Principal Cyber Security Engineer

Dunelm • Remote • 14h ago

Overview

This is a hybrid role based out of our Leicester office.

Home. There’s no place like it.

And there’s no feeling like helping people create the joy of feeling truly at home. At Dunelm, that’s what we do. We’re the UK's number one choice for homewares because we make home life lovelier for our customers. And we’ve crafted a workplace that feels just as welcoming - where you can bring your ideas, be yourself, and feel right at home.

We’re looking for a Principal Cyber Security Engineer to lead and strengthen our Security Operations at Dunelm.

This critical role will take ownership of our Security Operations function and lead both our DevSecOps and SecOps teams, helping to drive a proactive security culture across the organisation. You’ll set the direction for how we build, operate, and secure our platforms, championing a proactive security culture across engineering and operations.

As our senior security technical lead, you’ll influence architecture decisions, strengthen our secure engineering practices, and embed robust controls throughout the development lifecycle. You’ll also drive improvements in detection, response, and operational resilience across all our technology platforms. This is a role for someone who wants to shape strategy, lead talented teams, and make a meaningful difference to how we protect and scale our business.

What you'll be doing

Provide technical leadership and mentorship to DevSecOps and SecOps teams.
Define and implement security standards, policies, and best practices.
Drive secure coding practices and automated security testing within CI/CD pipelines.
Manage incident response processes and oversee threat detection and vulnerability management.
Act the primary security advisor for senior leadership and technical teams

What we'll look for in you

Proven experience in senior security engineering or security architect roles with leadership responsibilities.
Strong knowledge of cloud security (AWS, GCP), network security, and application security.
Hands-on experience with DevSecOps tools (SAST, DAST, container security).
Expertise in operational security, including SIEM, IDS/IPS, and incident response.
Familiarity with compliance frameworks (ISO 27001, NIST, GDPR, PCI-DSS).
Excellent communication and stakeholder management skills.