Security Engineer

LOCATION: All UK
PROPOSED SALARY RANGE: £75,000 - £85,000 depending on relevant skills, knowledge 
and experience. The expected salary range for this role reflects internal benchmarking 
and external market insights.

PURPOSE OF THE ROLE
The BBC Information Security Team works with BBC teams around the world to provide 
expert advice, review systems, and deal with threats. We ensure risks are identified, 
managed and mitigated. We are a multi-disciplinary team who work together and with 
the rest of the business to ensure the BBC stays secure and our audience trust is 
protected.
You'll be joining the Security Engineering & Architecture team in Information Security. 
The team's focus is to ensure the BBC’s digital products and platforms are secure by 
leveraging our collective development and security experience. To ensure security 
requirements are considered and implemented, we work with product teams during the 
early stages of the SDLC and provide our expert technical advice to allow them to 
progress effectively. The team also designs, develops and deploys systems and 
processes to help teams understand the risks in their own systems.
Another key part of the team’s function is to foster relationships across the business 
and ensure that security issues are discussed and actioned rather than ignored. The 
team runs a large network of Security Champions across the BBC which focuses on 
awareness and education of technical security topics which helps amplify Information 
Security’s effectiveness. The team also provides technical expertise to other areas of 
the wider Information Security Team and BBC.
WHY JOIN THE TEAM
The BBC reaches over half a billion people online every week. By joining this team you 
will help keep these systems secure. You’ll regularly collaborate with critical BBC 
product teams such as iPlayer, Sounds and News. 
You’ll also get continual exposure to the latest security vulnerabilities, the new 
technologies teams are leveraging and the security considerations around these 
technologies. You’ll also become a key part in helping to evolve our digital security 
strategy and drive transformation within the BBC.
YOUR KEY RESPONSIBILITIES AND IMPACT
Architecture of Systems
- Perform security risk assessments on BBC Digital Product environments at 
various stages of the Software. 
- Development Life Cycle (SDLC) and recommend security enhancements, 
remediation and mitigation strategies.
Digital Policy & Guidance
- Research and understand new security technologies, trends and threats related 
to BBC Digital Products and environments and use this research to provide 
technical and non-technical guidance to both internal stakeholders and 3rdparties. 
- Assist in running the BBC Security Champions network including facilitating 
sessions, engaging with champions, providing guidance around security queries 
and continuing to evolve the network. 
- Support tactical initiatives to secure Digital Product environments for the BBC 
including contributing to Information Security policies, procedures and 
standards
- Develop and maintain relationships with Digital Product key suppliers, Digital 
Product staff, Security Champions and other stakeholders. 
Development
- Peer with the rest of the InfoSec team to design, develop and deploy code for 
systems that assist the BBC InfoSec function and assist BBC teams to 
understand their current risk posture.
Vulnerability Management
- Support the processes around security issues identified in BBC Digital Product 
environments, including assisting with investigation, validation and revalidation.
YOUR SKILLS AND EXPERIENCE
- Familiarity with a least one coding language (e.g., Python, JavaScript, etc) with 
demonstratable experience of taking an active role in both designing and 
implementing digital software projects using these languages. 
- Ability to convey complex technical knowledge and guidance, in written form 
and verbally, to multiple audiences including internal stakeholders and third 
parties.
- Demonstrable ability to break complex problems into tangible parts, self-direct 
required learning and operate in a semi-autonomous manner.
Experience deploying systems and applications from code to a cloud 
environment (e.g. AWS).
- Demonstratable experience of a wide range of technical security knowledge and 
applying this to identify and remediate security issues in digital software 
products. 
DESIRED BUT NOT REQUIRED
- Experience of being involved in a community and taking an active lead in 
organising and facilitating.
- Experience with STRIDE Threat Modelling and mitigating issues from application 
security tooling would be ideal.
If you can bring some of these skills and experience, along with transferable strengths, 
we’d love to hear from you and encourage you to apply.