Relx Group

Consulting/Principal Security Engineer

Relx Group$104K — $174K *
Raleigh, NC 27610In-Person
Information Technology
5 - 7 years of experience
3 weeks ago
Job Overview by Ladders

Qualifications

  • 7+ years in application security or security-focused software engineering
  • Experience with threat modeling in complex, distributed systems
  • Strong knowledge of web application and API security vulnerabilities
  • Hands-on experience integrating security tools into developer workflows
  • Proficient coding skills in languages like Python, Java, Go, or TypeScript
  • Experience with compliance requirements in regulated industries
  • Ability to effectively communicate security findings to leadership
  • Collaborative mindset supporting business innovation.

Responsibilities

  • Provide strategic technical guidance on organizational security practices.
  • Research and translate emerging threats into actionable security measures.
  • Own technical escalations requiring deep expertise in security.
  • Design and evolve secure software development lifecycles and processes.
  • Integrate security tools into CI/CD pipelines to enhance developer experience.
  • Build security champions programs to foster collaboration with developers.
  • Lead security reviews on AI-powered features and evaluate associated risks.

Benefits

  • Access to location-specific benefits and well-being support.
  • Potential annual incentive bonuses based on performance.
Full Job Description
What You'll Actually Be Doing

Setting Direction, Not Just Following It
  • Provide strategic and tactical technical guidance that shapes how we approach security across the organization - with real input into leadership decisions
  • Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep
  • Own escalations that require deep expertise - you're the person the team calls when things get interesting


Secure SDLC & AppSec Program
  • Design and evolve our secure software development lifecycle - threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together
  • Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around
  • Build and run security champions programs that make developers your allies, not your adversaries
  • Track what's working with real metrics and communicate risk clearly to technical and non-technical audiences alike


AI / LLM Security
  • Lead security reviews and threat modeling for AI-powered features - LLMs, RAG pipelines, vector databases, agentic workflows, the works
  • Get hands-on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use
  • Evaluate AI tools and APIs being introduced into the SDLC - not just for security risk, but for how they change the attack surface entirely
  • Define internal standards for building AI-integrated applications responsibly, so our teams can move fast without leaving the door wide open
  • Use AI-powered security tooling yourself - we expect you to be fluent in the tools reshaping how AppSec work gets done, not skeptical of them


Creative Problem Solving at Scale
  • Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data - efficiently, not bureaucratically
  • Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets
  • Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl


At the Principal Level, additionally:
  • Shape multi-year technical strategy for the AppSec program and influence engineering organization-wide
  • Serve as a go-to authority on AI/LLM security for senior engineering and product leadership
  • Mentor the next generation of security engineers and raise the bar across the team


What We're Looking For

Must-Haves
  • 7+ years in application security, security-focused software engineering, or a closely related discipline
  • Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems
  • Strong command of web application and API security vulnerabilities and how to actually fix them - not just how to find them
  • Hands-on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows
  • Enough coding ability (Python, Java, Go, TypeScript, etc.) to meaningfully review code for security issues and build lightweight automation
  • Experience working in or alongside a regulated industry with real compliance requirements
  • The ability to write a clear, compelling security finding - and explain it to a VP without losing them
  • Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.


Strong Differentiators
  • Practical experience securing AI/ML systems or LLM-integrated applications - this is increasingly central to the role
  • Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents
  • Experience building developer security education or security champions programs that actually stick
  • Cloud security depth (AWS, Azure, or GCP) - IAM, workload security, IaC hardening
  • Container and Kubernetes security experience


Great to Have
  • Offensive security background that informs how you think defensively
  • Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent
  • Prior experience in legal research or AI workflow
U.S. National Base Pay Range: $104,900 - $174,700. Geographic differentials may apply in some locations to better reflect local market rates.This job is eligible for an annual incentive bonus.
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

About Relx Group

RELX Group is a global provider of information-based analytics and decision tools for professional and business customers. The company operates in four market segments: scientific, technical and medical; risk and business analytics; legal; and exhibitions. RELX's products and services include electronic databases, online information services, workflow tools, and print and digital books. The company was founded in 1993 and is headquartered in London, England.
Learn more about Relx Group
Size
33,500 employees
Market Cap
$53.1 billion
Industry
Retail & Consumer Goods
Net Income
$1.2 billion
Founded
2018
5 Year Trend
+1%
Revenue
$7.1 billion
NASDAQ
RELX
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Relx Group

  • Relx Group
    Software Engineer III
    $89K — $105K *
    Alpharetta, GA 30022 (Fulton County)
    Yesterday
    Information Technology
    In-Person
  • Relx Group
    Senior Site Reliability Engineer I
    $131K — $158K *
    Alpharetta, GA 30022 (Fulton County)
    Yesterday
    Information Technology
    In-Person
  • Relx Group
    Program Manager
    $115K — $192K *
    Alpharetta, GA 30022 (Fulton County)
    4 days ago
    Finance & Insurance
    In-Person
  • Relx Group
    Product Owner
    $80K — $100K *
    Philadelphia, PA 19120 (Philadelphia County)
    4 days ago
    Enterprise Technology
    In-Person
  • Relx Group
    Senior Data Scientist II
    $175K — $183K *
    Norwalk, CT 06854 (Western Ct County)
    4 days ago
    Information Technology
    In-Person

More Information Technology Jobs

Find similar Consulting/Principal Security Engineer jobs:

NationwideRaleigh, NC