We are seeking a Principal Security Engineer to lead and drive security engineering efforts across our cloud and application environments. This strategic, hands-on role requires expertise in cloud security, secure development practices, and the implementation of advanced security controls. You will serve as a leader within the Consumer Security Engineering team, driving security initiatives across cloud platforms, microservice architectures, digital products, application security, and enterprise security.

You will define and build comprehensive security strategies in collaboration with developers, DevSecOps engineers, ensuring that security is seamlessly integrated into our CI/CD pipelines and all layers of infrastructure. Additionally, you will supervise security tool management and ensure cyber resiliency for consumer applications. A deep understanding of Google Cloud Security, Application Security, API security, and customer security systems is crucial.

Who we are

The UK’s fastest broadband network. The nation’s best-loved mobile brand. And, one of the UK’s biggest companies too.

Diverse, high performing teams - jam packed with serious talent. Together, we offer the UK more choice and better value, through our boundary-pushing, customer-championing values and ambitions.

Together, we are Virgin Media O2, and we can’t wait to see what you can do.

Accessible, inclusive and equitable for all

The must haves

In order to be considered, you must have the following experience;

Key Responsibilities:

• Proven experience as a Principal Security Engineer or similar role, with hands-on experience in security architecture, engineering, and operations.
• Expertise in Google Cloud Platform (GCP) security, with knowledge of AWS and/or Azure security practices as a plus.
• Strong background in DevSecOps, with experience in integrating security into CI/CD pipelines using tools like Jenkins, GitLab, or similar.
• Experience implementing and managing SAST/DAST tools and processes to secure application development.
• Deep understanding of application security, including secure coding practices, OWASP Top 10, and API security standards.
• Knowledge of Customer Identity and Access Management (CIAM) solutions and API security frameworks.
• Knowledge of one or more programming languages with the ability to review and implement secure code.
• Strong understanding of security automation, orchestration, and continuous monitoring tools (e.g., SIEM, SOAR).

The other stuff we are looking for

We’d also love you to bring;

• Deep understanding of application security, including secure coding practices, OWASP Top 10, and API security standards.
• Knowledge of Customer Identity and Access Management (CIAM) solutions and API security frameworks.
• Knowledge of one or more programming languages with the ability to review and implement secure code.
• Strong understanding of security automation, orchestration, and continuous monitoring tools (e.g., SIEM, SOAR).

What’s in it for you

As you’re already a valued member of the Virgin Media O2 crew, you’ll know lots about the amazing stuff we do to take care of our people. If you need a reminder, head on over to the benefits portal via the main intranet site.

Next steps

Once you’ve applied the next steps of the process, if successful, are likely to include an initial introductory call followed by two technical rounds.

This opportunity is open to all employees. However, we will be prioritising any at risk employees who meet the minimum criteria which are outlined above.

If you’ve got any burning questions or require reasonable adjustments to support you through the recruitment process, please drop the recruiter a note.