Lead Security Engineer

As a Lead Security Engineer (Consultant) in Kainos, you will be responsible for leading our security engineering and security testing efforts across Kainos Platforms and Services. They will set direction on our security testing methodology, engagement scoping, outputs and tool/technology selections, whilst developing our more junior security engineers accordingly.

They'll work with agile delivery teams to develop good security practices throughout the software development journey. As a technical leader in the team, you will share knowledge and help educate our customers and Kainos team members on good security practices.

You'll manage, coach and develop a small number of staff, with a focus on managing employee performance and assisting in their career development. You'll also provide direction and leadership for your team as you solve challenging problems together.

• Expertise in securing Web Applications and Cloud Platforms (e.g. AWS/Azure).
• Expertise of testing software and infrastructure security using existing manual or automated security tools, e.g. perform and document penetration tests on web-based applications, networks and computer systems.
• Expertise in assessing software and infrastructure source code from a security standpoint.
• Expertise in Continuous Security, Continuous Integration and Continuous Delivery techniques
• Knowledge of international security standards and regulations such as NCSC, NIST, CIS, PCI, GDPR, OWASP ASVS, HIPPA, SOC2 etc.
• Knowledge of typical cyber security attack vectors (e.g. OWASP Top 10, SQL, XSS, XXE, MITM etc.) and can articulate threats and risk via threat modelling exercises/workshops
• Excellent communication skills, with the ability to convey security complexities to audiences of various technical abilities.
• We are passionate about developing people - a demonstrated ability in managing, mentoring and coaching members of your team and wider community is important
• Good programming or scripting experience across Windows/Linux/MacOS
• Stays up to date with new threats and attack types.

DESIRABLE

• Penetration testing qualifications (e.g. OSCP, CREST, TIGER or equivalent)
• Experience of working with the external penetration test companies to translate report findings into actionable tasks.
• Experience with security tools (e.g. Burp Suite, OWASP-ZAP, NMAP, Nessus, Kali, Metasploit etc.)
• Knowledge about main cyber security areas (e.g. OSINT, network scanning, enumeration, sniffing, session hijacking, social engineering, firewalls, honeypots, IDS/IPS/WAF/AV/DLP, Cryptography/PKI,IoTthreats, trojans/viruses/worms/backdoors/ransomware, etc.)
• Active participation in knowledge sharing activities, both within the team and at a wider level
• Active in the security community - conference speaking, active sharing of knowledge externally
• Experience of working in an Agile environment

At Kainos, we're problem solvers, innovators, and collaborators - driven by a shared mission to create real impact. Whether we're transforming digital services for millions, delivering cutting-edge Workday solutions, or pushing the boundaries of technology, we do it together. We believe in a people-first culture, where your ideas are valued, your growth is supported, and your contributions truly make a difference. Here, you'll be part of a diverse, ambitious team that celebrates creativity and collaboration., At Kainos, we believe in the power of diversity, equity and inclusion. We are committed to building a team that is as diverse as the world we live in, where everyone is valued, respected, and given an equal chance to thrive. We actively seek out talented people from all backgrounds, regardless of age, race, ethnicity, gender, sexual orientation, religion, disability, or any other characteristic that makes them who they are. We also believe every candidate deserves a level playing field. Our friendly talent acquisition team is here to support you every step of the way, so if you require any accommodations or adjustments, we encourage you to reach out. We understand that everyone's journey is different, and by having a private conversation we can ensure that our recruitment process is tailored to your needs.