Job Description

Head of Information Security

Position Overview

We're seeking an experienced Head of Security to lead our strategic cyber defence operations, overseeing Cyber Threat Intelligence (CTI), Vulnerability Management, Penetration Testing, and Application Security. This role is ideal for someone with a deep technical background and consulting or product-centric mindset able to guide security teams, engage with clients and product stakeholders, and help shape security solutions, with less direct emphasis on compliance and GRC.

Key Responsibilities

Strategic Oversight

Create and evolve the vision for CTI, VM, Pentest, and AppSec, ensuring alignment with business objectives and growth plans. Define and track KPIs: vulnerability remediation rates, CTI maturity levels, AppSec coverage, pentest deliverables.

Cyber Threat Intelligence (CTI)

Guide OSINT/dark-web research, malware/DFIR integration, and threat actor profiling Develop standard operating procedures (SOPs) and intelligence playbooks to formalize CTI operations . Convert technical threat data into executive-friendly reports for board-level consumption.

Vulnerability Management (VM)

Establish automated scanning, risk-based triage, patch scheduling, and remediation tracking processes. Collaborate with DevOps and SecOps to integrate VM into CI/CD pipelines and monitor live dashboards .

Penetration Testing

Oversee scoping, execution, and reporting for pen-tests; integrate findings into development sprints. Maintain a repeatable and compliant internal/external pen-test calendar and vendor management.

Application Security (AppSec)

Implement secure SDLC practices: code reviews, SAST/DAST toolchains, dependency scanning, runtime protections. Work with engineering/product teams to bake security into feature design and API development.

Incident Response & Integration

Ensure CTI feeds support rapid incident detection and remediation Continuously refine incident response plans with lessons learned.

Client + Stakeholder Engagement

Act as external face: lead due diligence responses, RFP reviews, and security workshops for enterprise/prospect audiences. Provide strategic counsel to executive teams and customer environments.

Leadership & Culture

Recruit, develop, and mentor across CTI, VM, AppSec, and Pentest teams. Launch internal workshops and "red team vs blue team" programs to foster proactive security thinking.

Policy & Compliance

Draft high-level information security policies for the company. Ensure practices support auditors and sync with broad compliance needs (e.g., GDPR, SOC 2).

Qualifications

10+ years in cybersecurity with leadership across verticals. Proven record in client-facing consulting or integration in product security. Technical certifications (OSCP, CISSP, CEH, GIAC, etc.) and cloud-native fluency (AWS/Azure). Exceptional stakeholder engagement and communication skills.

Security Engineering Manager

We're looking for a hands-on Security Engineering Manager to own and scale our security engineering efforts across CTI, Vulnerability Management, Penetration Testing, and AppSec. This role suits product-focused or consulting organizations someone who inspires teams technically and operationally, coaches talent, and embeds security into engineering practices.

Key Responsibilities

Team Leadership & Development

Build and mentor a full-stack security engineering function across CTI, VM, Pentest, and AppSec. Drive recruitment, define career paths, run performance cycles, and foster a learning-oriented environment.

Engineering & Automation

Architect CI/CD-integrated pipelines for vulnerability scans, SAST/DAST, and pentest automation. Build and maintain CTI ingestion platforms, internal dashboards, threat feeds, and alert mechanisms.

Cross-Functional Collaboration

Partner with engineering/product teams to conduct security design reviews, threat modeling, and code review sessions. Embed security gates (SAST/DAST) into development lifecycles and release processes.

Consulting & External Delivery

Lead technical delivery for client security engagements, pen-tests, threat assessments, and advisory sessions. Prepare and lead technical presentations and executive reports for external stakeholders.

Metrics & Continuous Improvement

Define and monitor key metrics (MTTD/MTTR, SLA compliance, VM pipeline coverage, CTI response quality). Use metrics to drive uplift in security program maturity and tooling efficiency.

Tooling & Architecture

Evaluate, implement, and optimize platforms (SIEM, SOAR, CTI feeds, scanner integrations). Drive infrastructure-as-code for security services, ensuring scalability and reliability.

Incident Response Support

Liaise between SOC and CTI during incidents, refining playbooks in real-time. Coordinate post-incident analysis and implement onboarding feedback from CTI/DFIR teams.

Governance & Policy Enablement

Formulate secure development policies and guidelines. Aid in ensuring the team's technical outputs meet basic compliance mappings.

Qualifications

8+ years of security engineering experience, with 3+ years in technical leadership/management. Broad hands-on expertise in CTI tooling, scanner orchestration, pentest automation, and AppSec. Strong technical mentoring and communication capabilities (both technical teams & executives). Professional certifications (CISSP, OSCP, GIAC, CEH, etc.) are a major plus. Comfortable with cloud-native and container-based architectures (Kubernetes, microservices).
Job Types: Full-time, Freelance

Pay: 43,353.04-480,000.00 per year

Additional pay:

Bonus scheme Performance bonus Yearly bonus
Benefits:

Company pension Work from home
Schedule:

Flexitime Monday to Friday
Work Location: Hybrid remote in Newbury RG14 7EA

Reference ID: DEVOPSTER-202506-SECENG