Senior Cyber Security Engineer

All locations
  • London, United Kingdom
  • Loughborough, United Kingdom
  • Bristol, United Kingdom
  • Glasgow, United Kingdom
Business:
Energy Systems
Position type:
Full Time
Contract type:
Permanent Employee
Job ID:
6687
Apply

Overview

About us

We are the independent expert in assurance and risk management. Driven by our purpose, to safeguard life, property, and the environment, we empower our customers and their stakeholders with facts and reliable insights so that critical decisions can be made with confidence.

As a trusted voice for many of the world’s most successful organizations, we use our knowledge to advance safety and performance, set industry benchmarks, and inspire and invent solutions to tackle global transformations.

About the role

Are you a cyber security engineer who gets genuine satisfaction from closing vulnerabilities, not just finding them?

DNV Energy Systems is seeking a Senior Cyber Security Engineer to take ownership of the hands-on delivery of security across a portfolio of digital products. In this role, you will work closely with product and engineering teams to actively reduce risk, meet compliance requirements, and embed secure, sustainable practices that last.

OUR OPPORTUNITY

Reporting to the Digital Portfolio Manager, you will be the primary security engineering resource for the UK&I digital product portfolio. You will own the security posture of the portfolio end-to-end, from tooling and triage through to remediation support, assessment execution, and audit preparation.

This is an individual contributor role with substantial scope. You'll be the one closest to the work, with direct influence over how security is practised across the portfolio. There is genuine opportunity for the function to grow around you as the team expands.

You will work across multiple products and engineering teams simultaneously, acting as the technical security authority for the region. You’ll be joining teams that value security and want to get it right, giving you the platform to drive meaningful, lasting improvements.

What you’ll do:

Vulnerability Management & Tooling

  • Maintain and operate SAST/DAST tooling (including Veracode) across the digital portfolio

  • Lead CVE triage, assessing severity, exploitability and remediation priority across all products

  • Track and manage vulnerability remediation to closure, working directly with engineering teams

  • Maintain the portfolio security risk register, ensuring visibility of open issues and remediation status

Security Assessment & Audit

  • Plan and execute security assessments across the product portfolio against DNV standards and industry frameworks (eg OWASP ASVS)

  • Support audit preparation and evidence gathering for internal and external audit cycles

  • Maintain assessment documentation, findings registers and remediation tracking artefacts

Secure Development Practice

  • Embed security into the software development lifecycle (SDL/SSDLC) across product teams

  • Conduct threat modelling and architecture review for new and materially changed products

  • Advise development teams on secure coding practices, dependency management and secrets handling

  • Act as technical security subject matter expert, the first point of contact for engineering and product teams when security questions arise

What we offer

We value all our people and the contributions they make to our business, so it’s important that our rewards make us all feel valued here. That’s why we offer a flexible reward and benefits package, allowing you to choose the things that matter most to you, including;

  • Exceptional Development and career progression opportunities with regular development discussions with your manager

  • Non-contractual Profit Share Scheme

  • Lifestyle benefits: 26 days annual leave + bank holidays, opportunity for up to 10 days unpaid leave, sabbatical leave, flexible working options

  • Wellbeing benefits: (including Private Medical, Dental Insurance, Health Assessments, Gym allowance). Company contribution towards eye tests and glasses (for computer/laptop users), and Flu Vaccinations. Also, our Employee Assistance Programme (EAP) provides free and confidential support for issues including work, family, relationships, money and health and we provide free fruit in our offices

  • Financial Benefits: including a Pension Scheme with employer pension contributions up to 9%, Life Assurance and Income Protection

  • Travel benefits: Season Ticket Loan, Cycle to Work Scheme, Electric Vehicle Salary Sacrifice Scheme (for personal use)

  • Re-imbursement of relevant Professional Membership Fees (up to £570)

  • Access to employee retail discount site for high street and on-line shopping

DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity.

About you

We’re looking for a Cyber Security Engineer who is focused on practical outcomes and understand that lasting remediation comes from a combination of strong technical fixes, clear communication, good documentation, and solid process.

Our colleagues come from a vast range of different backgrounds, and we value the diversity of experience, knowledge and thought that this brings to our approach. We therefore try to keep our mandatory requirements to a minimum. As a Senior Cyber Security Engineer, there are a few typical traits that we’d love you to bring, to complement the more specific role requirements.

Essential

  • Experience with application security tooling (SAST, DAST, SCA) including commercial platforms such as Veracode

  • CVE triage and vulnerability management capability across multi-product environments

  • Working knowledge of OWASP Top 10, ASVS, and common web application attack vectors

  • Experience executing or supporting security assessments and audit preparation

  • Ability to communicate technical security risk clearly to non-security audiences, including product and senior stakeholders

  • Comfortable working as an individual contributor across multiple products simultaneously

Desirable

  • Experience with cloud-hosted applications and infrastructure security (AWS, Azure or GCP)

  • Familiarity with ISO 27005, ISO 27001 or equivalent risk management frameworks

  • Exposure to threat modelling methodologies (STRIDE, PASTA or similar)

  • Relevant security certifications (CEH, OSCP, CISSP, CompTIA Security+, or equivalent)

  • Experience in energy, infrastructure, engineering consultancy, or other regulated technical environments

We recognise that equivalent tools and frameworks exist across the industry. If your experience is with comparable tooling or your background doesn't map neatly to our list, we’d still like to hear from you, we’re interested in your underlying capability and the value you’d bring to the role.

Benefits

Please note, benefits may depend on your contract type, please confirm with your recruiter.

Profit Share

You’ll be part of our global profit share scheme that means we all share in our success as a business. If we profit, so do you. This will be part of our Total Compensation approach each year and depends on our year-end results.

Personal Development

You’ll have a lot of opportunities to learn and grow. Whether it’s building your network, having resources to plan and realise your career goals or enjoying genuine freedom to satisfy your curiosity, we’ll make sure you’re always growing and developing.

Purpose-led organization

You become part of a world-leading company where we know and live our purpose; to safeguard life, property, and the environment, with the opportunity to tackle global change through your work.

Hybrid Work Model

We work in a hybrid model (three days from the office) and have flexible starting hours. This means you can fit your work and life together in a way that works for you.

Pension Schemes

We care about your long-term financial security and prioritise pension and retirement benefits to reflect our caring values. Through our pension scheme, we will contribute up to 9% of salary in addition to your contributions.

Annual Leave

As a full-time employee, you’ll be entitled to 26 days of annual leave a year, plus 8 paid bank/public holidays. Special leave can also be granted for bereavement, caring responsibilities, volunteering and sabbaticals.

Family Friendly Leave

We offer enhanced leave to support you through various stages of starting and growing a family. Our enhanced paid leave entitlement includes Fertility Treatment, Neonatal Care, Maternity, Paternity, Adoption and Shared Parental leaves.

Personal insurances

To support you with some of life's challenges, we offer a range of insurance benefits. These include Private Medical, Dental, Life and Income Protection insurances.

Diversity, Equity and Inclusion

At DNV, our commitment to Diversity, Equity, and Inclusion is not only an ethical choice, but also a business decision.

Diversity, fairness, and a sense of belonging are a source of strength for our people, our business, and our customers, and help us to deliver on our purpose, vision, and values.

Learn more

Working here

Since 1864 we’ve been dedicated to safeguarding life, property and the environment. Today we remain at the forefront of new technologies and techniques to help our customers transform for a more sustainable future.

At DNV you can expect to deliver career and industry defining work. You’ll be given the time to build your network, the resources to support your development, and the freedom to satisfy your curiosity and desire to learn.

Learn more

Application Process

FAQs

Welcome to our Frequently Asked Questions page. We’ve put together answers to the questions we’re asked most often to help you find the information you need quickly and easily. Whether you're curious about our recruitment process, benefits or career growth and development, you should find the information below.

How can I find job openings that fit my skills and interests?

Explore our official job search page where you can use filters such as job type, location, and department to find roles that best match your qualifications and career aspirations.

What’s your application process like?

You can apply directly through our careers page by submitting your CV and any other documents we require (i.e. university diplomas/transcripts; visas; previous employment reference letters). Make sure your application is fully completed, and you tailor it to the specific job listing. 

Is your recruitment process designed to be inclusive and accessible?

Yes, it is. We're an equal opportunities employer and welcome applications from all candidates. We’re happy to support your need for any adjustments during the application and hiring process. Share the details of what you need within your application.

What types of interviews might I undergo?

Depending on your role, our interview process may include initial phone screenings, video conferences, and in-person interviews, focusing on both your technical abilities and our shared values. You can ask your recruiter specifically about the interview process for your role. 

How long does the hiring process typically take from application to decision?

The timeline can vary but we make every effort to reply to each candidate as soon as possible and keep everyone up-to-date with where they are in the recruitment process.

How do I know if a recruitment contact is legitimately from your company?

Official communication will come from our verified company email addresses. Carefully check any suspicious looking emails and if you have any doubts, don’t engage.

Are there any fees involved in your recruitment process?

No, we do not charge any fees at any stage of our recruitment process. All applications and interviews are free of charge, we will never ask you to pay any fees or make any payments – please be wary of any requests for payment as these are likely scams.

What should I do if I suspect a job scam?

If you encounter suspicious job postings or recruitment practices, do not provide personal information and contact your recruiter as soon as possible. We take these matters seriously. We will never ask you to pay any fees or make any payments part of our recruitment process.

Join Our Talent Community

Can't find the right fit?

Be the first one to learn about new job opportunities that might be a perfect fit for you.

Join

Disclaimer

Please beware of recruitment scams that pretend to be from DNV or its employees. We will never ask you to pay any fees or make any payments as part of our recruitment process.