Share this Job

Security Engineer (Cyber)

Date: 08-Jun-2022

Location: Oxford/ Hybrid, GB

Company: Nominet


Maybe you know us, maybe you do not. Even though you probably use our services every day. So, we would like to share more about what we do at Nominet, and why we do it, so that you can help us to build the right team.

We're proudly at the heart of the UK's critical internet infrastructure. Leading the charge in cyber security, as we explore and pioneer new technology.


We do this to enable connectivity, inclusivity, and security for our world - and create a vibrant digital future.


That is what drives us - and the kind of people we want to work with.



At Nominet you can expect a hybrid working way, a competitive salary (depending on experience), a great working culture plus excellent benefits including 30 days holidays, performance related bonus, Healthcare, Pension Scheme, Life Assurance, Wellbeing allowance,  Flexible benefits and much much more.


Its time to make your mark  as a Security Engineer in a brand new role at Nominet.


Our Cyber team has an exciting opportunity for a Security Engineer to join us as an expert in cyber security, protecting and monitoring our hybrid cloud and on-prem based 1st and next generation PDNS (Protective Domain Name Service) products.  

You’ll be up to date with the latest cyber security threats and controls and a key point of contact for our Scrum teams. You’ll help to embed security best practices in everything we do. 

The role will be a mixture of hands-on engineering work, coaching and advising teams, taking ownership of our monitoring tools and reporting.




You'll be happy being a hands-on engineer, passionate about using your excellent knowledge of security to guide and mentor our multiple scrum teams to implement best practice in security and grow a culture based around this whilst bringing substantial improvements to our current security offering. 


Taking ownership of our monitoring tools and reporting, you will lead and grow our Security Community of Practice, a group of security champions helping to instil security in our teams but key to this role will be driving our security risk down by ensuring we have the right tools in place as well as mitigating security risks and threats as well as triaging vulnerabilities in a timely manner.

You can expect to:

•    Provide expertise in the field of Cyber Security helping to keep engineers abreast of the latest threats and ensuring our applications and infrastructure are built securely. 

•    Help to develop our security tools and processes to enhance our Engineering teams operations.  

•    Interpret security tools and pen test results to stakeholders, providing advice on vulnerability remediation and risk mitigation. 

•    Lead on Cyber incidents that cut across teams and help ensure accountability for reducing security risk in a timely manner. 

•    Help to scale security with automation, including tooling in pipelines instead of manual remediation etc. 
•    Propose and develop training materials to help raise cyber security knowledge across Engineering. 

You’ll need definitely need the right technical skills to be successful in this role but we’re equally interested in seeing your passion for the security industry, problem solving skills and depth of experience in the security industry, protecting against threats and vulnerabilities.  You will also be someone who enjoys working to a high degree of autonomy collaborating with the wider team.


We’re looking for someone who has:


•    A thorough understanding and significant experience of best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, and/or incident response. 

•    Significant experience in areas such as network security, infrastructure security, application security, systems security, cloud security (particularly AWS) and/or security operations. 

•    Understanding of threat modelling, security vulnerabilities, attacker exploit techniques, and methods for their remediation.

•    Experience of threat modelling with Agile delivery teams – you should be able to facilitate discussions when making tradeoffs between security, risks and platform/product requirements. 


We'd also like it if you had:
•    A thorough understanding of internet, networking and other infrastructure technologies.
•    Programming experience, particularly in Java.

•    Experience of scripting skills (We use Python and Bash but would be happy to consider others like Perl, Ruby, PowerShell, etc.) 

•    Experience of working with containerisation tools - especially Kubernetes and/or Docker 

•    A mindset of continuous improvement and desire to be an ambassador for change - it’s not just about getting the task done it’s about making things simpler and easier in the future.
•    A love of learning – you’ll like to maintain a good knowledge of technologies and techniques in a field that is constantly evolving
•    A curiosity and hunger to find out things where things may not be so easily accessible.



Our name may not be familiar, but you probably use our services every single day – ever visited a website ending in a .uk? We’ve been running the national internet namespace for a quarter of a century, sitting proudly at the heart of the UK's critical digital infrastructure. Such a responsibility requires world-leading cyber security and we’ve gaining a reputation for our innovative new security solutions, protecting our own systems and beyond.

But we’re also a profit with a purpose business. We invest in making a positive impact of the lives that are being most disrupted in our digital age: young people. We’re known as one of the UK’s leading ‘tech for good’ funders and the commitment to building a connected, secure and inclusive digital future drives everything we do. It’s not just rhetoric – ask our staff.


Our focus is on keeping teams connected and engaged whether we're in the office or working from home, putting people’s wellbeing first.  We operate a hybrid way of working, balancing time between the office and home. 


All qualified applicants will receive consideration for employment without regard to race, colour, age, disability, religion, gender or sexual orientation. Our work connects people from across the globe and we want to reflect that in our workplace. Everybody is accepted and valued here, and we are a team that works as one towards our goals. We recognise that diverse teams make strong teams and we encourage people from all backgrounds to apply.

Job Segment: Developer, Java, Technology