Principal Security Engineer

Join OneAdvanced We’re looking for an exceptional Principal Security Engineer , someone with the mindset of an elite hacker and the discipline of a seasoned architect. In this role, you will own the security posture of our entire Platform: from the infrastructure powering our private and public cloud to the services and developer experiences that sit on top of it. This is not governance. This is not audit. This is hands-on, offensive, defensive, and architectural. The person who can break what we build before anyone else can, and then show us exactly how to fix it. You will act as the strategic and technical bridge between Platform Engineering and our central Security function, ensuring alignment, compliance, and proactive control. When an incident arises or a pen test drops, you’re already ahead… diagnosing, fixing, and strengthening. What You Will Do Security Leadership & Ownership Own the end-to-end security posture across infrastructure, networking, data, and application layers. Serve as the primary interface between Platform Engineering and the Security organisation. Drive continuous improvement in security maturity, embedding best practices into design, development, and operations. Lead security reviews for all platform services and ensure secure-by-design delivery. Technical Expertise & Execution Perform hands-on offensive security testing across services and infrastructure. Own and manage vulnerability outputs from Qualys and similar tooling; prioritise remediation and drive accountability. Define and enforce secure coding practices across platform teams. Architect secure designs across: Networking (segmentation, firewalling, zero-trust, ingress/egress) IAM (SSO, MFA, least privilege, roles) Data security (encryption, tokenisation, key management) Secrets and privileged access (e.g., Delinea, Vault) Collaborate with cloud teams to ensure secure configuration across AWS, Azure, and GCP edge services. Build automation for scanning, compliance, and policy enforcement within CI/CD. Mentor engineers and uplift security capability across the organisation. Governance & Collaboration Maintain clear documentation of security posture, architecture, and mitigations. Align with Security Operations, Compliance, and Risk teams regarding ISO27001, SOC2, NIST, and CIS. Lead technical aspects of any security incidents. Educate teams on emerging threats and best-practice mitigation techniques. What You Will Have 10+ years in cybersecurity or secure systems engineering, ideally in cloud, SaaS, or complex hybrid environments. Proven experience securing large-scale multi-cloud (AWS, Azure, ideally GCP) environments. Offensive security capability: able to exploit, assess, and harden systems across the stack. Strong understanding of application security, OWASP Top 10, SSRF, RCE, privilege escalation, etc. Hands-on DevSecOps experience embedding automation into pipelines. Expertise across IAM, encryption, secrets management, key rotation, and zero-trust. Experience with vulnerability management (Qualys, Tenable) and operationalising findings. Strategic mindset with the ability to translate threat insights into engineering action. Certifications (OSCP, CISSP, AWS Security Specialty) are beneficial but not essential. What We Do For You Wellbeing focused – Our people are our greatest assets, and ensuring everyone feels their best self to come to work is integral Annual Leave – 25 days of annual leave, plus public holidays and the ability to buy additional days Employee Assistance Programme – Free advice, support, and confidential counselling available 24/7 through Care First Endometriosis Friendly Employer - We are proud to confirm our commitment to developing an environment and culture that allows those with endometriosis to thrive in the workplace Personal Growth - Regardless of where you are at in your career, we’re committed to enabling your growth personally and professionally Development Programmes – From Future Managers to Leadership Training, our development programmes help you get where you need to go Performance Bonus – Our Group-wide bonus scheme enables you to reap the rewards of your success Financial wellbeing - We understand as well as your mental wellbeing, your financial wellbeing is really important Pension Scheme – Our plan with Scottish Widows offers 5% matched contribution by the company Income protection insurance – Providing you with support and assistance when you need it most Recognition – Highlighting and rewarding the great work our people do Performance & Talent – Our own technology platform that allows you to get real-time feedback, conversations and goals to help you become your best self Making a Difference – we provide opportunities to help our people make a difference to the causes they care about MatchIt – Fundraise for a cause close to your heart and Advanced will match part of the funding Volunteering Time – Our volunteering leave scheme allows you to use your time to help those who need it Pennies from Heaven – donate the pennies from your pay check to help make a difference without lifting a finger Who We Are OneAdvanced is one of the UK's largest providers of business software and services serving 20,000+ global customers with an annual turnover of £330M+. We manage 1.5 million 111 calls per month, support over 2 million Further Education learners across the UK, handle over 10 million wills, and so much more. Our mission is to power the world of work and, as you can see, our software underpins some of the UK's most critical sectors. We invest in our brilliant people. They are at the heart of our success as we strive to be a diverse, inclusive and engaging place to work that not only powers the world of work, but empowers the growth, ambitions and talent of our people. To learn more about working at OneAdvanced please click here