Cybersecurity (Secure Software/Cloud Integration) Engineer

Social network you want to login/join with:

col-narrow-left

Expleo

London, United Kingdom

Other

-

Yes

col-narrow-right

f62c3dc99d89

24

12.08.2025

26.09.2025

col-wide

Responsibilities

• Embed security practices into software development pipelines by integrating DevSecOps principles, automation tools, and governance controls.
• Support the definition, implementation, and continuous improvement of secure software development lifecycle (SSDLC) processes across internal and client delivery teams.
• Advise on secure architecture patterns and controls for cloud-native, containerised, and hybrid applications, aligned with industry standards and best practices.
• Collaborate with engineering, DevOps, and platform teams to guide the adoption of security tooling across CI/CD environments.
• Conduct reviews of application architecture, infrastructure-as-code, and security configurations to identify risks and support remediation planning.
• Provide input into security design decisions, threat modelling sessions, and architectural governance forums.
• To support engineering teams and deliver clear, practical documentation, including secure development standards, integration guidelines, and process artefacts.
• Stay informed on the evolving threat landscape, cloud security trends, and software security vulnerabilities to ensure contemporary and effective delivery.
• Participate in client workshops, knowledge-sharing sessions, and cross-functional engagements to build capability and promote a secure development culture.
• Contribute to continuous internal improvement initiatives within the cybersecurity practice, helping enhance methods, tooling, and DevSecOps delivery frameworks

Qualifications

• A degree (or equivalent experience) in Cybersecurity, Computer Science, Software Engineering, or a related technical discipline.
• Recognised industry certifications in cybersecurity or application security (CompTIA, ISC2, GIAC, ISACA, or CREST).
• Highly desirable are certifications related to secure development and cloud security (CSSLP, AZ-500, SC-100/SC-200, AWS Security, GCSA, GCLD, or similar).
• Familiarity with secure coding standards (OWASP, SEI CERT) and SSDLC models (Microsoft SDL, NIST 800-218 SSDF).
• Knowledge or experience of Product Assurance Schemes (PAS) or product security frameworks (PAS 754, PAS 1296, or similar) is desirable.
• DevOps, DevSecOps, or platform certifications (Kubernetes, Terraform, Azure DevOps, GitHub Actions) are advantageous.
• Evidence of continued professional development aligned with software and cloud security trends, tooling, and threat awareness.

Essential skills

• Strong understanding of secure software development principles and the software development lifecycle (SDLC/SSDLC).
• Hands-on experience integrating security tools and controls into CI/CD pipelines.
• Proficiency in modern DevOps environments.
• Practical experience with cloud security concepts and controls across at least one major cloud platform (AWS, Azure, or GCP).
• Solid grasp of secure coding practices and common software vulnerabilities.
• Ability to assess code, configurations, and architecture for security issues and provide practical remediation guidance.
• Strong documentation and communication skills to produce secure development standards, process guidance, and developer-facing artefacts.
• Ability to collaborate with software engineers, DevOps teams, and architects to embed security into agile and DevSecOps workflows.
• Comfortable working in fast-paced delivery environments, adapting to changing technologies, frameworks, and client contexts.

Desired skills

• Familiarity with infrastructure-as-code (IaC) security practices and tooling.
• Knowledge of container orchestration platforms and associated security tooling.
• Awareness of compliance and assurance frameworks relevant to secure software.
• Understanding cloud-native security services and architectures, including Zero Trust models and shift-left security practices.
• Exposure to secure software supply chain practices, including code provenance, dependency management, and SBOM generation.
• Ability to support security awareness and up-skillingacross engineering teams through mentoring, workshops, or documentation.

Experience

• Experience in cybersecurity, secure software engineering, or cloud security roles, with a strong emphasis on delivery.
• Demonstrable experience embedding security controls and tooling into software development pipelines and DevOps environments.
• Hands-on experience implementing or supporting secure development processes (SSDLC), code review practices, or CI/CD security integration.
• Proven involvement in cloud-native or hybrid solution development with exposure to major cloud platforms.
• Experience collaborating with developers, DevOps, architects, and platform teams to design and implement secure software solutions.
• Exposure to application security tooling (SAST, DAST, SCA), cloud security services, and infrastructure-as-code security practices.
• Track record of contributing to security documentation, standards, developer enablement, or secure coding artefacts.
• Familiarity with agile or DevOps-based delivery models and working across multiple stakeholders or client environments.
• Experience contributing to internal capability building, reusable templates/toolchains, or developer enablement initiatives.
• Experience conducting or contributing to threat modelling exercises (DREAD, STRIDE-LM, PASTA) as part of design and architecture reviews.

What do I need before I apply

• You must have the right to work in the UK.
• A strong foundation in cybersecurity engineering or infrastructure security, with practical delivery experience.
• A proactive and adaptable mindset, with the ability to work independently across diverse client environments. A passion for delivering high-quality, standards-aligned cybersecurity solutions that make a tangible impact.
• Collaborative working environment – we stand shoulder to shoulder with our clients and ourpeers through good times and challenges
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
• ExpleoAcademy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
• Competitive company benefits
• Always working as one team, our people are not afraid to think big and challenge the status quo
• As a Disability Confident Committed Employer we have committed to:
• Ensure our recruitment process is inclusive and accessible
• Communicating and promoting vacancies
• Offering an interview to disabled people who meet the minimum criteria for the job
• Anticipating and providing reasonable adjustments as required
• Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive