Lead Security Engineer
- Lead Security Engineer role at a well-regarded digital transformation consultancy
- Specialism in penetration testing, web application security, and cloud security engineering
- Hybrid working model; Belfast or Northern Ireland base
- Competitive salary commensurate with seniority; details shared on application
- Technical leadership role with real influence over security engineering methodology and tooling
About the Company
Our client is a well-established digital transformation consultancy that delivers platforms and services for some of the most complex and regulated organisations in the UK and internationally. Operating across public sector, healthcare, defence, and commercial markets, they combine serious technical depth with a strong culture of people development. Their security engineering practice is growing, and they are well regarded for delivering modern, secure digital services at pace and at scale.
The Role
This is a Lead Security Engineer position with hands-on technical scope and genuine team leadership responsibility. You will lead security engineering and penetration testing efforts across the consultancy's platforms and services, setting direction on testing methodology, engagement scoping, tooling selection, and output quality. Working alongside agile delivery teams, you will be the senior technical voice on security engineering and will actively coach and develop more junior members of the practice. If you are a security engineer who wants to lead from the front, shape how testing is done, and build something with a strong team behind you, this role is worth exploring.
Key Responsibilities
- Lead security engineering and penetration testing efforts across web applications and cloud platforms
- Set direction on testing methodology, engagement scoping, tool selection, and the quality of outputs
- Perform and document penetration tests on web-based applications, networks, and infrastructure
- Assess software and infrastructure source code from a security standpoint
- Drive Continuous Security, CI and CD practices across agile delivery teams
- Articulate threats and risk clearly through threat modelling exercises and stakeholder workshops
- Mentor and develop junior security engineers, managing performance and supporting career development
- Stay current with emerging threats, attack types, and evolving security tooling
- Share knowledge across the team and contribute to the wider security community
What You'll Need
Essential:
- Expert-level knowledge of web application and cloud platform security (AWS and/or Azure)
- Proven ability to perform and document penetration tests across web applications, networks, and computer systems
- Strong experience assessing software and infrastructure source code from a security standpoint
- Solid grounding in Continuous Security, CI and CD techniques
- Knowledge of security standards including NCSC, NIST, CIS, PCI, GDPR, OWASP ASVS, HIPAA, SOC2
- Understanding of common attack vectors including OWASP Top 10, SQL injection, XSS, XXE and MITM
- Good programming or scripting experience across Windows, Linux, or MacOS
- Excellent communication skills across technical and non-technical audiences
Desirable / Nice to Have:
- Penetration testing qualifications such as OSCP, CREST, or TIGER
- Hands-on experience with tooling including Burp Suite, OWASP-ZAP, NMAP, Nessus, Kali, or Metasploit
- Experience working with external pen test providers to translate findings into actionable remediation plans
Why Apply?
- Competitive salary reflecting lead-level scope and responsibility; figures shared at first conversation
- Hybrid working model with genuine flexibility
- Strong annual leave entitlement
- Real technical leadership scope with influence over methodology and tooling
- Work on high-impact programmes across public sector, defence, and commercial sectors
- Structured career development and access to a strong peer group across security and engineering
- Culture built around knowledge sharing and genuine investment in growing the practice
