Key skills
CloudDockerGoogle Cloud PlatformKubernetesPythonTerraformGoBashAIAgenticGCPGoogle CloudGitHub ActionsGitGitHubCI/CDSnykOWASPPenetration Testing
About this role
Role Overview
- Own the vulnerability management programme across our products, cloud, and corporate estate: discovery, prioritisation, remediation tracking, and reporting.
- Consolidate findings across our detection stack into a single risk picture.
- Partner with software engineers to grow the Secure Software Development Lifecycle, including code reviews, threat models, and pre-ship security input.
- Harden the GCP estate, Kubernetes platform, and CI/CD systems our engineers depend on.
- Run vendor security reviews and respond to enterprise customer security questionnaires.
- Operate and tune the Elastic SIEM and broader detection stack, building new detections as the threat picture evolves.
- Respond to security incidents including on-call, and run training exercises to keep the team ready.
- Build and run security agents and automations that other engineers and the wider business rely on, treating them as production-grade software.
- Evaluate AI models and frameworks against security standards.
Requirements
- Around five years in security engineering, with depth in at least one of application security, infrastructure security, enterprise security, or vulnerability management, and solid breadth across the others.
- Hands-on experience running or contributing to a vulnerability management programme, including prioritisation, SLA setting, remediation tracking, and reporting.
- Working knowledge of SCA/SAST tooling, Internal Developer Portals, and SIEM; we use Snyk, Port, and Elastic.
- Working knowledge of the security features of the major public cloud providers, with GCP preferred.
- Comfort with Kubernetes, Docker, or other container architectures.
- Confident with at least one programming or scripting language such as Python, Go, or Bash.
- Solid experience with Git, GitHub Actions, and Terraform.
- Active, daily use of AI and agentic tools, with concrete examples of agents you have built and outputs you have shipped.
- Experience with vendor security questionnaires.
- Familiarity with common security frameworks such as PCI DSS and NIST.
- Penetration testing background or OWASP Top 10 fluency would be a plus.
- Experience with CI/CD security hardening at scale would be a plus.
Tech Stack
- Cloud
- Docker
- Google Cloud Platform
- Kubernetes
- Python
- Terraform
- Go
Benefits
- Equal opportunity employer
- Bringing people together from different backgrounds, experiences and perspectives makes for a healthy workplace, a more successful business and a better world. We value diversity and encourage everyone to come and soundtrack the world with us.