Senior Security Engineer

As a Senior Security Engineer, you will work in close collaboration with our technology teams to design and implement secure, cloud-based software solutions for our clients. Working as part of a multi-disciplinary Agile team, you will implement DevSecOps practices throughout the software development lifecycle, embedding security practices (e.g. vulnerability management, threat modelling etc.) and automating security artifact generation (e.g. secret scanning, container security, SAST, DAST etc.). You will provide subject matter expertise in application security or cloud security - sharing knowledge on threats and vulnerabilities, identifying appropriate security controls, and increasing cyber security awareness within teams.

Your key responsibilities will include:

• Daily collaboration with the application development and cloud platform teams to plan and prioritise security requirements as part of the secure software development lifecycle (SSDLC).
• Recommending security best practices for cloud platforms and automating compliance with cloud security baselines (e.g. CIS Benchmarks).
• Implementation of automated security tooling (e.g. within a Continuous Integration (CI) pipeline) to validate security requirements and identify potential issues.
• Working with external organisations to plan, scope and facilitate penetration tests.
• Reviewing the outputs from security tools and security practices. You will filter and prioritise these into security stories that can be understood and actioned by the delivery teams.
• Verifying the implementation of security principles, architectural patterns, and requirements.
• Driving the adoption of cyber security practices (e.g. vulnerability management, threat modelling etc.) within Agile delivery teams.
• Putting people first & developing others - You'll help coach and develop more junior members of the team.

• Experience of implementing application security or Cloud platform security.
• AI Security Engineer experience
• A detailed understanding of web application security.
• An understanding of modern cryptography and its application for encryption in-transit, encryption at-rest, hashing and digital signatures.
• An understanding of security practices such as threat modelling, vulnerability management, application security testing, and penetration testing.
• Experience of integrating application security tools (e.g. static analysis, dynamic analysis etc.) into the SSDLC.
• Experience of using modern version control systems (e.g. git) and either a scripting language (e.g. Bash, Powershell etc.), or a programming language (e.g. Python, Java, .NET, JS etc.), or an Infrastructure as Code language (e.g. Terraform, ARM Templates, Ansible etc.) to automate tasks.
• The ability to convey security issues to technical and non-technical people.

Desirable:

• An industry recognised qualification in Cyber Security.
• Experience in at least one industry vertical from Commercial, Public Sector or Defence
• AWS or Azure mid-level certifications.
• Participation in the cyber security community (e.g. OWASP, HackTheBox, CTFs etc.).
• Experience working with agile software development methodologies (e.g. Scrum or Kanban).

At Kainos, we're problem solvers, innovators, and collaborators - driven by a shared mission to create real impact. Whether we're transforming digital services for millions, delivering cutting-edge Workday solutions, or pushing the boundaries of technology, we do it together. We believe in a people-first culture, where your ideas are valued, your growth is supported, and your contributions truly make a difference. Here, you'll be part of a diverse, ambitious team that celebrates creativity and collaboration., At Kainos, we believe in the power of diversity, equity and inclusion. We are committed to building a team that is as diverse as the world we live in, where everyone is valued, respected, and given an equal chance to thrive. We actively seek out talented people from all backgrounds, regardless of age, race, ethnicity, gender, sexual orientation, religion, disability, or any other characteristic that makes them who they are. We also believe every candidate deserves a level playing field. Our friendly talent acquisition team is here to support you every step of the way, so if you require any accommodations or adjustments, we encourage you to reach out. We understand that everyone's journey is different, and by having a private conversation we can ensure that our recruitment process is tailored to your needs.