Rodeo
ResourcesPartnersSign in

Financial Times

Cyber Security Engineer

Sofia
Posted about 21 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

About Us

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing. Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere. Build a newsworthy career at the FT.

Our Commitment to Diversity, Equity and Inclusion

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

The Role Overview

We’re looking for a Cyber Security Engineer to help improve application security across the FT’s cloud-native technology estate. This is a hands-on role focused on making secure engineering easier for product, platform and software engineering teams.

Application security experience is essential for this role. You’ll help improve developer-friendly security guardrails across GitHub-based CI/CD pipelines, application repositories and engineering workflows. This includes working with SAST, software composition analysis, secret scanning, vulnerability management and secure coding guidance so that security findings are clear, actionable and owned by the right teams.

You’ll work closely with engineers to support practical threat modelling, triage application vulnerabilities, improve security playbooks and help teams remediate issues in a pragmatic way. You do not need to be a deep AWS or cloud security specialist, but some exposure to AWS, cloud security or infrastructure-as-code security would be useful.

We’re looking for someone with practical AppSec experience who wants to grow their impact - someone who enjoys working with engineers, improving tooling and helping security become part of normal delivery rather than a last-minute checkpoint.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

What you’ll bring to the role

  • Application security experience: practical experience identifying, explaining and helping remediate application security risks in modern engineering environments.
  • Developer-friendly security mindset: you enjoy working with engineers, explaining risks clearly and helping teams adopt secure practices without unnecessary friction.
  • Vulnerability management experience: experience triaging and tracking application vulnerabilities from sources such as SAST, dependency scanning, secret scanning, penetration tests, bug bounty reports or third-party advisories.
  • CI/CD and code security awareness: familiarity with security tooling in development workflows, such as SAST, software composition analysis, secret scanning or repository security controls.
  • Threat modelling awareness: experience participating in, supporting or facilitating lightweight threat-modelling sessions for applications, services or new features.
  • Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce manual effort, improve visibility or make security workflows easier.
  • Cloud security awareness: Some exposure to AWS, cloud security or infrastructure-as-code security would be useful, but is not essential.
  • Growth mindset: willingness to keep developing across application security, cloud security, secure development and modern engineering practices.

Required Experience, Essential

  • Practical experience in application security.
  • Experience working with software engineers to explain and remediate security issues.
  • Familiarity with common web application security risks and secure coding practices.
  • Experience with vulnerability triage, prioritisation and remediation tracking.
  • Experience using or interpreting findings from tools such as SAST, software composition analysis, secret scanning or similar.
  • Experience participating in or supporting threat-modelling activities.
  • Ability to write scripts or small tools, ideally in Python, to automate tasks or improve visibility.
  • Strong communication and collaboration skills.
  • Familiarity with Agile or Scrum ways of working.

Desirable

  • Exposure to AWS security, cloud security or infrastructure-as-code security.
  • Experience with Terraform or CloudFormation.
  • Experience with container or Kubernetes security.
  • Experience with bug bounty, penetration testing or security testing programmes.
  • Experience with Splunk or similar logging/SIEM platforms.
  • Exposure to AI security, such as LLM-enabled applications, AI-assisted development workflows or prompt/data leakage risks.
  • Experience building dashboards, metrics or reports to support vulnerability management.
  • Relevant security certifications or training, such as AWS security training, secure coding training, GIAC, ISC2, CREST or equivalent practical experience.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

What’s in it for you? Our benefits

Our benefits vary by location but we are committed to providing best-in-class perks across all our offices. These include generous annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the community. Full details of our benefits are available here.

We currently operate a hybrid model which requires staff to work onsite 50% of the time, subject to role requirements & regular review. While flexible working requests will be considered, not all patterns are suitable for all roles. We believe this balanced approach supports flexibility and protects our culture, making collaboration and communication easier, building stronger relationships and team cohesion, and supporting peer learning. We reserve discretion on reasonable notice to change this approach either generally or for specific individuals or teams.

Accessibility

We are a disability confident employer and Valuable 500 signatory.

Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help.

Further information

At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all information provided is authentic and accurately represents your skills, experience, and qualifications.

Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent hiring process for all.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Security
Vulnerability Management
SAST
Software Composition Analysis
Secret Scanning
Threat Modelling
Python
CI/CD
AWS
Infrastructure-as-Code
Secure Coding
Agile
Scrum
Triage
Automation
Cloud Security

Location

Sofia, Sofia-City, Bulgaria

Sign up to applySee more jobs like this