need to be a deep AWS or cloud security specialist, but some exposure to AWS, cloud security or infrastructure-as-code security would be useful.
- We’re looking for someone with practical AppSec experience who wants to grow their impact - someone who enjoys working with engineers, improving tooling and helping security become part of normal delivery rather than a last-minute checkpoint.
- Application security experience: practical experience identifying, explaining and helping remediate application security risks in modern engineering environments.
- Developer-friendly security mindset: you enjoy working with engineers, explaining risks clearly and helping teams adopt secure practices without unnecessary friction.
- Vulnerability management experience: experience triaging and tracking application vulnerabilities from sources such as SAST, dependency scanning, secret scanning, penetration tests, bug bounty reports or third-party advisories.
- CI/CD and code security awareness: familiarity with security tooling in development workflows, such as SAST, software composition analysis, secret scanning or repository security controls.
- Threat modelling awareness: experience participating in, supporting or facilitating lightweight threat-modelling sessions for applications, services or new features.
- Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce manual effort, improve visibility or make security workflows easier.
- Cloud security awareness: Some exposure to AWS, cloud security or infrastructure-as-code security would be useful, but is not essential.
- Growth mindset: willingness to keep developing across application security, cloud security, secure development and modern engineering practices.
- Practical experience in application security.
- Experience working with software engineers to explain and remediate security issues.
- Familiarity with common web application security risks and secure coding practices.
- Experience with vulnerability triage, prioritisation and remediation tracking.
- Experience using or interpreting findings from tools such as SAST, software composition analysis, secret scanning or similar.
- Experience participating in or supporting threat-modelling activities.
- Ability to write scripts or small tools, ideally in Python, to automate tasks or improve visibility.
- Strong communication and collaboration skills.
- Familiarity with Agile or Scrum ways of working.
- (Desirable) Exposure to AWS security, cloud security or infrastructure-as-code security.
- (Desirable) Experience with Terraform or CloudFormation.
- (Desirable) Experience with container or Kubernetes security.
- (Desirable) Experience with bug bounty, penetration testing or security testing programmes.
- (Desirable) Experience with Splunk or similar logging/SIEM platforms.
- (Desirable) Exposure to AI security, such as LLM-enabled applications, AI-assisted development workflows or prompt/data leakage risks.
- (Desirable) Experience building dashboards, metrics or reports to support vulnerability management.
- (Desirable) Relevant security certifications or training, such as AWS security training, secure coding training, GIAC, ISC2, CREST or equivalent practical experience.
What the job involves:
- We’re looking for a Cyber Security Engineer to help improve application security across the FT’s cloud-native technology estate. This is a hands-on role focused on making secure engineering easier for product, platform and software engineering teams.
- Application security experience is essential for this role. You’ll help improve developer-friendly security guardrails across GitHub-based CI/CD pipelines, application repositories and engineering workflows.
- This includes working with SAST, software composition analysis, secret scanning, vulnerability management and secure coding guidance so that security findings are clear, actionable and owned by the right teams.
- You’ll work closely with engineers to support practical threat modelling, triage application vulnerabilities, improve security playbooks and help teams remediate issues in a pragmatic way.
Cyber Security Engineer employer: The Financial Times
As a Cyber Security Engineer at our company, you will thrive in a dynamic and collaborative environment that prioritises innovation and security. We offer a supportive work culture that encourages continuous learning and professional growth, with opportunities to engage directly with engineering teams to enhance application security practices. Located in a vibrant tech hub, our company provides unique advantages such as access to cutting-edge tools and resources, fostering an atmosphere where your contributions can make a significant impact.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Engineer
✨Tip Number 1
Network like a pro! Attend meetups, webinars, or conferences related to cyber security. Chatting with industry folks can lead to job opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Create a GitHub repository showcasing your projects, scripts, or tools you've built. This gives potential employers a taste of what you can do and how you think.
✨Tip Number 3
Don’t just apply; engage! When you find a role you like on our website, reach out to someone in the company on LinkedIn. A friendly message can make you stand out from the crowd.
✨Tip Number 4
Prepare for interviews by practising common technical questions and scenarios. Think about how you’d explain security risks to engineers and how you’d help them adopt secure practices without friction.
We think you need these skills to ace Cyber Security Engineer
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your relevant experience in application security and cloud security. We want to see how your skills align with the role, so don’t hold back on showcasing your practical AppSec experience!
Show Off Your Communication Skills:Since this role involves working closely with engineers, it’s crucial to demonstrate your ability to explain security risks clearly. Use examples from your past experiences where you’ve successfully collaborated with teams to improve security practices.
Highlight Your Automation Mindset:If you've written scripts or tools to streamline security processes, make sure to mention that! We love candidates who can show us their automation skills, especially in Python, as it aligns perfectly with our goal of making security workflows easier.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team at StudySmarter!
How to prepare for a job interview at The Financial Times
✨Know Your Application Security Basics
Make sure you brush up on your application security knowledge. Be ready to discuss common web application security risks and how to remediate them. Think about practical examples from your past experience where you've identified and helped fix security issues.
✨Show Off Your Collaboration Skills
This role is all about working with engineers, so be prepared to demonstrate your communication skills. Share examples of how you've successfully collaborated with development teams to integrate security practices into their workflows without causing friction.
✨Familiarise Yourself with CI/CD Tools
Since the job involves improving security in CI/CD pipelines, it’s crucial to know your way around tools like SAST and software composition analysis. Be ready to discuss how you've used these tools in the past and how they can help streamline security processes.
✨Emphasise Your Growth Mindset
The company values a growth mindset, so express your eagerness to learn and adapt. Talk about any recent training or certifications you've pursued, especially in areas like cloud security or secure coding, and how you plan to continue developing your skills.
