Principal Security Engineer (m/w/d)

Job Description

At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

Teamworking for the planet

Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how:

In this individual contributor role, you'll help shape and deliver the strategic vision for OVO's Digital Risk engineering programme. This includes developing automated, data-driven risk assessments, risk quantification and introducing accountability measures such as risk exceptions and capacity monitoring. You'll work both within the immediate team and collaboratively across a wide range of teams throughout OVO.

This role in a nutshell

As a Principal Security Engineer (Risk Specialist) at OVO, you will be a key technical leader responsible for shaping the risk and security engineering strategies. This involves deep hands-on expertise, strategic thinking, guiding architectural decisions, embedding risk practices in code and at scale, and leading the way in solving complex and emerging risk challenges. You will ensure systems are designed with digital risk embedded from development through to runtime, set the direction for critical risk engineering initiatives, champion risk quantification and engineering excellence, and align the digital risk approach with OVO's business goals. You will also be recognised as a trusted person in your field within OVO and the wider risk engineering community, particularly in challenging traditional technology risk approaches and building automated, AI-enabled digital risk management systems.

Your key outcomes will be

• Define Security Strategy & Roadmaps: Lead the definition, refinement, and communication of technical strategies and multi-year roadmaps for key risk engineering capabilities or domains (e.g., zero trust architecture, automated risk discovery and management), aligning them with business objectives, compliance requirements, and the evolving threat landscape.
• Architectural Leadership & Governance: Develop, maintain, and govern secure reference architectures, critical design patterns, and enforceable technical standards. Provide expert architectural consultation and design reviews for the most complex, critical, or cross-functional projects and platforms. Steer technology choices through an expert security lens.
• Solve Top-Tier Risk and Resilience Problems: Challenge the traditional security and tech risk assessment and modelling approach. Tackle the most challenging, ambiguous, and impactful technical risk problems facing the organisation, often requiring deep research, novel solution design, and cross-functional collaboration to resolve systemic issues. Prototype, evaluate, and champion innovative security and risk solutions.
• Lead High-Impact Risk Initiatives: Build an automated and Al-enabled digital risk management system and use risk quantification to shape decision-making and guide us in prioritising risk responses and control design. Drive the technical vision, architecture, and strategy for complex, organisation-wide risk engineering programmes and transformations (e.g., implementing advanced data protection assessments and controls, maturing risk response capabilities, comprehensive attack surface reduction).
• Organisational Risk Assessment & Strategic Guidance: Serve as a definitive authority on complex digital risk assessments, particularly those with strategic implications. Analyse systemic risks, synthesize complex information, and provide clear, actionable recommendations and strategic security guidance to senior leadership (VP/C-level) and technology executives.
• Champion Advanced Secure Development & Testing: Drive the continuous advancement, adoption, and measurement of mature Secure Development Lifecycle (SDL) methodologies (DevSecOps) and sophisticated security testing strategies (e.g., threat-led penetration testing, fuzzing at scale) across the entire engineering organisation.
• Influence & Strategic Collaboration: Enable OVO to lean into smart risks by building a platform that promotes scalable risk identification. evaluation, impact analysis, risk quantification and risk transparency to increase our confidence in OVO's ability to manage digital risk. Actively influence product management, platform engineering, and business unit roadmaps to proactively incorporate necessary policies and controls as code and address significant technical debt. Build strong, collaborative relationships with senior leaders across engineering, product, legal, and other business functions.
• Mentor Senior Technical Staff & Elevate Practice: Mentor Lead and Senior engineers across OVO in advanced security disciplines, strategic thinking, architecture, and technical leadership. Actively contribute to internal communities of practice, develop training for senior staff, and elevate the overall security engineering practice at OVO.
• Community of Practice:
• Drive the Community of Practice (CoP) for your role by actively leading, cultivating and growing the CoP as a result of your industry engagement and thought leadership.
• Create content, engage in knowledge exchange / cross-pollination to further your craft
• Mentor and coach individuals in the role-based competencies associated with a CoP
• Input to upskilling and learning pathways based on the CoP that will aid individuals' career progression

You'll be a successful Principal Security Engineer at OVO if you...

• Inspire and lead cross-functional teams, driving a culture of excellence and collaboration.
• Think critically and strategically to align security initiatives with business goals.
• Demonstrate excellent verbal and written communication skills, effectively conveying complex security concepts to non-technical stakeholders.
• Demonstrate strong influencing skills to drive security adoption and change across the organisation.
• Apply advanced problem-solving and analytical skills to address complex security challenges.
• Anticipate and adapt to changes in the internal and external business context and evolving security landscapes and emerging threats.
• Dedicate time and thought to mentoring and developing other senior security professionals and technical leaders.
• Exhibit a drive to find novel, effective, and potentially unconventional solutions to hard security problems.
• Are recognised internally and potentially externally as an expert and forward-thinker, contributing to security communities or publications.
• Are able to balance security ideals with practical business/engineering realities to achieve tangible outcomes.
• Demonstrate a keen understanding of how security enables and impacts broader business objectives, strategy, and risk management.

Let's talk about what's in it for you

We'll pay you between £105,000 and £138,000, depending on your specific skills and experience.

We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal.

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO...and there's flex pay. We'll give you 9% Flex Pay on top of your salary - 4% of this is auto enrolled into your pension, and the remaining 5% is yours to do what you like with. You can use this to buy from our extensive range of flexible benefits, including our green benefits which we've put at the heart of our offering, add to your pension or even take it as cash.

Here's a taster of what's on offer:

For starters, you'll get 34 days of holiday (including bank holidays).

For your health
With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more

For your wellbeing
With gym membership, travel insurance, workplace ISA, will writing services, dental insurance, and more

For your lifestyle
With extra holiday buying, discount dining, home & tech loans, and supporting your favourite charities with give-as-you-earn donations

For your home
Get up to £400 towards any OVO Energy plan, plus great discounts on solar, smart thermostats and EV chargers

For your commute
Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.

Oh, and one last thing...

We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply. We'd still love to hear from you!

If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible.