Senior Cyber Security Engineer

About Us

Here at the FT, gold-standard journalism is just the beginning. 500-people strong, our Product & Tech team keeps us ahead of the ever-changing digital landscape by delivering cutting-edge products to over one million digital subscribers every day. Our plans for growth rely on a diverse, dedicated and dynamic group of product, tech, delivery and data specialists - everyone’s welcome in this friendly, forward-thinking team. And with entrepreneurial spirit, intelligence and opportunity at every turn, there’s no limits to where your FT career will take you.

The Role Overview

We’re looking for a senior-level application-security engineer who can weave security into our cloud-native, AWS-hosted stack and GitHub-based CI/CD pipelines. You’ll focus on shaping guard-rails—like SAST, Dependency scanning, secret scanning and IaC checks—so that every build and deploy is secure by default. Day-to-day, you’ll collaborate closely with product and platform engineers to run lightweight threat-model sessions, refine security playbooks and champion secure-coding habits, without acting as a gatekeeper or spending hours in code review. Alongside your technical work, you’ll line-manage and mentor one or two security engineers, helping them grow while keeping your own hands firmly on the tools that keep our AppSec programme maturing.

What you’ll bring to the role

• Security advocate at heart : you enjoy pairing with developers, explaining risks in plain language and nudging teams toward secure-by-default habits
  
  
• Programme builder : you’ve helped mature an AppSec programme before- writing playbooks, tracking metrics and iterating on policy
  
  
• Threat-modelling & testing skills : comfortable running STRIDE sessions and interpreting pentest results to drive fixes
  
  
• Pipeline security know-how : hands-on knowledge of security tooling in CI/CD
  (such as SAST, SCA, Secret scanning, and DAST)
• Cloud & IaC awareness: Solid grasp of AWS security fundamentals, with enough familiarity to spot common misconfigurations in Terraform/CloudFormation without needing deep IaC expertise.
  
  
• Scripting for automation : write practical Python utilities to reduce toil and surface real risk.
  
  

Key Responsibilities

• Build & maintain security tooling – write robust, well-tested solutions that developers and the wider business can use.
  
  
• Embed controls in CI/CD – keep SAST/SCA and secrets-scanning checks green and tuned for low noise.
  
  
• Evangelise & educate – run threat-model workshops, brown-bag sessions and maintain up-to-date guidance docs.
  
  
• Track & triage vulnerabilities – own the backlog from security tooling findings, bug-bounty reports and third-party advisories through to closure.
  
  
• Harden cloud & IaC – review AWS designs, set guardrails and champion secure Terraform/CloudFormation patterns.
  
  
• Incident support – provide application-layer expertise during security incidents and feed lessons learned back into tooling.
  
  
• Security mentorship and leadership: Able to coach 1–2 security engineers if needed, while also mentoring engineers across the wider org on secure practices, threat modeling, and security-first thinking.
• Collaborate on architecture – contribute security input to design reviews and larger technical decisions across the FT.

Candidate Profile

Essential

• Strong communication and collaboration skills.
• Proficiency in  a scripting language, such as  Python.
• Hands-on AWS security experience and IaC best practices.
• Experience integrating security tooling into CI/CD workflows.
• Demonstrated delivery of threat-modelling sessions and application pentests.
• Familiarity with Agile/Scrum ways of working.

Desirable

• AWS Certified Security – Specialty
• Terraform expertise.
• Incident-management experience.
• Knowledge of container/Kubernetes security.
• Experience with Splunk.

What’s in it for you? Our Benefits

• Annual bonus scheme
• 25 days paid leave
• 24/7 Employee Assistance Program
• Life Insurance
• Enhanced Parental Leave policy
• Food Allowance
• Multisport Card
• Both in house and external training programs
• Your own training dedicated budget (for conferences, courses etc.)

Further Information

The FT is committed to providing an inclusive working environment for all. We are an equal opportunities employer who seeks to recruit and appoint the best talent regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio-economic background, religion and/or belief. We have implemented a hybrid working model and we also promote flexible working and will consider specific requests around flexibility for all roles where it can be accommodated. Please let us know if you require any adjustments as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements, or have any questions, please send an email to talent@ft.com and a member of our team will be happy to help.

#LI-MG1