What Jobs are available for Application Security in London?

**The team you'll be working with:**
Flexible remote-working options
As an Application Security DevSecOps Specialist at NTT DATA, you will integrate security best practices throughout the software development lifecycle (SDLC), implement secure coding standards, and design automation frameworks to ensure robust application security. Collaborate with development teams to establish secure, modernized workflows, embed security tooling in CI/CD pipelines, and secure cloud-native environments. This role offers opportunities to work in cutting-edge agile settings, delivering high-impact security initiatives across diverse industries.
**What you'll be doing:**
**Core Responsibilities**
**Security in SDLC**
+ Incorporate security controls and standards into all phases of the software development lifecycle (SDLC).
+ Collaborate with developers to adopt secure coding practices, including OWASP compliance.
+ Conduct threat modeling and evaluate design documents to identify security vulnerabilities.
+ Contribute to establishing security requirements and acceptance criteria for application development projects.
**DevSecOps Automation**
+ Implement security automation within CI/CD workflows using tools for SAST, DAST, IAST, SCA and compliance monitoring.
+ Implement custom security testing frameworks compatible with agile and DevSecOps models.
+ Conduct infrastructure-as-code (IaC) configuration checks and enforce compliance policies.
+ Automate secrets scanning, credential hygiene practices, and dependency vulnerability reviews.
**Application Security Testing**
+ Execute static (SAST) and dynamic (DAST) application security assessments.
+ Perform manual penetration testing and secure code reviews to detect risks.
+ Analyze application dependencies and third-party components, ensuring vulnerability remediation.
+ Assist with the validation of security fixes via rigorous regression testing and secure deployment methods.
**Security Training and Awareness**
+ Prepare training initiatives for developers on secure coding practices, application security principles, and DevSecOps workflows.
+ Create and disseminate security documentation, guidelines, and playbooks for developers and architects.
+ Supporting engineers to adopt security-first product development and incident prevention strategies.
+ Establish and support developer security champion programmes within agile teams.
**Cloud and Container Security**
+ Implement robust security controls for containerized workloads in Docker, Kubernetes, and similar platforms.
+ Design and secure API endpoints and microservices architectures.
+ Leverage cloud security services on AWS, Azure, or GCP to deliver secure, scalable solutions.
+ Advocate for best practices in secret management, repository vaulting, and cloud-native application monitoring.
**What experience you'll bring:**
**Required Qualifications**
**Technical Skills**
+ Knowledge of multiple programming languages (e.g., Java, Python, JavaScript, Go, .NET) and proficiency in one.
+ Experience in deploying application security tools like SonarQube, Checkmarx, Veracode, OWASP ZAP.
+ Expertise in CI/CD tools and platforms (e.g., Jenkins, GitHub Actions, Azure DevOps).
+ Solid understanding of container orchestration technologies (e.g., Kubernetes, Docker).
+ Familiarity with cloud platforms (AWS, Azure, GCP) and IaC assessment tools (Terraform, CloudFormation).
**Security Expertise**
+ Advanced knowledge of the OWASP Top 10 vulnerabilities, secure coding techniques, and cryptographic best practices.
+ Proficiency in API security testing and securing microservices.
+ Hands-on involvement in framework-based security compliance efforts (ISO 27001, GDPR, SOC 2).
**Professional Skills**
+ Exceptional collaboration and communication abilities when interfacing with software teams.
+ Strong problem-solving mindset to balance security priorities in fast-paced DevOps environments.
+ Capable of delivering security-focused workshops and team mentoring.
**Must meet UK SC Clearance eligibility guidelines.**
**Certifications**
+ Preferred certifications include CSSLP, GWEB, or a Certified DevSecOps Engineer qualification.
+ AWS / Azure / GCP Security specialization certifications are advantageous.
**Preferred Qualifications**
+ Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience.
+ 2 to 4 years of direct experience in application security engineering.
+ Familiarity with implementing container security policies and securing high-performance CI/CD development ecosystems.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

Our client, a leading firm in the information security sector, is seeking an accomplished Senior Penetration Tester to join their elite team. This is a hybrid role, based out of our client's prestigious offices in London, England, UK , offering a blend of in-office collaboration and remote flexibility. You will be responsible for conducting comprehensive security assessments of web applications, cloud environments, and mobile applications, identifying vulnerabilities and providing actionable remediation strategies.

Key Responsibilities:

• Perform in-depth penetration tests against web applications, APIs, mobile apps, and cloud infrastructures (AWS, Azure, GCP).
• Identify, exploit, and document security vulnerabilities using a variety of manual and automated tools.
• Develop detailed and accurate penetration test reports, clearly outlining findings, risk assessments, and remediation recommendations.
• Collaborate with development and engineering teams to discuss findings and guide remediation efforts.
• Stay current with the latest attack vectors, tools, and techniques in application and cloud security.
• Contribute to the development and improvement of penetration testing methodologies and standards.
• Conduct security architecture reviews and provide expert advice on secure design principles.
• Mentor junior penetration testers and contribute to team knowledge sharing.
• Assist in managing client relationships and project timelines.
• Potentially assist in red teaming exercises and adversary simulation engagements.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
• 5+ years of experience in penetration testing and vulnerability assessment.
• Proven experience testing cloud environments (AWS, Azure, GCP) and modern web/mobile applications.
• Proficiency with a wide range of penetration testing tools (e.g., Burp Suite, Metasploit, Nessus, Nmap).
• Strong understanding of common web vulnerabilities (OWASP Top 10), mobile security risks, and cloud security misconfigurations.
• Excellent technical writing and communication skills, with the ability to explain complex security issues clearly.
• Relevant certifications such as OSCP, OSCE, CISSP, CEH, CREST are highly desirable.
• Ability to work effectively both independently and as part of a collaborative team in a hybrid work model.
• Experience with scripting languages (Python, Bash) for automation is a plus.
• Demonstrated ability to think critically and creatively to uncover subtle vulnerabilities.

This role offers a challenging and rewarding career path for security professionals looking to make a significant impact in a dynamic industry. The hybrid nature allows for flexibility while maintaining strong team cohesion. Join our client in London and be part of a world-class security team.

Description
Embark on a Mission to Fortify Amazon's Defenses as a Security Engineer with the Vulnerability Management & Remediation Operations team!
Amazon Security is seeking a Security Engineer to join our Vulnerability Management and Remediation Operations (VMRO) team in London, UK. The VMRO team is responsible for discovering, assessing, triaging, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem
Key job responsibilities
- Analyse public and private vulnerability disclosures and exploit code
- Deeply understand and assess the technical details and potential impact of vulnerabilities across Amazon's infrastructure, services, and applications.
- Investigate and triage vulnerabilities, identifying severity and the scope of potential impact to Amazon.
- Support response and remediation efforts, assisting builder teams to fix their security issues in a timely manner
- Engineer high quality, scalable, and accurate vulnerability detection mechanisms
- Design and implement automation, tools and workflows to enhance our operations capabilities.
- Be part of a global team and participate in periodic on-call responsibilities to ensure the continuous monitoring and remediation of vulnerabilities.
- Experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language and SQL
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Mentorship and Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language
- 5 years security engineering experience in system, network, and/or application security
- 5 years experience developing vulnerability assessment tests with Python or Java.
- 5 years experience improving accuracy of vulnerability detection mechanisms across a diverse technical ecosystem
- 3 years experience troubleshooting networking, operating systems, applications, or cloud services.
- 3 years experience building cloud-based services
Preferred Qualifications
- Experience with AWS products and services
- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Description
Embark on a Mission to Fortify Amazon's Defenses as a Support Engineer with the Vulnerability Management & Remediation Operations team!
Amazon Security is seeking an experienced and innovative Support Engineer specialising in cybersecurity to join our Vulnerability Management and Remediation Operations (VMRO) team in London, UK. The VMRO team is a global team that is responsible for assessing, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem.
Key job responsibilities
- Support vulnerability detection campaigns by working closely with Campaign Owners to launch and continuously improve the quality of campaigns across Amazon.
- Assess and negotiate with customers to drive down security risk by engaging with teams to remediate critical security vulnerabilities in their environments.
- Collaborate with builder teams to implement security fixes and improvements.
- Understand technical details of vulnerabilities affecting Amazon's infrastructure, services, and applications.
- Review and analyse common vulnerability disclosures and assist in evaluating potential impacts.
- Help triage vulnerabilities and contribute to impact and detection logic assessments.
- Contribute to the development of automation of repetitive tasks.
- Actively participate in updating documentation and sharing knowledge across your global peers.
- Participate in an on-call rotation to support continuous monitoring and remediation of vulnerabilities.
If you're excited about the opportunity to make a significant impact on the security of one of the world's largest and most complex technology ecosystems from our London office, we'd love to hear from you!
About the team
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Mentorship & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, Cybersecurity or related technical degree or equivalent; or 3+ years equivalent technology experience
- Strong understanding of security concepts with a security mindset.
- Strong understanding of computer and network weaknesses and mitigating controls.
- Strong ability to understand risk and prioritisation in the context of the business.
- Ability to communicate effectively within technical and business settings.
- Ability to document learnings and contribute to knowledge sharing and runbook building.
- Experience with secure-cloud configuration, (CloudTrail, AWS Config), cloud-security technologies (VPC, Security Groups, WAF etc.), and cloud-permission systems (IAM).
- Experience with identity and access concepts, with technologies to secure production and corporate access, (SSO, SAML) and with Federated Identity, RBAC, authentication and authorisation solution, encryption, SSL, and related.
Preferred Qualifications
- 2+ years of experience in fields such a Security Operations, technology audit, or security vulnerability lifecycle.
- Ability to prioritise multiple tasks and projects.
- Have a passion to learn and thrive in a dynamic and constantly changing environment.
- Experience with virtualisation technologies, especially with AWS services.
- Relevant industry certifications such as CISSP, SANS, ISC2, CompTia, etc.
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
- Demonstrated knowledge of web protocols, common attacks, and working knowledge of Linux/Unix tools and architecture.
- Understanding of best practices across multiple security disciplines/domains.
- Demonstrated ability to work autonomously with a Bias for Action, critical and creative thinking.
- Demonstrated ability to collaborate, develop partnerships, and work effectively as a member of a global, inclusive team.
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Threat and Vulnerability Management Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation's infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.
The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses Infrastructure and Service Management across EMEA Bank, International Securities, and the 15+ countries in which these entities operate. The position is responsible for leading the Threat and Vulnerability Management function, including oversight of an outsourced offshore third-party service.
This function integrates secure practices into the development lifecycle and aligns with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG's security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.
The successful candidate must demonstrate proven experience in leading teams and fostering a culture of technical excellence. They will be expected to establish best practices for risk identification and remediation planning, while also influencing stakeholders and delivering competitive advantage for global organisations by protecting against external threats and potential security vulnerabilities.
NUMBER OF DIRECT REPORTS
Circa 5
**KEY RESPONSIBILITIES**
**Strategic Leadership & Vision**
+ Lead the design, development, operation and management of the department's Threat and Vulnerability Management (TVM) strategy and roadmaps, ensuring alignment with business requirements, services, strategic goals, and IT risk appetite.
+ Develop short, medium, and long-term strategic goals and objectives for DES TVM, including documenting the current environment and defining the future roadmap.
+ Define measurable, repeatable processes and reporting metrics, subject to continuous improvement.
+ Define the DES Threat and Vulnerability function's Key Risk Indicators (KRIs) and govern accordingly. Produce regular KPI, MI, and risk management data for senior management.
+ Responsible for identifying cost-saving and optimisation opportunities within MUS EMEA and the wider MUFG group.
**Operational Oversight & Technical Execution**
+ Lead a team of Threat and Vulnerability Engineers to deliver best practice operations and strategic development, shaping the department's security posture while adhering to MUFG policies and procedures.
+ Oversee the successful deployment of routine and out-of-band security patches across IT infrastructure.
+ Automate patch deployments and associated post-deployment check-outs.
+ Triage vulnerabilities into "Fix, Acknowledge, and Investigate" categories using industry-aligned risk rating methodologies.
+ Use ServiceNow Application Vulnerability Response (AVR) and Vulnerability Response (VR) modules to manage and report on vulnerabilities and violations across the estate, integrating with dashboards and workflows for visibility and accountability.
**Risk Management & Remediation**
+ Work with other technology teams to provide in-depth analysis of vulnerabilities and impacts to key stakeholders.
+ Collaborate with application teams to ensure secure coding practices and timely remediation of vulnerabilities, aligned with criticality-based policy enforcement.
+ Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team).
+ Influence stakeholders to prioritise and drive remediation of process and technology gaps
+ Work with Cyber Security, Application Teams, and IT Risk to ensure controls are met and vulnerabilities are addressed across infrastructure and applications.
+ Engage and support Cyber Security for remediation of penetration test findings.
+ Engage with Internal and External Auditors as the SME on all matters relating to VM.
**Stakeholder Engagement & Culture**
+ Act as the primary Service Matter Expert and point of contact for the Threat and Vulnerability Management function within DES.
+ Work closely with industry partners, vendors, and the wider technology ecosystem to leverage external expertise and best practices. Conduct market research to identify emerging risk and vulnerability trends.
+ Build strong relationships across Bank and Securities functions (e.g. IT Risk & Control, Cyber Security, Operational Risk), underpinned by trust and MUFG's core values.
+ Lead by example in building relationships across the Bank, strengthening peer networks and collaboration.
+ Promote MUFG's values-led culture, fostering inclusivity and diversity.
+ Champion staff cyber education and awareness to embed a proactive cyber-focused culture.
+ Promote a dynamic, delivery-driven culture that works alongside Technology and Business units to provide responsive resolutions and value-driven solutions.
**SKILLS AND EXPERIENCE**
**Leadership & Team Development**
+ Proven experience of directly managing a team of Threat and Vulnerability Engineers, including mentoring, developing, and guiding security professionals in a collaborative, high-performing environment.
+ Strong strategic thinking and visionary skills with the ability to co-develop and drive the function's technical vision, strategy, and roadmap aligned with business goals and risk appetite.
**Technical Expertise & Security Operations**
+ Prior extensive experience working within infrastructure environments and cloud platforms (AWS, Azure, Oracle), with a high-level understanding of platforms, operating systems, and technologies.
+ Proven capability in creating and executing comprehensive threat and vulnerability management programmes, including vulnerability scanning, penetration testing, and security awareness training.
+ Proficiency in using vulnerability scanning tools (e.g. Tenable, Qualys, Rapid7, Veracode, JFrog Xray), threat intelligence platforms, and incident response tools.
+ Prior experience implementing automated solutions for vulnerability scanning, threat detection, and incident response, with a focus on continuous process improvement.
**Risk Management & Threat Intelligence**
+ Strong familiarity with security frameworks and standards (e.g. NIST, ISO 27001), and deep understanding of security concepts including vulnerability management, threat intelligence, incident response, and offensive security techniques.
+ Experience in gathering and analysing threat intelligence to understand emerging threats, attack vectors, and threat actors. Maintains up-to-date knowledge of the latest security threats, vulnerabilities, and best practices.
+ Strong analytical and problem-solving skills to analyse data, identify patterns and develop effective solutions to mitigate risk.
**Communication & Stakeholder Engagement**
+ Proven ability to communicate effectively with senior management, providing governance and risk oversight.
+ Excellent verbal and written communication skills to report findings and collaborate across cross-functional Technology and non-Technology teams.
+ Ability to translate technical risks into business-relevant language for both technical and non-technical stakeholders, including executive leadership.
EDUCATION / QUALIFICATIONS/ TECHNICAL COMPETENCIES
**Essential**
+ Recognised cybersecurity certification: CISSP and/or CISM
+ Strong knowledge of:
+ Ivanti LANDesk, Qualys, Splunk
+ Windows Server/Desktop, RHEL/OEL Linux
+ PowerShell and Python scripting
+ Proven experience leading strategic security initiatives and process automation in large-scale environments
**Desirable**
+ Additional certifications: CCSP
+ Familiarity with:
+ CyberArk PAM, ServiceNow SecOps Vulnerability Response / Application Vulnerability Response.
+ VMWare, Nutanix, Java VM
+ MSSQL, Oracle, MongoDB
+ Red Hat Satellite, Active Directory, LDAP, Kerberos
+ Confluence, JIRA
+ GDPR and SOX compliance frameworks
**PERSONAL REQUIREMENTS**
+ Excellent communication skills
+ Ability to manage constructive conflict effectively
+ Ability to build strong and lasting relationships across the bank
+ Results driven, with a strong sense of accountability, focused on business outcomes
+ Strong decision-making skills, the ability to demonstrate sound judgement
+ A structured and logical approach to work
+ A creative and innovative approach to work
+ Excellent interpersonal skills
+ The ability to manage large workloads and tight deadlines
+ Excellent attention to detail and accuracy
+ A calm approach, with the ability to perform well in a pressurised environment
+ A confident approach, with the ability to provide clear direction to your team
+ Ability to lead a high performing team
+ A strategic approach, with the ability to lead and motivate your team
+ Conscientious, methodical and logical approach to work
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Fire and Security Engineers wanted

Our client are an established & very successful Fire and Security company based in Central and South London due to a number of contracts recently won they are looking for x2 Fire and Security engineers to join there team

• Personal Specification

• The basic salary is £35,000- £3,000 per year
• OTE - 0,000- 3,000 Per year 
• You will have a minimum of 5-8 years’ experience within Fire and Security
• Driving Liscense 

Role & Responsibilities:

• Completing Service projects of Fire and Security projects
• Ensure all work is performed accurately & efficiently.
• Completing detailed work reports sent to the relevant department
• To work to ensure health and safety regulations are met.

Security Engineers wanted in West London

Our client are an established & very successful Fire and Security company based in West London, due to a number of contracts recently won they are looking for Fire and Security engineers based in the London area.

Role & Responsibilities:

• Completing Service projects of Security projects
• Ensure all work is performed accurately & efficiently.
• Completing detailed work reports sent to the relevant department
• To work to ensure health and safety regulations are met.
   
• Personal Specification

• You will have experience of working within the Fire and Security sector.
• You will have a minimum of 5-8 years’ experience
• You will have a positive and well driven work ethic
• Salary basic of £35,000-£45,000
• Please do give me a call on (phone number removed) or (phone number removed)

**The team you'll be working with:**
**Security Tooling Engineer**
**About Us**
NTT DATA is one of the world's largest global security services providers, with over 7,500 security SMEs. We work with leading security technology vendors and pride ourselves on delivering innovative and effective solutions. Our people, clients, and communities are at the core of what we do. We're seeking individuals passionate about building a more secure and sustainable world.
**What you'll be doing:**
**Position Overview**
The Security Tooling Engineer is responsible for the operation, maintenance, integration, and optimization of security platforms and tools that support the delivery of security services across NTT DATA and Service Recipients. This role ensures that security tooling operates reliably, integrates seamlessly with enterprise infrastructure, and complies with governance requirements outlined.
**Key Responsibilities**
**Platform Operations & Maintenance**
+ Operate and maintain security platforms in accordance with agreed Service Level Agreements (SLAs) as defined in Service Levels and KPIs
+ Ensure high availability, performance, and reliability of all security tooling
+ Monitor platform health and proactively address performance issues
+ Manage platform upgrades, patches, and version control
+ Provide monthly health and performance reports for all managed security platforms
**Data Source Management & Integration**
+ Manage onboarding of data sources to security platforms (e.g., log sources to SIEM)
+ Configure data parsing, normalization, and enrichment to ensure data quality
+ Design and maintain dashboards and visualizations for security monitoring and reporting
+ Ensure integration with other Security Services and Tooling across the ecosystem
+ Integrate security tools with recipients clients or Global's Splunk SIEM, CMDB, and ticketing systems
+ Implement SSO (Single Sign-On) and MFA (Multi-Factor Authentication) integration with recipient clients or Global's identity and access management systems
**Access Management & Governance**
+ Enforce Role-Based Access Control (RBAC) across all security platforms
+ Conduct quarterly access reviews to ensure least-privilege access
+ Manage user provisioning and deprovisioning for Global, Service Recipients, and authorized Supplier personnel
+ Maintain auditable logs of all access changes
+ Ensure all access changes are logged and auditable per clients requirements
**Configuration & Change Management**
+ Manage security tool configurations in accordance with the Change Control Procedure
+ Document all configuration changes and maintain configuration baselines
+ Ensure configuration changes are approved by Global and/or Service Recipients before implementation
+ Maintain configuration management database (CMDB) entries for all security tooling
+ Support configuration audits and compliance reviews
**Vulnerability & Patch Management**
+ Perform vulnerability scans of security tooling platforms in line with Vulnerability Management Service requirements
+ Apply patches within timelines defined by recipient clients or Global policies and standards
+ Report remediation status monthly
+ Escalate unpatched critical vulnerabilities immediately to recipient clients or Global service
+ Ensure security tooling platforms comply with recipient client or Global's patching policies
**Incident & Problem Management**
+ Report tooling-related incidents (outages, performance issues, security events) to Global and or Service Recipients immediately
+ Support Third Party vendor cases where Supplier actions affect system availability, integrity, or confidentiality
+ Provide written notice of vulnerability disclosures and critical defects in tooling without undue delay
+ Provide impact assessments and work-around proposals for tooling issues
+ Log all tooling-related incidents and vulnerabilities in the agreed ticketing system
+ Provide monthly reports detailing incident trends, vulnerability status, and remediation progress
**Tooling Replacement & Migration**
+ Support tooling replacement activities when recipient clients or Global decides to replace existing tools
+ Participate in hypercare activities for Replacement Tooling up to and including implementation date
+ Ensure seamless migration of configurations, data, and integrations to new platforms
+ Retrain on new tooling as required clients
+ Cease use of Replaced Tooling by the specified replacement date
**Security Tooling Portfolio Management**
Manage and maintain the following categories of security tools:
Security Operations Tools
+ SIEM (Security Information and Event Management) - e.g., Splunk
+ EDR (Endpoint Detection and Response)
+ SOAR (Security Orchestration, Automation and Response)
+ Threat Intelligence Platforms
+ Vulnerability Scanners (e.g., Qualys, Tenable)
+ Brand Protection and Domain Monitoring Tools
+ Certificate Authority (CA) and PKI Management Platforms
Security Architecture & Engineering Tools
+ SAST (Static Application Security Testing) - e.g., Checkmarx, Fortify
+ DAST (Dynamic Application Security Testing) - e.g., Burp Suite, OWASP ZAP
+ SCA (Software Composition Analysis) - e.g., Snyk, Black Duck
+ CSPM (Cloud Security Posture Management) - e.g., Prisma Cloud, Wiz
+ Container Scanning Tools
+ Penetration Testing Tools
Information Security Tools
+ Third Party Risk Management Platforms
+ Case Management Systems for Third Party Security Assessments
Service Support Tools
+ Security Service Desk Ticketing Systems (e.g., Jira, ServiceNow)
+ Reporting and Dashboard Platforms
**Exit & Offboarding Support**
+ Upon expiry/termination of tooling contracts or at Global's request:
+ Return all configurations, runbooks, and artifacts
+ Ensure orderly transfer of Supplier-created content
+ Support account de-provisioning
+ Return/destroy data per Global/Service Recipient policies
+ Provide detailed handover plans for tooling transition to Global, Service Recipients, or Replacement Suppliers
**What experience you'll bring:**
**Certifications (Required)**
At least one of the following:
+ Splunk Certified Admin / Splunk Certified Architect
+ Certified Information Systems Security Professional (CISSP)
+ GIAC Security Essentials (GSEC)
+ CompTIA Security **Certifications (Preferred)**
+ Vendor-specific certifications for managed tools (e.g., Qualys, Tenable, Palo Alto Networks)
+ ITIL Foundation or higher
+ Cloud certifications (AWS, Azure, GCP)
+ Automation certifications (Ansible, Terraform)
**Experience**
+ Minimum 4 years of experience in security operations, security engineering, or IT systems administration
+ Minimum 2 years of hands-on experience with SIEM platforms (preferably Splunk)
+ Proven experience managing security tooling in enterprise environments
+ Experience with integration of security tools with enterprise infrastructure (IAM, CMDB, ticketing)
+ Demonstrated experience with access management and RBAC implementation
+ Experience with vulnerability management and patch management processes
**Technical Skills**
Security Platforms
+ SIEM: Splunk (required), QRadar, ArcSight, LogRhythm, Sentinel
+ EDR: CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender
+ SOAR: Splunk Phantom, Palo Alto Cortex XSOAR, IBM Resilient
+ Vulnerability Management: Qualys, Tenable, Rapid7
+ Threat Intelligence: Recorded Future, ThreatConnect, MISP
Integration & Automation
+ REST APIs and API integration
+ Scripting: Python, PowerShell, Bash
+ Automation tools: Ansible, Terraform, Jenkins
+ Data formats: JSON, XML, CSV, Syslog, CEF
Infrastructure & Networking
+ Linux and Windows server administration
+ Networking fundamentals (TCP/IP, DNS, firewalls, proxies)
+ Cloud platforms: AWS, Azure, GCP
+ Containerization: Docker, Kubernetes
Identity & Access Management
+ SSO protocols: SAML, OAuth, OpenID Connect
+ MFA solutions: Duo, Okta, Azure MFA
+ LDAP/Active Directory integration
+ RBAC design and implementation
Data & Reporting
+ Log management and parsing
+ Data normalization and enrichment
+ Dashboard and visualization design (Splunk, Grafana, Kibana)
+ Reporting and metrics
Frameworks & Standards
+ Clients Global Security Control Framework
+ ISO 27001, NIST Cybersecurity Framework, CIS Benchmarks
+ ITIL service management practices
+ Change management and configuration management
**Soft Skills**
+ Strong problem-solving and troubleshooting abilities
+ Excellent attention to detail
+ Effective communication skills (written and verbal)
+ Ability to work collaboratively across teams
+ Customer service orientation
+ Ability to manage multiple priorities and deadlines
+ Proactive and self-motivated
**Key Performance Indicators (KPIs)**
+ Platform uptime and availability (per SLA targets)
+ Incident response time for tooling issues
+ Monthly health report delivery timeliness and quality
+ Access review completion rate (quarterly)
+ Vulnerability remediation timeliness
+ Integration success rate (new data sources, new tools)
+ User satisfaction with tooling performance
+ Compliance with stated requirements
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search Email to a friend Apply now

Join the Team That’s Redefining Fire & Security Engineering

We’re hiring Fire & Security Engineers UK wide – and we want to hear from you!

Whether you’re a seasoned pro in installation or a specialist in servicing and maintenance , this is your chance to join a high-performing regional team that’s passionate about protecting people, property, and the environment.

At Johnson Controls , we don’t just offer jobs – we build careers. With industry-leading training, long-term development opportunities, and a culture that values your expertise, you’ll be empowered to do your best work every day.

What’s In It for You?

We believe in rewarding talent. Here’s what you can expect:

• Competitive salary

• ⏱️ Paid travel time and optional overtime

• Industry-leading callout payments (Service roles only)

• Engineering commission scheme + sales referral incentives