Senior Security Engineer

Role OVO-View

Salary banding: £53,000 - £76,000

Experience: Senior

Working pattern: Full-Time

Reporting to: Senior Security Engineer

Sponsorship: Unfortunately we are unable to offer sponsorship for this role.

This role in 3 words: Code, Cloud, Security

Top 3 qualities for this role: Problem Solving, Challenger, Curiosity

 

Where you’ll work:

Depending on the needs of your business area, we expect hub based people to be in the office at least once a week, and to go to OVO Connection events in-person. 

You’ll be assigned to the closest one of our three hub offices, Bristol, Glasgow, or London; unless your role requires field-based work. Each hub has accessible spaces to park your laptop, is designed to inspire people, help them connect and bring big ideas to life.

 

Everyone belongs at OVO

At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

 

Teamworking for the planet

Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:

We’re hiring creators and challengers who deliver high-impact, well-engineered solutions. Every role we’re hiring puts people at the heart of our security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with secure technology!

 

This role in a nutshell:

The security engineering team collaborates with OVO’s Engineering teams to secure the design and configuration of OVO applications, infrastructure and to secure access to OVO’s resources. As a senior security engineer you will pioneer an innovative and inclusive security culture, inspire with compelling security solutions and land secure defaults and designs in data and cloud native engineering teams’ code, CI/CD and infrastructure. You will personally excel at implementing reliable tools to prevent, mitigate or automatically remediate misconfigurations and vulnerabilities. You will champion operational excellence across all OVO-built and accessed applications and infrastructure. 

 

Your key outcomes will be:

• Minimise Security Risk Exposure: Proactively identify, assess, and drive the mitigation of complex security risks within key products and systems through continuous attack, exposure and controls monitoring, expert assessment, threat modelling, and leading remediation efforts.
• Strengthen Secure Foundations: Champion and embed robust security architecture principles, secure development lifecycle (SDL) practices, and practical standards within development teams to build security in from the start.
• Enhance Security Operations & Team Capability: Optimise security tooling and processes within your domain for effectiveness and efficiency, while accelerating the development of junior engineers through active mentorship and guidance.

Systems: Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list):

• Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz)
• GCP and AWS native security and compliance monitoring
• CI/CD product development pipelines and automation
• Identity and Access Management and Privileged Access Management platforms
• SaaS discovery, context-aware access and continuous access evaluation, SaaS and Cloud security event monitoring and security posture management
• Application Security Verification Standard and related technologies
• Web Application Firewall (e.g. Cloudflare, Cloud Armor)
• Data and AI security (eg DSPM, DLP, Model Armor)
• Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR)
• Endpoint, Cloud and Identity Detection and Response
• Issue and Project Tracking (Jira)

 

You’ll be a successful Senior Security Engineer at OVO if you …

• Develop & Maintain Security Standards: Define, document, socialise, and maintain specific security standards, baselines, and procedures tailored to your assigned products or teams. Ensure these align with broader organisational policies while providing practical, actionable tools and guardrails for developers and engineers.
  
  
• Lead Risk Assessments & Threat Modelling: Independently plan and conduct in-depth security risk assessments (evaluating likelihood and impact) and perform routine, detailed threat modelling (including attack path analysis) for key projects, features, and applications. Analyse complex findings, prioritise risks effectively, and architect practical, proportionate mitigation strategies.
  
  
• Manage & Optimise Security Tooling: Take full ownership of configuring, operating, tuning, and maintaining relevant security tools (e.g., SAST, DAST, IAST, SCA, vulnerability scanners, CNAPP, CADR and WAF policies) within your domain. Focus on integrating tools seamlessly into CI/CD pipelines, automating processes, minimising false positives, and building data flows that ensure findings lead to actionable remediation. Troubleshoot complex tool issues independently.
  
  
• Influence Security Policy & Strategy: Actively contribute your subject matter expertise to the development and refinement of broader system, data, and cloud security policies and strategic initiatives, ensuring they are informed by practical implementation challenges and realities.
  
  
• Embed Secure Architecture: Serve as a security authority during design phases. Proactively review proposed architectures, features, and system designs, applying security principles and best practices (e.g., defense-in-depth, least privilege, secure-by-default). Recommend secure design patterns, technologies, and configurations, collaborating closely with development and platform teams to embed security from the start.
  
  
• Oversee & Interpret Security Testing: Plan, scope, conduct, or commission comprehensive security tests (e.g., penetration tests, vulnerability assessments, code reviews) for your projects and pipelines. Critically analyse and interpret complex results from various testing sources, validate findings rigorously, and translate technical risks into business impact. Guide junior engineers effectively through the testing process.
  
  
• Mentor Junior Engineers: Actively mentor associate and mid-level security engineers. Provide technical guidance on security concepts and tools, review their work (e.g., assessment reports, proposed controls), share knowledge and experience, and support their professional development within the team.
  
  
• Community of Practice: Contribute to the security engineering Community of Practice (CoP) by leading discussions, sharing practices, offering firsthand experience to the wider community, engaging in knowledge exchange / cross-pollination to further your craft. Create content and and individually contribute to the stated successful outcomes for this CoP

 

Let’s talk about what’s in it for you

We’ll pay you between £53,000 and £76,000, depending on your specific skills and experience.

We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. 

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay. We'll give you 9% Flex Pay on top of your salary – 4% of this is auto enrolled into your pension, and the remaining 5% is yours to do what you like with. You can use this to buy from our extensive range of flexible benefits, including our green benefits which we've put at the heart of our offering, add to your pension or even take it as cash.

Here’s a taster of what’s on offer: 

For starters, you’ll get 34 days of holiday (including bank holidays).

For your health
With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more

For your wellbeing
With gym membership, travel insurance, workplace ISA, will writing services, dental insurance, and more

For your lifestyle
With extra holiday buying, discount dining, home & tech loans, and supporting your favourite charities with give-as-you-earn donations

For your home 
Get up to £400 towards any OVO Energy plan, plus great discounts on solar, smart thermostats and EV chargers

For your commute
Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.

Oh, and one last thing...

We’d be thrilled if you tick off all our boxes, yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you!

If you have any additional requirements, there’s a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible.