Security Engineer role at Contour Software focused on IT administration and security operations. Ensuring tools and systems are secure and aligned with best practices across the organization.
About the role
- Senior Cyber Security Consultant leading AppSec strategies and hands-on execution for software platforms. Focused on security engineering, vulnerability management, and compliance in the construction software industry.
Responsibilities
- Own the application security strategy and roadmap across products and platforms, aligned to business risk and compliance obligations (e.g., ISO 27001, NIST).
- Work with Group Architect to set and govern secure SDLC standards.
- Influence senior engineering leadership on security architecture decisions, backlog prioritization, and risk acceptance.
- Lead and mature SAST, DAST, SCA usage, with policy-as-code and pipeline gating where appropriate.
- Conduct lightweight threat modelling and design reviews for new features and critical services (APIs, microservices, containers, serverless).
- Guide and unblock remediation of complex vulnerabilities in first party code and third-party libraries, providing developer ready fixes and patterns.
- Direct and coordinate penetration testing (internal or partner-led); define scope, success criteria, and exec level reporting.
- Lead the response to zero-day events affecting our stack: assess exposure, coordinate mitigations, communication, and after-action reviews.
Requirements
- Proven background in software engineering (e.g., .NET, Java, JavaScript/TypeScript, Python) and secure coding practices.
- Strong experience operating and integrating SAST/DAST/SCA and AppSec controls into CI/CD.
- Understanding of modern architectures: APIs, microservices, containers (Docker/K8s), serverless, secrets management, identity and access.
- Hands-on with penetration testing methods and tooling (e.g., OWASP, Burp Suite, ZAP); able to set test charters and interpret results.
- Practical experience with vulnerability scanners and endpoint/cloud security platforms (Qualys/Tenable, Defender for Endpoint), plus asset/coverage hygiene.
- Skilled at triage and risk framing, mapping to business impact and SLAs.
- Experience securing workloads in AWS, Azure and/or GCP; multi-cloud exposure preferred.
- Relevant certs such as OSCP, GWAPT/GWEB, CSSLP, CISSP, CISM, or cloud security (e.g., AWS Security Specialty, AZ-500).
Benefits
- 25 days annual leave + public holidays, increasing with length of service.
- 4% matched pension.
- Income protection and life assurance.
- Access to our award-winning benefits platform.
- We take mental health seriously and have a dedicated EAP available 24/7.
- £100 allowance towards a fitness club.
- Dell discounts.
- Private Medical Insurance.
- Paid study leave + volunteering days.
- Car Scheme.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
First Vice President driving Axos Bank's information security strategy and leading a high - performing team. Architecting solutions and leading technical initiatives within a fast - paced environment.
Mid to Senior Data Engineer joining CrowdStrike's Cloud Identity & Perimeter team. Focus on developing and maintaining complex data pipelines and security analytics at scale.
Cybersecurity Assessor evaluating enterprise systems for vulnerabilities and compliance. Engaging in assessments and reporting within a hybrid work structure based in Brooklyn Heights, NY.
Security Business Analyst engaging in requirements gathering, risk assessments, and stakeholder liaison. Supporting measurable security outcomes with comprehensive documentation in a hybrid work setup.
Senior Software Engineer developing engaging gamified learning experiences for cybersecurity awareness. Driving technical leadership and product ownership in a rapidly growing team.
Cyber Security Engineer providing cybersecurity support for SCADA, OT networks and industrial control systems at Vestas. Collaborating with cross - functional teams to ensure secure operations in offshore wind farms.
Senior Consultant in IT Security guiding clients through IT projects and security strategies. Analyzing vulnerabilities and leading project tasks while ensuring quality and timely delivery.
AI Security Engineer securing AI - driven applications at a rapidly expanding tech company. Focus on mitigating risks across the AI lifecycle with a talented team.
Sr. Product Manager leading vision and strategy for Smartsheet's security offerings. Managing enterprise security products while ensuring compliance and driving product adoption.