Principal Software Engineer
Posted 22 hours 53 minutes ago by BBC Group and Public Services
JOB BAND: D
CONTRACT TYPE: Permanent, Full time
DEPARTMENT: Engineering Enablement
LOCATION: Cardiff, Salford, London, Glasgow - Hybrid
PROPOSED SALARY RANGE: up to £82,500 depending on relevant skills, knowledge and experience. The expected salary range for this role reflects internal benchmarking and external market insights.
Join the BBC's Engineering Enablement team to shape secure digital delivery at scale. As a Principal Software Engineer - Security Engineer, you'll embed secure by design practices across cloud platforms and applications, translating InfoSec strategy into real world impact that protects trusted services reaching millions globally.
YOUR KEY RESPONSIBILITIES AND IMPACT- Drive secure by design implementation across infrastructure and applications, ensuring delivery aligns with BBC security policy and architectural guidance.
- Promote secure SDLC practices across engineering teams, collaborating with InfoSec on shared tooling, templates and enablement.
- Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines.
- Act as a bridge between InfoSec and delivery teams - supporting direct collaboration, not acting as a gatekeeper.
- Champion secure development and operations practices, coaching teams and scaling adoption through reusable patterns and guidance.
- You have a strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments.
- You're fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns.
- You've helped teams adopt secure SDLC practices, working closely with central security or architecture groups.
- You've worked with complex, multi tenant cloud platforms - ideally on AWS - and understand shared services, infra as code and central governance models.
- You collaborate naturally, earning trust from delivery teams and central stakeholders alike.
- Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs.
- Reviewed designs and code with a security lens and an eye for policy alignment.
- Navigated delivery in regulated, public service or high trust environments.
- Been involved in incident response or risk assessment processes.
If you can bring some of these skills and experience, along with transferable strengths, we'd love to hear from you and encourage you to apply.
Before your start date, you may need to disclose any unspent convictions or police charges, in line with our Contracts of Employment policy. This allows us to discuss any support you may need and assess any risks. Failure to disclose may result in the withdrawal of your offer.
DISABILITY CONFIDENTWe are a disability confident employer. If you need to discuss adjustments or access requirements for the interview process, or to carry out this role, please contact us by email at .
DIVERSITY, INCLUSION & BELONGINGWe welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio economic background, religion and/or belief. Find out more about diversity, inclusion and belonging in our strategy below.