Ideas | People | Trust
We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.
We work with the companies that are Britain’s economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them.
We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team.
You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls.
In this busy and rewarding role, you’ll also: Collaborate with software development teams to integrate security into the development lifecycle. Own the cultural shift to a Security DevSecOps mindset. Manage & implement security controls, tools, and processes to secure applications and infrastructure. Monitor and respond to security incidents and threats in a timely manner. Stay up-to-date with security trends and best practices to continuously improve security posture. Automate security testing and deployment processes to ensure rapid and secure delivery of software. Develop and maintain security documentation and training materials. Develop and implement the product security strategy in alignment with organisational goals. Integrate Application Security Tools within existing Development Processes. Assist with the Planning & Execution of Application Penetration Tests. Serve as a Subject Matter Expert (SME) in the field of Application Security. Define security NFR's and ensure these are met. Report on compliance with security standards.
You’ll be someone with: Strong experience in software development and security. Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely. Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments. Experience conducting risk assessments and threat modelling for software development and advise where necessary. Experience in software security design review. Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent. Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001. Experience with Azure cloud infrastructure, particularly Azure PaaS service. Experience with Azure DevOps, particularly CI/CD and backlog management. Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations. Expertise with security tools and familiarity with DevSecOps processes. Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable).
You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to the business. We’re committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. #J-18808-Ljbffr
We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.
We work with the companies that are Britain’s economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams that lead them.
We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team.
You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls.
In this busy and rewarding role, you’ll also: Collaborate with software development teams to integrate security into the development lifecycle. Own the cultural shift to a Security DevSecOps mindset. Manage & implement security controls, tools, and processes to secure applications and infrastructure. Monitor and respond to security incidents and threats in a timely manner. Stay up-to-date with security trends and best practices to continuously improve security posture. Automate security testing and deployment processes to ensure rapid and secure delivery of software. Develop and maintain security documentation and training materials. Develop and implement the product security strategy in alignment with organisational goals. Integrate Application Security Tools within existing Development Processes. Assist with the Planning & Execution of Application Penetration Tests. Serve as a Subject Matter Expert (SME) in the field of Application Security. Define security NFR's and ensure these are met. Report on compliance with security standards.
You’ll be someone with: Strong experience in software development and security. Proficient in scripting languages such as Powershell, YAML, JASON, etc. Collaborate with development teams to integrate security best practices into the secure software development lifecycle (SDLC) and ensure products are built securely. Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments. Experience conducting risk assessments and threat modelling for software development and advise where necessary. Experience in software security design review. Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent. Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001. Experience with Azure cloud infrastructure, particularly Azure PaaS service. Experience with Azure DevOps, particularly CI/CD and backlog management. Prepare and present regular security reports to senior management, ensuring compliance with security standards and regulations. Expertise with security tools and familiarity with DevSecOps processes. Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field (preferable).
You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to the business. We’re committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand. #J-18808-Ljbffr
