Share this Job

Principal Security Engineer

Date: 19-Jul-2021

Location: UXBRIDGE, GB

Company: Telefonica S.A.

giffgaff is a little different to your `normal` telecoms company. It’s a mobile business run by its members. Sounds interesting? It is.


We may be a small company, but we like to think big and take a different approach to telecommunications. At the heart of it, we believe in mutuality and simplicity. A better way to do mobile. We'd rather our members stay with us because they want to, not because there's a nasty contract forcing them to. It's why we work our socks off every day to keep them and guess what? It works. We're uSwitch Network of the Year 2021.


giffgaff is a fast growing mobile network. Our business model is unique - we take a highly collaborative approach with our members who help (and are rewarded for helping) across all areas of the business. Our vibrant online community, online platform and immense value proposition are key to our success. We do not have a retail footprint or expensive call centres, so we can pass these savings straight on to our members in a way that no other telecoms business does.


Our wonderful gaff is located in Uxbridge, in the west of London, but if a commute to that part of the country isn’t warming your cockles - please don’t be put off applying for this role.


The world has changed - particularly when it comes to ways of working. This role is 100% work from home, but we’ll ferry you in a few times a year from wherever you are in the UK for team or company days, or our famous giffgaff summer and Christmas celebrations.


About Us


Software engineering is at the heart of what we do here at giffgaff - our agile engineering teams build and support a set of applications and services that combined create our unique user experience on the giffgaff website, enable our internal teams to work in the most productive and efficient ways and enable a whole range of awesome features via modern APIs.  We have a Continuous Deployment mindset and release our software regularly with little to no delay between commit and deployment.  Last year we did around 12,000 production releases.


The security of our software is very important for us, particularly in such a change focused environment and we’re looking for someone with real world experience of transforming organisations to a DevSecOps approach in a Continuous Deployment environment. You will help us build out our security platform that gives our engineering teams great visibility over the security posture of their applications; you’ll work closely with our platform and product teams evangelising security and encouraging a security mindset within engineering; you’ll support the teams with your security domain expertise and educate them; you’ll help shape our SDLC to make sure that security is at the heart of it and own the successful adoption of DevSecOps across our teams.

About You

We are looking for security specialists with a background of working with agile software engineers.  You’ll have passion and energy, a strong desire to learn and improve and a commitment to excellence.  You’ll be happy evangelising security and get a kick out of inspiring engineers.


You’ll have to make tough decisions, implement best practice, and provide compromises when situations are not ideal.  Oh, and you’ll need to explain that to people, not just the technical ones, because we work in product teams where not everyone is a techie. It’s fun, you get closer to the business, and know more about why we do what we do, not just how.


Our core technologies are Java, PHP & Python & React, and we like our engineers to be XP developers with a full-stack attitude. We’re looking for people who are comfortable with using a variety of frameworks, languages & tools and are happy to pick up new skills when the need arises.


Key Responsibilities

  • Technical Leadership
    • Implement consistent DevSecOps practices for the giffgaff Technology organisation
    • Provide expertise in threat modelling and security design reviews with engineering teams
    • Using your expertise get hands-on with the product teams to resolve complex security issues
    • Develop and support development of our automated security platform.
    • Improve secure coding practices, security metrics and training
    • Further develop our penetration testing strategy
    • Maintain a current understanding of the latest progressive industry practices for secure software development
  • Line Management
    • Support, coach and develop high performing security engineers through regular 1:1s, setting & tracking objectives and managing performance
    • Be responsible for the overall engagement of your team, ensuring that everyone is aware of the company, department and team purpose and the role they play
    • Understand the aspirations and career paths of your team of security engineers, assist with the preparation of personal development plans and provide support & training as necessary
    • Ensure that your team is resourced appropriately and be accountable for recruitment of security engineers within your team




This is a chance to work for one of the most sought after UK companies, highly regarded for its community model. In return for your outstanding efforts, you’ll be rewarded with a competitive salary and excellent benefits. We believe that hard work should be supported and recognised. This position plays an important role across the business, allowing you to work cross functionality, take on more responsibility and gain experience, which will greatly benefit you in the future.