Lead Information Security Engineer- Moata Platform

Mott MacDonald

Location: England

Job Type: Full time


Do you want to work for a company whose purpose is to improve society by considering social outcomes, and to transform businesses, communities, and opportunities for it's employees? Mott MacDonald is a global consultancy whose people do exactly that.

Mott MacDonald Digital Ventures is at the heart of this revolution - transforming infrastructure at speed by connecting innovation to outcomes. We work across the globe with some of the biggest and most progressive clients, on the most exciting projects. We exist to empower lasting industry transformation, enable engineering innovation on demand through our Moata platform, and drive transformational growth through our partnerships - bringing the best ideas and innovations together.

A bit about the team
Our dynamic and diverse team ranges from information consultants, investment analysts through to product managers, software developers, data scientists and everything in between. At Digital Ventures we're not short on ambition, and we want our people to have genuinely exciting and fulfilling careers full of equal opportunities for growth, with a real sense of purpose through meaningful work and meaningful relationships.

As lead information security engineer within our Moata business, you will join our growing software engineering team focused on modernising Mott MacDonald's delivery to our clients through cross-cutting technology grounded in our Moata Platform. our primary focus will be software development policy and procedures to support our secure by design principles.

You will lead our security working group and assess our software development lifecycle against best practices and known security frameworks such as OWASP or Microsoft SDL.
Through the security working group, you will direct the establishment of a set of practices that cover all aspects of application development, from design to deployment, and create robust application security program. The security program will be directly sponsored by the Moata CTO with the aim to improve application security culture and reduce the requirement for a large-scale application security team.

What you will contribute to the team;

  • Lead our security working group and advocate security and secure practices through the Moata platform team
  • Perform technical security assessments, high level design reviews and vulnerability testing to highlight risk, helping Moata product teams to improve security.
  • Work closely with our principal engineers to design and build proactive methods to mitigate security vulnerabilities
  • Support automation of security verification and testing practices for all applications.
  • Identify metrics and measure the effectiveness of the overall security program to support compliance and regulatory accreditations such as ISO 27001 and 27034.
Candidate Specification :

Required for the position of Lead Information Security Engineer- Moata Platform;

  • Strong written and presentation skills with a high degree of comfort communicating security risk with executives, product managers, domain experts and software engineers.
  • Solid knowledge in infrastructure and cloud computing technologies
  • Demonstrated ability to adapt to new technologies and learn quickly
  • Excellent understanding of application development methodologies
  • Excellent analytical, planning, organizational and technical and skills
  • Good knowledge of various aspects of an enterprise technology architecture like business, information, data, network, and security
  • Knowledge of backend and frontend development languages such as SQL, C#, Python, JavaScript (TypeScript, ES6+) and MVVM like frameworks such as React + Redux
  • Knowledge of information principles and processes
  • Fluent written and verbal communication skills in English.

Preferred, but not required

  • University Degree in Computer Science, a related technical field, or equivalent practical experience
  • Experience in application-level vulnerability testing and code-level security auditing.
  • Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography.
  • Relevant work experience in pen testing and/or fuzzing.

If you meet 80% or more of what we're looking for, please still apply. We understand not everyone will meet all the requirements, but you might have skills we didn't know we need.


You’ve got this!