Senior Security Engineer

Role OVO-View

Salary banding: 53000 - 76000

Experience: Senior

Working pattern: Full-Time

Reporting to: Senior Security Engineer

Sponsorship: Unfortunately we are unable to offer sponsorship for this role.

This role in 3 words: Code Cloud Security

Top 3 qualities for this role: Problem Solving Challenger Curiosity

Where youll work:

Depending on the needs of your business area we expect hub based people to be in the office at least once a week and to go to OVO Connection events in-person.

Youll be assigned to the closest one of our three hub offices Bristol Glasgow or London; unless your role requires field-based work. Each hub has accessible spaces to park your laptop is designed to inspire people help them connect and bring big ideas to life.

Everyone belongs at OVO

At OVO we are on a mission to solve one of humanitys biggest challenges the climate crisis. And we know it takes all of us to change the world. Thats why we need diverse people from all abilities gender identities ethnicities ages sexual orientations life experiences and backgrounds to join us.

Teamworking for the planet

Everything we do here spins around Plan Zero. So naturally the team youll be joining plays a gigantic role in making that happen. Heres how:

Were hiring creators and challengers who deliver high-impact well-engineered solutions. Every role were hiring puts people at the heart of our security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with secure technology!

This role in a nutshell:

The security engineering team collaborates with OVOs Engineering teams to secure the design and configuration of OVO applications infrastructure and to secure access to OVOs resources. As a senior security engineer you will pioneer an innovative and inclusive security culture inspire with compelling security solutions and land secure defaults and designs in data and cloud native engineering teams code CI/CD and infrastructure. You will personally excel at implementing reliable tools to prevent mitigate or automatically remediate misconfigurations and vulnerabilities. You will champion operational excellence across all OVO-built and accessed applications and infrastructure.

Your key outcomes will be:

• Minimise Security Risk Exposure: Proactively identify assess and drive the mitigation of complex security risks within key products and systems through continuous attack exposure and controls monitoring expert assessment threat modelling and leading remediation efforts.
• Strengthen Secure Foundations: Champion and embed robust security architecture principles secure development lifecycle (SDL) practices and practical standards within development teams to build security in from the start.
• Enhance Security Operations & Team Capability: Optimise security tooling and processes within your domain for effectiveness and efficiency while accelerating the development of junior engineers through active mentorship and guidance.

Systems: Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list):

• Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz)
• GCP and AWS native security and compliance monitoring
• CI/CD product development pipelines and automation
• Identity and Access Management and Privileged Access Management platforms
• SaaS discovery context-aware access and continuous access evaluation SaaS and Cloud security event monitoring and security posture management
• Application Security Verification Standard and related technologies
• Web Application Firewall (e.g. Cloudflare Cloud Armor)
• Data and AI security (eg DSPM DLP Model Armor)
• Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR)
• Endpoint Cloud and Identity Detection and Response
• Issue and Project Tracking (Jira)

Youll be a successful Senior Security Engineer at OVO if you

• Develop & Maintain Security Standards: Define document socialise and maintain specific security standards baselines and procedures tailored to your assigned products or teams. Ensure these align with broader organisational policies while providing practical actionable tools and guardrails for developers and engineers.
  
  
• Lead Risk Assessments & Threat Modelling: Independently plan and conduct in-depth security risk assessments (evaluating likelihood and impact) and perform routine detailed threat modelling (including attack path analysis) for key projects features and applications. Analyse complex findings prioritise risks effectively and architect practical proportionate mitigation strategies.
  
  
• Manage & Optimise Security Tooling:Take full ownership of configuring operating tuning and maintaining relevant security tools (e.g. SAST DAST IAST SCA vulnerability scanners CNAPP CADR and WAF policies) within your domain. Focus on integrating tools seamlessly into CI/CD pipelines automating processes minimising false positives and building data flows that ensure findings lead to actionable remediation. Troubleshoot complex tool issues independently.
  
  
• Influence Security Policy & Strategy: Actively contribute your subject matter expertise to the development and refinement of broader system data and cloud security policies and strategic initiatives ensuring they are informed by practical implementation challenges and realities.
  
  
• Embed Secure Architecture: Serve as a security authority during design phases. Proactively review proposed architectures features and system designs applying security principles and best practices (e.g. defense-in-depth least privilege secure-by-default). Recommend secure design patterns technologies and configurations collaborating closely with development and platform teams to embed security from the start.
  
  
• Oversee & Interpret Security Testing: Plan scope conduct or commission comprehensive security tests (e.g. penetration tests vulnerability assessments code reviews) for your projects and pipelines. Critically analyse and interpret complex results from various testing sources validate findings rigorously and translate technical risks into business impact. Guide junior engineers effectively through the testing process.
  
  
• Mentor Junior Engineers: Actively mentor associate and mid-level security engineers. Provide technical guidance on security concepts and tools review their work (e.g. assessment reports proposed controls) share knowledge and experience and support their professional development within the team.
  
  
• Community of Practice: Contribute to the security engineering Community of Practice (CoP) by leading discussions sharing practices offering firsthand experience to the wider community engaging in knowledge exchange / cross-pollination to further your craft. Create content and and individually contribute to the stated successful outcomes for this CoP

Lets talk about whats in it for you

Well pay you between 53000 and 76000 depending on your specific skills and experience.

We keep our pay ranges broad on purpose to give us and you flexibility to match your experience to our zero carbon mission.

Youll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVOand theres flex pay. Well give you 9% Flex Pay on top of your salary 4% of this is auto enrolled into your pension and the remaining 5% is yours to do what you like with. You can use this to buy from our extensive range of flexible benefits including our green benefits which weve put at the heart of our offering add to your pension or even take it as cash.

Heres a taster of whats on offer:

For starters youll get 34 days of holiday (including bank holidays).

For your health
With benefits like a healthcare cash plan or private medical insurance depending on your career level critical illness cover life assurance health assessments and more

For your wellbeing
With gym membership travel insurance workplace ISA will writing services dental insurance and more

For your lifestyle
With extra holiday buying discount dining home & tech loans and supporting your favourite charities with give-as-you-earn donations

For your home
Get up to 400 towards any OVO Energy plan plus great discounts on solar smart thermostats and EV chargers

For your commute
Nab a great deal on ultra-low emission car leasing plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people we need to listen to each others experiences and find ways to build a truly inclusive and diverse workplace. As part of this we have 8 Belonging Networks at OVO. Led by our people for our people - so when you join OVO you can play a part - big or small - with any of the Networks. Its up to you.

Oh and one last thing...

Wed be thrilled if you tick off all our boxes yet we also believe its just as important we tick off all of yours. And if you think you have most of what were looking for but not every single thing go ahead and hit apply. Wed still love to hear from you!

If you have any additional requirements theres a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible.

Required Experience:

Senior IC