Job Description

Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni-channel retailer of Sports Fashion, Outdoors and Gyms with our colleagues working in stores across several retail fascias in many markets around the world.

JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been a FTSE100 publicly quoted company since 2019 and continues to grow in the UK and internationally.

We want to be the leading global omnichannel retailer in the sports and outdoor industry. To be a part of this successful company and help us to achieve this you will have the desire to ingrain our strategic goals of being a people-led, innovative and customer-focused organisation which provides operational excellence whilst identifying new areas of growth as part of our day to day objectives.

The Role
We’re looking for a Security Engineer with a strong foundation in cloud security and hands on experience integrating security into modern engineering workflows. You’ll join a collaborative security engineering team, helping to design, build, and maintain secure cloud environments across Azure, AWS, and GCP.
This role is ideal for someone with 5–10 years of IT experience, including exposure to cloud platforms, CI/CD tooling, and application security testing.

What You’ll Be Doing
Cloud Security
• Configure and optimise Microsoft Defender for Cloud, including alert automation using Logic Apps.
• Support the implementation of security controls across Azure, AWS, and GCP.
• Contribute to cloud governance, compliance, and posture management.
DevSecOps & Automation
• Embed security tooling into CI/CD pipelines using GitHub Actions, Bitbucket, CircleCI, and Jenkins.
• Automate security testing and reporting to improve speed and consistency.
• Work closely with engineering teams to champion secure by design practices.
Application Security
• Use SCA, SAST, and DAST tools to identify and manage vulnerabilities.
• Support developers in interpreting findings and implementing fixes.
• Help evolve secure coding standards and best practices.
Operational Security
• Monitor and respond to cloud security alerts.
• Participate in threat modelling and risk assessments.
• Maintain documentation, runbooks, and engineering standards.

What You’ll Bring
• Proven experience as a Cloud Security Engineer or in a similar role e.g. DevSecOps Engineer, Platform Security Engineer.
• Hands on experience with Defender for Cloud or other CNAPP solutions.
• Exposure to AWS and GCP platforms and security services.
• Experience integrating security into CI/CD pipelines.
• Familiarity with SCA, SAST, and DAST tooling.
• Strong understanding of IAM, cloud networking, and security fundamentals.
• Clear communication skills and a collaborative mindset.

Nice to Have
• Certifications such as AZ 500, SC 200, AWS Security Specialty, or GCP Security Engineer.
• Experience in large scale enterprise or retail environments.
• Knowledge of container security (AKS, EKS, GKE).

Why Join Us
• Work with modern cloud platforms at enterprise scale.
• Influence security engineering practices across a major retail organisation.
• Opportunities for professional development and certification support.
• A culture that values curiosity, collaboration, and continuous improvement.
If this sounds like your next step, we’d love to hear from you.

We know our colleagues work tirelessly to make JD Sports the success it is today and in turn, we offer them some amazing benefits including staff Discount On JD Group and other brands within the organisation and personal development opportunities to learn and develop at work.

Thank you for your time

#JD