Senior Cyber Security Engineer

About Us

Here at the FT gold-standard journalism is just the beginning. 500-people strong our Product & Tech team keeps us ahead of the ever-changing digital landscape by delivering cutting-edge products to over one million digital subscribers every day. Our plans for growth rely on a diverse dedicated and dynamic group of product tech delivery and data specialists - everyones welcome in this friendly forward-thinking team. And with entrepreneurial spirit intelligence and opportunity at every turn theres no limits to where your FT career will take you.

The Role Overview

Were looking for a senior-level application-security engineer who can weave security into our cloud-native AWS-hosted stack and GitHub-based CI/CD pipelines. Youll focus on shaping guard-railslike SAST Dependency scanning secret scanning and IaC checksso that every build and deploy is secure by default. Day-to-day youll collaborate closely with product and platform engineers to run lightweight threat-model sessions refine security playbooks and champion secure-coding habits without acting as a gatekeeper or spending hours in code review. Alongside your technical work youll line-manage and mentor one or two security engineers helping them grow while keeping your own hands firmly on the tools that keep our AppSec programme maturing.

What youll bring to the role

• Security advocate at heart : you enjoy pairing with developers explaining risks in plain language and nudging teams toward secure-by-default habits
  
  
• Programme builder : youve helped mature an AppSec programme before- writing playbooks tracking metrics and iterating on policy
  
  
• Threat-modelling & testing skills : comfortable running STRIDE sessions and interpreting pentest results to drive fixes
  
  
• Pipeline security know-how : hands-on knowledge of security tooling in CI/CD
  (such as SAST SCA Secret scanning and DAST)
• Cloud & IaC awareness: Solid grasp of AWS security fundamentals with enough familiarity to spot common misconfigurations in Terraform/CloudFormation without needing deep IaC expertise.
  
  
• Scripting for automation : write practical Python utilities to reduce toil and surface real risk.
  
  

Key Responsibilities

• Build & maintain security tooling write robust well-tested solutions that developers and the wider business can use.
  
  
• Embed controls in CI/CD keep SAST/SCA and secrets-scanning checks green and tuned for low noise.
  
  
• Evangelise & educate run threat-model workshops brown-bag sessions and maintain up-to-date guidance docs.
  
  
• Track & triage vulnerabilities own the backlog from security tooling findings bug-bounty reports and third-party advisories through to closure.
  
  
• Harden cloud & IaC review AWS designs set guardrails and champion secure Terraform/CloudFormation patterns.
  
  
• Incident support provide application-layer expertise during security incidents and feed lessons learned back into tooling.
  
  
• Security mentorship and leadership: Able to coach 12 security engineers if needed while also mentoring engineers across the wider org on secure practices threat modeling and security-first thinking.
• Collaborate on architecture contribute security input to design reviews and larger technical decisions across the FT.

Candidate Profile

Essential

• Strong communication and collaboration skills.
• Proficiency in a scripting language such as Python.
• Hands-on AWS security experience and IaC best practices.
• Experience integrating security tooling into CI/CD workflows.
• Demonstrated delivery of threat-modelling sessions and application pentests.
• Familiarity with Agile/Scrum ways of working.

Desirable

• AWS Certified Security Specialty
• Terraform expertise.
• Incident-management experience.
• Knowledge of container/Kubernetes security.
• Experience with Splunk.

Whats in it for you Our Benefits

• Annual bonus scheme
• 25 days paid leave
• 24/7 Employee Assistance Program
• Life Insurance
• Enhanced Parental Leave policy
• Food Allowance
• Multisport Card
• Both in house and external training programs
• Your own training dedicated budget (for conferences courses etc.)

Further Information

The FT is committed to providing an inclusive working environment for all. We are an equal opportunities employer who seeks to recruit and appoint the best talent regardless of age gender ethnicity disability sexual orientation gender identity socio-economic background religion and/or belief. We have implemented a hybrid working model and we also promote flexible working and will consider specific requests around flexibility for all roles where it can be accommodated. Please let us know if you require any adjustments as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions please send an email to and a member of our team will be happy to help.

#LI-MG1