Security Engineer

Overview: As Security Engineer in the IP Development team, you will be responsible for embedding security best practices across our platforms and development lifecycle. Your focus will be on ensuring that applications, infrastructure, and data are designed, built, and operated securely. You will work closely with Engineering Managers, the Principal Developer, Software Architect, and DevOps teams to identify and reduce security risks, proactively detect vulnerabilities, and support the delivery of secure, resilient systems. You will also collaborate with the Head of Product Delivery and wider security and IT teams across Bell to ensure alignment with organisational policies, standards, and compliance requirements. In this role, you will act as the primary driver of security practices within the team, taking a proactive and enabling approach to help teams build secure solutions by design while continuously improving our overall security posture. Responsibilities:

• Embed security best practices into the software development lifecycle, from design through to deployment and operation
• Identify, assess, and prioritise security risks and vulnerabilities across applications, infrastructure, and environments
• Proactively hunt for vulnerabilities using a combination of automated tooling and targeted manual analysis
• Own and drive the implementation and effectiveness of security tooling (e.g. SAST, DAST, dependency scanning, secrets management)
• Work closely with Engineering Managers and developers to ensure vulnerabilities are understood, prioritised, and remediated effectively
• Contribute to defining and evolving security standards, guidelines, and controls across the team, aligned to engineering governance
• Collaborate with the Head of Product Delivery, Principal Developer, and Software Architect to ensure security is considered in architectural and technical decisions
• Align with central security and IT teams on policies, audits, and compliance requirements, ensuring these are applied pragmatically within the development environment
• Support security reviews of architecture, designs, and new features to identify risks early in the lifecycle
• Assist in incident response and investigation where security-related issues arise
• Promote a security-first mindset through guidance, knowledge sharing, and practical support to development teams
• Continuously assess and improve the team's security posture through monitoring, feedback, and iteration
• Where appropriate, use modern tooling to support threat detection, analysis, and security automation

• Experience in a security engineering, application security, or related role within a software development environment
• Strong understanding of secure software development practices and common vulnerabilities (e.g. OWASP Top 10)
• Experience with security testing and scanning tools (e.g. SAST, DAST, dependency scanning)
• Knowledge of cloud security principles, particularly within AWS and/or Azure environments
• Understanding of container security and modern deployment practices
• Experience identifying and remediating security vulnerabilities across applications and infrastructure
• Familiarity with identity and access management, authentication, and authorisation concepts
• Experience working with secrets management and secure handling of sensitive data
• Ability to collaborate effectively across engineering leadership (Engineering Managers, Principal Developer, Architect) and delivery teams
• Strong problem-solving skills and a proactive approach to identifying and mitigating risks
• Comfortable working in environments with evolving requirements and emerging security challenges
• Strong communication skills, with the ability to explain security risks and recommendations clearly
• Awareness of security compliance, audit, and governance requirements
• Experience using modern tools to support security analysis, automation, or monitoring, or a strong interest in developing these capabilities