Cybersecurity (Secure Software/Cloud Integration) Engineer

Overview

Expleo is a trusted partner for end-to-end, integrated engineering, quality services, and management consulting for digital transformation. We help businesses harness unrelenting technological change to deliver innovations that provide a competitive advantage and improve everyday life worldwide. As part of the Expleo Digital and Emerging Technology (DET) team, you will report to the Head of Cybersecurity and play a key role within our forward-leaning Cybersecurity Practice. In this role, you will support the design and implementation of secure software development processes and cloud-native integration patterns for clients across multiple sectors.This is a hands-on, delivery-focused role where you will embed DevSecOps principles into engineering pipelines, guide secure software development lifecycle (SSDLC) practices, and advise on adopting security tooling across cloud and hybrid environments. You will work closely with development, DevOps, and platform teams to uplift security maturity, enabling secure and scalable software delivery aligned with industry standards and compliance requirements. The role offers the opportunity to influence secure software design from concept to deployment, enabling real-world transformation of engineering practices and security culture across diverse digital programs.

Responsibilities

• Embed security practices into software development pipelines by integrating DevSecOps principles, automation tools, and governance controls.
• Support the definition, implementation, and continuous improvement of secure software development lifecycle (SSDLC) processes across internal and client delivery teams.
• Advise on secure architecture patterns and controls for cloud-native, containerised, and hybrid applications, aligned with industry standards and best practices.
• Collaborate with engineering, DevOps, and platform teams to guide the adoption of security tooling across CI/CD environments.
• Conduct reviews of application architecture, infrastructure-as-code, and security configurations to identify risks and support remediation planning.
• Provide input into security design decisions, threat modelling sessions, and architectural governance forums.
• To support engineering teams and deliver clear, practical documentation, including secure development standards, integration guidelines, and process artefacts.
• Stay informed on the evolving threat landscape, cloud security trends, and software security vulnerabilities to ensure contemporary and effective delivery.
• Participate in client workshops, knowledge-sharing sessions, and cross-functional engagements to build capability and promote a secure development culture.
• Contribute to continuous internal improvement initiatives within the cybersecurity practice, helping enhance methods, tooling, and DevSecOps delivery frameworks

Qualifications

• A degree (or equivalent experience) in Cybersecurity, Computer Science, Software Engineering, or a related technical discipline.
• Recognised industry certifications in cybersecurity or application security (CompTIA, ISC2, GIAC, ISACA, or CREST).
• Highly desirable are certifications related to secure development and cloud security (CSSLP, AZ-500, SC-100/SC-200, AWS Security, GCSA, GCLD, or similar).
• Familiarity with secure coding standards (OWASP, SEI CERT) and SSDLC models (Microsoft SDL, NIST 800-218 SSDF).
• Knowledge or experience of Product Assurance Schemes (PAS) or product security frameworks (PAS 754, PAS 1296, or similar) is desirable.
• DevOps, DevSecOps, or platform certifications (Kubernetes, Terraform, Azure DevOps, GitHub Actions) are advantageous.
• Evidence of continued professional development aligned with software and cloud security trends, tooling, and threat awareness.

Essential skills

• Strong understanding of secure software development principles and the software development lifecycle (SDLC/SSDLC).
• Hands-on experience integrating security tools and controls into CI/CD pipelines.
• Proficiency in modern DevOps environments.
• Practical experience with cloud security concepts and controls across at least one major cloud platform (AWS, Azure, or GCP).
• Solid grasp of secure coding practices and common software vulnerabilities.
• Ability to assess code, configurations, and architecture for security issues and provide practical remediation guidance.
• Strong documentation and communication skills to produce secure development standards, process guidance, and developer-facing artefacts.
• Ability to collaborate with software engineers, DevOps teams, and architects to embed security into agile and DevSecOps workflows.
• Comfortable working in fast-paced delivery environments, adapting to changing technologies, frameworks, and client contexts.

Desired skills

• Familiarity with infrastructure-as-code (IaC) security practices and tooling.
• Knowledge of container orchestration platforms and associated security tooling.
• Awareness of compliance and assurance frameworks relevant to secure software.
• Understanding cloud-native security services and architectures, including Zero Trust models and shift-left security practices.
• Exposure to secure software supply chain practices, including code provenance, dependency management, and SBOM generation.
• Ability to support security awareness and up-skilling across engineering teams through mentoring, workshops, or documentation.

Experience

• Experience in cybersecurity, secure software engineering, or cloud security roles, with a strong emphasis on delivery.
• Demonstrable experience embedding security controls and tooling into software development pipelines and DevOps environments.
• Hands-on experience implementing or supporting secure development processes (SSDLC), code review practices, or CI/CD security integration.
• Proven involvement in cloud-native or hybrid solution development with exposure to major cloud platforms.
• Experience collaborating with developers, DevOps, architects, and platform teams to design and implement secure software solutions.
• Exposure to application security tooling (SAST, DAST, SCA), cloud security services, and infrastructure-as-code security practices.
• Track record of contributing to security documentation, standards, developer enablement, or secure coding artefacts.
• Familiarity with agile or DevOps-based delivery models and working across multiple stakeholders or client environments.
• Experience contributing to internal capability building, reusable templates/toolchains, or developer enablement initiatives.
• Experience conducting or contributing to threat modelling exercises (DREAD, STRIDE-LM, PASTA) as part of design and architecture reviews.

What do I need before I apply

• You must have the right to work in the UK.
• A strong foundation in cybersecurity engineering or infrastructure security, with practical delivery experience.
• A proactive and adaptable mindset, with the ability to work independently across diverse client environments.  A passion for delivering high-quality, standards-aligned cybersecurity solutions that make a tangible impact.

Benefits

• Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges 
• We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects 
• Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses 
• Competitive company benefits
• Always working as one team, our people are not afraid to think big and challenge the status quo

 

• As a Disability Confident Committed Employer we have committed to:
• Ensure our recruitment process is inclusive and accessible
• Communicating and promoting vacancies
• Offering an interview to disabled people who meet the minimum criteria for the job
• Anticipating and providing reasonable adjustments as required
• Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”. 

 

We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive

#LI-BM1