Senior Security Engineering Engineer

The Role

We are seeking a Senior Security Engineering Engineer to join the Application & Container Security Chapter, driving secure-by-design practices across software supply chains and container platforms.

In this role, you will provide cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures across applications, containers, Kubernetes, and cloud platforms in a hybrid multi-cloud environment.

You will play a key role in embedding:

• Shift-left security practices
• Security automation (auto-provisioning & auto-remediation)
• Software supply chain security (SAST, SCA, DAST)
• Container trust (signing & verification)
• Curated/hardened image strategies
• AI-driven security uplift capabilities

Key Responsibilities

Security Architecture & Governance

• Define and operationalise security controls within application and container architectures to protect organisational and customer assets.
• Drive security architecture standards and governance across major transformation initiatives.
• Contribute to security strategies, frameworks, and standards aligned with industry best practices (NIST, Zero Trust, Essential 8).

Application & Container Security Engineering

• Lead implementation of secure software supply chain controls across the Build–Ship–Run lifecycle.
• Define and enforce controls for:
• SAST (Static Application Security Testing)
• SCA (Software Composition Analysis)
• DAST (Dynamic Application Security Testing)
• Integrate security into CI/CD pipelines with automated policy enforcement and break-build capability.
• Implement container security controls across:
• CI/CD pipelines (build-time scanning)
• Image registries (continuous scanning)
• Runtime environments (agent/enforcer-based protection)
• Establish container trust mechanisms, including:
• Image signing and verification (e.g., Sigstore/Cosign concepts)
• Secure provenance and SBOM alignment
• Drive adoption of curated and hardened base images to reduce vulnerability exposure.
• Secure modern platforms including Kubernetes, Docker, microservices, and service mesh architectures.

Automation & AI-Driven Security Uplift

• Design and implement automated security provisioning and remediation across pipeline and runtime layers.
• Leverage AI/ML and agentic AI capabilities to:
• Improve vulnerability prioritisation (SAST/SCA/DAST findings)
• Enhance detection of runtime anomalies
• Automate security posture improvements across applications and containers
• Evaluate and onboard emerging AI-powered security tools aligned with the organisation’s security roadmap.

Continuous Improvement & Collaboration

• Drive adoption of modern security capabilities across engineering teams and platforms.
• Collaborate with DevOps, platform engineering, and cyber security teams to embed security into the SDLC.
• Stay current on emerging cloud-native threats, vulnerabilities, and security controls.

Essential Experience (Mandatory)

DevSecOps & Platform Experience

• 3+ years’ experience in Kubernetes/containerised environments.
• 3+ years’ experience as a DevOps or DevSecOps Engineer.
• Proven experience delivering end-to-end CI/CD pipelines.

Software Supply Chain Security

• Hands-on experience with:
• SAST (Static Application Security Testing)
• SCA (Software Composition Analysis)
• DAST (Dynamic Application Security Testing)
• Strong understanding of integrating SAST/SCA/DAST into CI/CD pipelines and developer workflows.
• Experience driving shift-left security and secure coding practices.

Container Security

• Strong understanding of container lifecycle security (Build → Ship → Run).
• Hands-on experience with:
• Kubernetes and Docker security
• Container runtime protection and vulnerability management
• Knowledge of:
• Container image signing and verification
• Software supply chain security concepts (SBOM, provenance)
• Curated/base image hardening strategies
• Strong cloud security fundamentals, including PKI, cryptography, and the shared responsibility model.

Cloud, IaC & Development

• Experience with AWS, Azure, and/or GCP cloud platforms.
• Strong Infrastructure-as-Code skills (Terraform, CloudFormation).
• Strong coding knowledge (Python, Go, or equivalent).
• Understanding of SRE practices and microservices architecture.

Security Knowledge

• Strong understanding of OWASP Top 10 and remediation techniques.
• Knowledge of frameworks such as:
• NIST Cybersecurity Framework
• Zero Trust principles
• Cloud Adoption Framework, AWS Well-Architected Framework, and Essential 8

Desirable

• Certified Kubernetes Administrator (CKA)
• Certified Kubernetes Security Specialist (CKS)
• Cloud Security Certifications (AWS, Azure, or GCP Security Specialty)
• DevSecOps certifications
• Experience with SLSA, SBOM, and software supply chain security frameworks
• Exposure to AI/ML and agentic AI cybersecurity use cases

Why Join the Application & Container Security Chapter?

• Drive secure software supply chain transformation at enterprise scale.
• Influence platform security across hundreds of engineering teams.
• Work on cutting-edge areas including container trust, curated images, and AI-driven security.
• Shape the future of cloud-native and DevSecOps security.