Lead Security Engineer

One of the UK's leading eCommerce companies, who have recently posted fantastic results in light of the current market, are expanding their Security Team here in Manchester.Role: Lead Security EngineerCore Responsibilities:Contribute to the development of the product security roadmap and strategy.Boost, build and innovate our security tools in our DevOps pipeline/processes to ensure applications are secure from development to deployment.Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritise and remediate them.Develop automation scripts and tools to enhance security processes, such as vulnerability scanning and compliance checks.Work closely with development, operations, and security teams to foster a culture of security awareness and best practices.Regularly assess applications and systems for vulnerabilities and recommend remediation strategies.Ensure that applications and infrastructure meet regulatory and compliance requirements.Required Skills:Strong knowledge of application security best practices (such as OWASP).Familiarity with cloud infrastructure (such as AWS, Azure, Google Cloud).Strong grasp of infrastructure-as-a-code and configuration tools (such as Terraform / Cloudformation) for the purpose of deploying security tooling.Knowledge of extracting metrics and events from security tooling.Experience working with and securing microservices, API’s and event driven architectures.Advanced understanding of secure coding principles and how to apply them.Experience implementing SAST and/or DAST within a CI/CD environment.Understanding of security tools such as WAFs, SAST, vulnerability scanning tools.Certifications preferred (but not essential):Certified Information Systems Security Professional (CISSP)Certified Ethical Hacker (CEH)AWS Certified (Security)