Senior Digital Platform Security Engineer

Company Description

At Frasers Group we’re rethinking retail. Through digital innovation and unique store experiences, we’re serving our consumers with the world’s best sports, premium and luxury brands globally. As a leader in the industry, we’re elevating the retail experience for our consumers through our collection of established brands, including Sports Direct, FLANNELS, USC, Frasers, and GAME.

Why join us?

Our mission- we are building the worlds most admired and compelling brand ecosystem

Our purpose – we are elevating the lives of the many with access to the world’s best brands and experiences

At Frasers Group, we fear less and do more. Our people are forward thinkers who are driven to operate outside of their comfort zone to change the future of retail, embracing challenges along the way. The potential to elevate your career is massive, the experience unrivalled. To be able to make the most of it you need to live and breathe our principles:

• Think without limits - Think fast, think fearlessly, and take the team with you
• Own it and back yourself - Own the basics, own your role and own the results
• Be relevant - Relevant to our people, our partners and the planet

Are you ready to join the Fearless?

Job Description

Frasers Group prides itself on the use of cutting edge and innovative IT solutions, these help drive the business forward and are continuously looking at the benefits new technology can provide.  

With our ongoing Expansion and Elevation Strategy, we are currently seeking a Senior Digital Platform Security Engineer to join our Digital Platform Security Team. With the Platform protecting over close to 50 websites alongside a near 4Bn annual turnover, ensuring these sites are secure as well as running optimally is our upmost importance. Our growing team of engineers is looking for the perfect colleague to help with the continuing growth as well as our technology transformation journey.   

The role involves; 

• Collaborating with network/security architects to design and implement complex and thorough solutions to support the business 
• Own complex tasks in the backlog and deliver them routinely with no significant issues 
• Drive solutions through experimentation and innovation as a culture 
• Solve problems collaboratively and communicate decisions to stakeholders 
• Deliver shift-left security capabilities to platform and product 
• Creating standards for fellow members of staff to follow and abide by 

Communication with clients and colleagues involved in provisioning activities is essential, therefore articulating in a clear written, verbal, or non-verbal manner is important. 

This role is available on a hybrid basis, 3 days on-site and 2 days remote, at our Shirebrook HQ 

Qualifications

Required Experience:

• Demonstrated expertise in designing, implementing, and managing CDNs, particularly with platforms like Akamai. Experience with other CDN platforms is also appreciated.
• Ability to analyse and optimise CDN performance metrics to ensure high availability and low latency.     
• Practical experience in domain administration, including domain transfers and the implementation of advanced features like DNSSEC, SPF flattening, and DMARC.
• Knowledge of domain reputation management and strategies to prevent domain spoofing and phishing attacks.
• Solid background in networking, with experience in Internet routing, DNS, load balancing, CDN, Web Application Firewalls (WAF), and DDoS prevention. Proficient in troubleshooting web transactions and API calls.
• Extensive knowledge of cryptography, including X.509 certificates, digital signatures, securing TLS/SSL parameters, and certificate pinning.
• In-depth understanding of public cloud deployments in AWS, GCP, and Azure. Familiarity with tooling that can provide global connectivity using traffic management tools.
• Experience in designing and implementing secure cloud architectures, including the use of cloud-native and cloud agnostic security services.

Desirable Technical Skills and Experience:

• Knowledge of automation tools and Infrastructure as Code (IaC) tools such as Terraform and Python.
• Experience with penetration testing tools, particularly Burp Suite.
• Familiarity with compliance standards such as PCI DSS, GDPR, and ISO 27001.
• Experience with Kubernetes deployments and a strong understanding of how to secure them.
• Knowledge of container security best practices and tools for securing Kubernetes environments.
• Experience with SIEM tools such as Splunk, ELK Stack, or QRadar for monitoring and analyzing security events.
• Awareness of OWASP projects, including the OWASP Top 10, Application Security Verification Standard (ASV), Mobile Application Security (MAS), and API Security. Understanding of best practices for mitigating these risks in web applications.
• Strong data manipulation skills with the ability to analyse and visualize large JSON or CSV datasets and find and correlate anomalous behaviours across diverse sets of data.
• Experience with observability tools such as Splunk, AppDynamics, and Honeycomb for monitoring, troubleshooting, and optimizing application performance and security.
• Desirable certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP).

Additional Information

Along with your benefits package we also offer a wide range of perks for our colleagues:

Reward, Recognition and Opportunities

Frasers Champion- Our employees are at the heart of our business and we ensure individuals are recognised every single month for their hard work. Frasers Champion is a peer nominated scheme where 8 winners will receive double their pay for a month where they have thought without limits, owned it or been relevant.

Fearless 1000 – By October 2025, we want our share price to hit £10. If that happens for 30 or more consecutive trading days, all colleagues across the business will receive a bonus! The top 1000 performers in the company will receive unprecedented bonuses, worth from £50,000 to £1million! Senior leaders across the business nominate these performers twice a year for embodying our core values and delivering exceptional performance*.

*subject to terms and conditions

Frasers Festival – an event like no other! Our Frasers Festival is our celebration for Head Office and Retail Staff across the UK and Europe – hosting a MEGA brand village, guest speakers from the world's biggest brands, evening entertainment, the ultimate Frasers Fearless Fitness Challenge and much more.

CEO Sessions – Once a quarter we offer 20 employees the opportunity to attend our “CEO Sessions” ran by our CEO and leadership team. Employees have the chance to connect, network and submit questions around specific topics such as our Sports or Luxury business.

Retail Reconnect – In order to build the planets most admired and compelling brand ecosystem, all employees must understand our business, product and customers. Each financial year, Head Office employees will gain insights by spending two days in one of our stores or the Warehouse. The goal is to learn how the work you do impacts our teams on the frontline, and to bring ideas back to the office which will improve how we work.

Employee Welfare

Frasers Fit – Our Everlast Gyms Team are on a mission to make our workforce the best, and fittest on the planet! We run free gym classes for employees as well as discounted memberships to our clubs. Frasers Fit is our wellbeing programme which aims to support and improve colleagues Physical, Financial & Mental wellbeing. The app is accessible for every employee and includes training, nutrition and lifestyle advice- all completely free.

Retail Trust – We know that its not just about physical health, mental wellness is equally important which is why all of our employees get free access and support from the Retail Trust charity. This includes a 24 hour wellbeing helpline, wellness hub, counselling and financial/legal support.

What’s next?

Our Recruitment Team will be reviewing applications and all candidates will receive a response, whether you are successful or unsuccessful. Shortlisted applicants may be asked to confirm a few key details before being booked in for a first stage interview with the Recruiter- this will be behaviourally focussed and centred around how you align with our Culture and Values. If successful we anticipate two further interview stages with the Hiring Manager/wider team which will be more technically focussed and could include a presentation/task so we can see your skills in action.