IT Security Engineer (35230)

About the role:

Help Us Build a Safer, Healthier Future

At Holland & Barrett, we're redefining wellness through innovation-and security is at the heart of everything we do. We're looking for a Security Engineer who's passionate about protecting systems, data, and people. If you're excited by the challenge of embedding security into cloud-native architectures and agile development workflows, we'd love to hear from you.
Key Responsibilities
Cloud & Infrastructure Security

• Design and implement secure architectures on cloud platforms, primarily AWS.
• Manage perimeter defenses including WAF, DDoS protection, and CDN configurations.
• Enforce least privilege access controls and implement RBAC policies.
• Develop and maintain Infrastructure-as-Code (IaC) security standards using tools like Terraform, CloudFormation, or AWS CDK.

Application Security

• Integrate security into the SDLC with threat modeling, secure design reviews, and code assessments.
• Deploy and manage security tooling such as SAST, DAST, SCA, and container vulnerability scanners.
• Collaborate with developers to foster secure coding practices and DevSecOps culture.
• Conduct application-level security assessments and support incident response efforts.

Collaboration & Enablement

• Partner with cross-functional teams to integrate security into daily workflows.
• Develop and share reusable security patterns, documentation, and internal training.
• Contribute to evolving our security policies, standards, and best practices.

Key requirements:

Essential Qualifications

• 5+ years in security engineering, cloud security, or application security.
• Strong expertise in AWS security services and cloud-native architecture.
• Proficiency in at least one modern programming language (e.g., Python, JavaScript, Go).
• Experience working with CI/CD pipelines and embedding security into DevOps.
• Familiarity with key security frameworks and standards (OWASP Top 10, ISO 27001, NIST).
• Hands-on experience securing containerized environments (e.g., Docker, Kubernetes).

Desirable Skills

• Exposure to microservices security, API gateways, and service mesh technologies.
• Understanding of compliance standards such as GDPR and PCI-DSS.
• Strong communication skills with a proven ability to engage technical and non-technical stakeholders.

Why Join Holland & Barrett?

Holland & Barrett is on a digital transformation journey to become the trusted partner in health and wellness. As a member of our Security Engineering team, you'll help shape the future of a secure digital environment that serves millions of customers. You'll be working with modern tools, contributing to strategic security initiatives, and making a tangible impact on people's well-being.

Ready to make a difference?
Apply now and help shape the secure foundation of a healthier tomorrow.

What we offer:

• Pension company contribution = 3%
• Incentive scheme up to 10% of annual salary, based on company performance.
• Your wellbeing is paramount so you can get away and take 33 Days Holiday per year.
• Private Medical Care (Self after 1 year)
• Learning and Development opportunity with Holland & Barrett is a great base for career development long term.
• Career progression.
• Epic Extras gives you access to exclusive benefits, free advice and savings from a range of retailers and providers.
• Stay healthy with Discounted Products - from day one you'll get a 25% discount (on top of other promotions) when you shop at H&B on anything that you buy.
• We all need a little help sometimes, so weoffer Free 24/7 Confidential Advice & Colleague Welfare.
• Mental Health First Aiders - we have lots of qualified Mental Health First Aiders because its all about your health & wellbeing.
• Stay active in the Onsite Gym at our Nuneaton Hub!
• We have colleague Reward and Recognition Schemes, so your hard work and loyalty won't go unnoticed.
• And many more!

We're passionate about helping every colleague thrive across all dimensions of wellbeing, and we're committed to having a diverse and inclusive workplace. In line with our EPIC values (Expertise, Pioneering, Inclusive, Caring), we embrace and actively celebrate all our colleagues' unique and varying experiences, backgrounds, identities and cultures - I am me, we are H&B.

Holland & Barrett does not accept unsolicited resumes from search firms/recruiters. Please do not forward resumes to our job alias, employees, or any other company location. Holland & Barrett is not and will not be responsible for any fees if a candidate submitted by a search firm/recruiter unless otherwise agreed with respect to specific open position(s).