About Motorway

Motorway is the UK’s fastest-growing used car marketplace - our online-only platform connects private car sellers with thousands of verified dealers nationwide, ensuring everyone gets the best deal. Founded in 2017, our award-winning, technology-led approach has redefined the experience of selling a car. Motorway is backed by some of the world’s leading technology investors, having raised £143 million in Series C funding.

This is a unique opportunity to join a fast-growing scale-up at a crucial phase of growth and help change an industry for the better.

About the role
Motorway is rapidly growing its technology team and business, and we are looking for a Developer Experience Security Engineer to help enable a secure, scalable, and frictionless developer experience across Motorway.

We have recently built and rolled out a new container platform on top of AWS Fargate, and are currently enhancing our observability, reliability, and developer-focused tooling, and developer-focused tooling. We will continue to build and evolve secure, standardised platform capabilities that reduce cognitive load and help teams ship faster with confidence.We will continue to build and evolve secure, standardised platform capabilities that reduce cognitive load and help teams ship faster with confidence.

This role will act as a bridge between the Developer Experience team and Security Operations team, ensuring security strategy is embedded into platform abstractions, tooling, and defaults.This role will act as a bridge between the Developer Experience team and Security Operations team, ensuring security strategy is embedded into platform abstractions, tooling, and defaults.

As a Security Developer Experience Security Developer Experience Security Engineer, you will ensure that security is built into how engineers build, deploy, and operate software, making the secure path the easiest path you will ensure that security is built into how engineers build, deploy, and operate software, making the secure path the easiest path

The role will involve:

• Design, implement, and maintain secure-by-default platform capabilities (e.g. IAM patterns, network primitives, secrets management, runtime protections, encryption) that are easy for product teams to adopt.Design, implement, and maintain secure-by-default platform capabilities (e.g. IAM patterns, network primitives, secrets management, runtime protections, encryption) that are easy for product teams to adopt.).

• Build automated security checks, guardrails, and visibility that continuously assess risk and reduce the need for manual security audits.

• Collaborate with engineering to embed secure software development practices into CI/CD pipelines, templates, and shared tooling s(Shift left and Secure by design principles).

• Reduce manual work (toil) for the technology and Security Operations Team using automation (e.g. scripting, workflows, tooling).

• Ensure platform-level security telemetry, logging, and monitoring are consistent, high-quality, and provided as a standard capability for all teams.

• Define and implement platform-wide security use cases (e.g. SIEM detections, alerts, and signals) that scale across teams without bespoke configuration

• Work as part of a virtual SOC with the Security Operations Team to support in security incident response.

• Stay up-to-date with the latest security trends and best practices.

• Enable secure engineering practices through documentation, examples, platform defaults, and targeted training where appropriate.

• Help translate security policies and standards into practical, enforceable platform patterns and guardrails..

Requirements

We encourage you to apply, even if you might not meet all the requirements. You’ll be directly reporting to an Engineering Manager, who will help mentor and guide you in your career.

• Proven experience as a Platform engineer, Developer Experience engineer, or similar role focused on enabling other engineers.

• Proven experience working with Containers and serverless with Infrastructure as code.

• Good knowledge of AWS cloud security best practices and tooling

• Technical knowledge of best practice security for networks, systems, web applications, APIs and databases.

• Good understanding of secure software development practices.

• Familiarity with security tools and technologies, such as SIEM, IDS/IPS, WAF and vulnerability scanners.

• Knowledge of common adversarial Tactics, Techniques and Procedures (Mitre Att&ck TTPs).

• Knowledge of security standards and frameworks (e.g. ISO27001, NIST CSF) is beneficial.

• Relevant security certifications (e.g. GCLD, Security+, AWS/GCP Security Certifications) are a plus.

• Excellent problem-solving and analytical skills.

• Strong communication and collaboration abilities

Benefits

• A competitive salary

• BUPA health insurance

• Discounted gym membership through BUPA

• OnHand volunteering membership and one paid volunteering day per year

• Hybrid working

• Pension scheme

• Motorway car leasing scheme - lease a zero-emissions electric vehicle at a significant discount

• Enhanced parental leave - We offer enhanced maternity pay (26 weeks of full pay) and enhanced paternity pay (4 weeks of full pay) to eligible employees.

• Workplace nursery scheme

• Regular social events

• Cycle to work scheme

Equal opportunities statement

We are committed to equality of opportunity for all employees. We work to provide a supportive and inclusive environment where people can maximise their full potential. We believe our workforce should reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

We welcome applications from all individuals regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.