Arbor

Arbor

Arbor is the leading cloud MIS provider in the UK, empowering schools and MATs to collaborate effectively, save time, and enhance pupil achievement through centralized data management and insightful analytics.

IT Services
51-250

Description

  • Collaborate with stakeholders to identify security improvements across platform architecture and infrastructure and implement strategic plans.
  • Work with the Platform team to embed security processes, controls, and tooling across system components.
  • Threat model new and existing systems, including AI/LLM-enabled features and agentic workflows, and turn findings into prioritized work.
  • Strengthen the software supply chain through dependency hygiene, SBOM generation, artefact signing and provenance, and pinning third-party actions and packages.
  • Secure the use of AI across the SDLC by keeping agentic coding tools, assistants, and MCP integrations within safe, auditable boundaries.
  • Contribute to deployment frameworks with a focus on security, deployment speed, and system stability.
  • Improve platform security through strong secrets management and safe handling of sensitive information.
  • Participate in incident response, resolution, and blameless post-mortems to support continuous improvement.
  • Share knowledge through tech talks and team learning sessions.
  • Maintain detailed documentation, including playbooks, runbooks, and systems documentation.

Requirements

  • Extensive experience in cyber security and related engineering practices.
  • Experience with vulnerability management and remediation at scale.
  • Proven DevOps or DevSecOps engineering experience on large-scale platforms.
  • Strong knowledge of distributed cloud systems, especially Amazon Web Services.
  • Hands-on experience with Infrastructure as Code tools such as Terraform and CloudFormation.
  • Experience programming in PHP, Bash, or Python.
  • Experience with Docker and containerisation, including an understanding of container and runtime security.
  • Experience with software supply-chain security, including SBOMs, dependency scanning, and artefact signing/provenance such as SLSA or Sigstore.
  • Experience with secrets management and detection, such as Vault, cloud-native secret stores, or secret scanning in CI.
  • Experience with security tooling across the SDLC, such as SAST, DAST, SCA, IaC scanning, and container scanning tools like Snyk or Trivy.
  • Experience with policy-as-code and guardrails, such as OPA or Conftest, and an identity-centric zero-trust approach.
  • Familiarity with monitoring and detection tools like DataDog or Prometheus.
  • A proactive problem-solving mindset with strong teamwork and communication skills.
  • Exceptional written and spoken English.
  • Practical understanding of AI and LLM security risks and mitigations, including prompt injection, jailbreaks, insecure output handling, sensitive-data leakage, and excessive agency.
  • Experience securing AI-assisted and agentic development tooling, including permissions scoping, sandboxing, logging, audit, and preventing exfiltration through AI agents and MCP servers.
  • Familiarity with AI threat modelling and adversarial techniques such as MITRE ATLAS, plus the ability to support AI-aware red teaming.
  • Awareness of AI governance and assurance frameworks such as NIST AI RMF and ISO/IEC 42001, especially in relation to data protection for a multi-tenant platform handling children's data.
  • Confidence using AI tooling responsibly to accelerate security work while understanding its limitations.
  • Bonus: experience with enterprise solutions running at scale.
  • Bonus: familiarity with kanban and agile development processes.
  • Bonus: familiarity with software best practices such as refactoring, clean code, Domain-Driven Design, and Test-Driven Development.
  • Bonus: experience with EdTech-relevant compliance frameworks such as NIST CSF, ISO 27001, SOC 2, or UK GDPR.
  • Bonus: relevant certifications such as AWS Security Specialty, OSCP, or AI security/governance credentials.

Benefits

  • Salary of £75,000 to £85,000.
  • Remote working.
  • 32 days holiday including Bank Holidays, made up of 25 days annual leave plus 7 company-wide days over Easter, Summer, and Christmas.
  • Life assurance at 3x annual salary.
  • Comprehensive wellbeing support through AIG Smart Health, including 24/7 virtual GP access, mental health support, counselling, and health checks.
  • Private dental insurance with Bupa.
  • Salary sacrifice pension through Scottish Widows.
  • Enhanced parental leave, including 20 weeks full pay for maternity/adoption leave and 6 weeks full pay for paternity leave.
  • 5 free return-to-work maternity coaching sessions.
  • Access to Calm and financial wellbeing coaching through Bippit.
  • Flexible working arrangements.
  • Dedicated professional development budget for CPD courses, upskilling resources, and professional memberships.
  • One day per year to volunteer with a charity of your choice.
  • Dog-friendly offices.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Endpoint Security Engineering

CallTek 51-250 Internet Software & Services

Endpoint Security Engineer at an unspecified company, responsible for protecting and optimizing endpoint security operations through detection engineering, automation, investigations, and incident support.

Cybersecurity
18 hours ago

Staff Security Engineer, Proactive Security

DoorDash 10K-50K Air Freight & Logistics

DoorDash is hiring a Staff Security Engineer, Proactive Security to lead product security efforts for the Dasher Logistics vertical and help build a safer, more resilient delivery platform.

CI/CD Go Java Microservices
18 hours, 15 minutes ago

Security Engineer | Fully remote

TWO95 International 51-250 Internet Software & Services

A security-focused IT systems administration role at an organization working across multi-cloud environments, responsible for protecting systems, access, and infrastructure security.

AWS Azure IDS Linux Python Ruby SIEM Splunk WAF
18 hours, 15 minutes ago

DevOps Engineer (Client)

Seasoned DevOps Engineer role focused on building, scaling, and improving cloud-based deployment and operational platforms for an enterprise environment at a dynamic team.

Agile AWS Azure CI/CD CloudFormation GCP Git Java Jenkins Node.js Perl Python Terraform
18 hours, 15 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers