Senior Security Engineer

Richmond United Kingdom
Contract Type:
Schedule Type:
Full time
Job ID:

Top 100 Employers and among the World’s Most Innovative Companies. With over 7,000 technologists across the group, RELX offers solid opportunities for progression and learning.

RX Global Technology is leading business transformation in a dynamic and fast changing industry. This is an exciting and growing team, delivering high profile programs that facilitate millions of meaningful business connections, drive increased customer value and enable more productive working across our truly international business.

We value an agile approach, a growth mindset and an entrepreneurial spirit. In return, we offer a competitive salary, great benefits, flexible working, and you will be supporting our 520 shows in 43 industry sectors and 30 countries, producing events like Comic Con and Gamer Network among many others. 

The Challenge

We build new capabilities to support our global events creating a marketplace connecting Exhibitors (Sellers) and Visitors (Buyers). The senior software engineer works as part of a highly motivated, collaborative, enthusiastic, distributed cross-functional team.  Using a modern tech stack, Agile & DevSecOps principals to create services that are of high quality and can deploy changes to production with confidence, safely and reliably.

Proactive thinking about security early and often. Working collaboratively with ISMs, Product Owners, Technical Leads and Engineering Managers to validate and ensure delivery teams create a services ecosystem that is secure. You will provide technical leadership, researching and producing technical guidelines and documentation in-line with RELX and industry best practices. You will partner with other external teams to align on goals and support continuous improvements. Develop and implement technical solutions to enhance the security testing, monitoring and using measurements to report on security posture.

We are looking for a SME who is able to come up with creative solutions, make continuous improvements and is passionate about embedding application and information security into the daily operations of a product organisation. Be confident in the security considerations for the implementation, maintenance and support of the software within a cloud-based infrastructure. Translation of policies to standards and their implementation to ensure compliance with Security protocols. Provide expert advice and raise risks to the wider Digital organisation on security concerns. Continually monitor the effectiveness of security policies and promote improvements when necessary.

Key Responsibilities

You are responsible for adding value and creating business impacts for RX Globals Digital Product Teams in the following areas:

  • Security: The focus is on ensuring suitable secure testing happens through the SSDLC, RELX & RX security policies are upheld, relevant security controls and standards are included within the design and requirements processes for developed services, and security awareness provided to all engineering staff
  • Excellence: The focus is on simplifying, innovation, clean design, efficiency, streamlined operations, delivery and risk analysis, high quality, reliable, secure solutions and long-term sustainment.
  • Teamwork: The focus is on collaboration, communication, support, being SMEs, continuous improvement, having a collective shared responsibility for solutions, and delivering outcomes.
  • Problem solving: The focus is on having a questioning mind-set, utilising systems thinking that enjoys investigating, taking action and feeling responsible for delivering results


  • Excellent communications skills, and have provided security awareness workshops
  • Working with Agile delivery and projects teams to ensure security best practices are baked into the ways of working
  • Experienced in Application and Information Security Architecture, risk assessments, supply chain analysis and auditing, vulnerability, penetration and DDoS testing, threat modelling, design and architecture of security principles for applications, APIs, Data and communication protocols
  • Detailed knowledge of application and information security testing tools (static, dynamic and web/api/mobile vulnerability scanning), standards and OWASP guidelines and security testing throughout the product development lifecycle
  • Experience selecting and implementing new tools to support security practices and handling 3rd Party Supplier Security Assurance assessments
  • Experience of and technically competent to script & code solutions and integrations in a CI/CD pipeline
  • Technically competent, able to code to a reasonable standard (with dynamic and/or static typed languages)
  • Experience of working in a mixed OS, Cloud, SaaS, Web, API and Mobile Application environments
  • Excellent understanding of NIST cybersecurity framework, SAS70 and/or other standards
  • Developing technical standards, processes and best practices to support security policies
  • Knowledgeable of relevant legal frameworks, licensing and data protection rules
  • Keeps up to date and knowledge of current and emerging cyber threats
  • Actively participating in the wider Infosec community.