Threat Engineering & Application Security Lead

What you become a part of

Join Coca‑Cola Europacific Partners (CCEP) as a key leader within our BPT Service Delivery & Security organisation. You will be part of the CISO Leadership Team, shaping and driving our cybersecurity strategy across Europe.

In this role, you will lead the Threat Engineering & Application Security function, ensuring our platforms, applications and tooling remain resilient, modern and aligned to an evolving threat landscape. You will collaborate with talented engineering, architecture, operations and project teams to help safeguard CCEP’s information, strengthen detection and prevention capabilities, and advance our approach to application security across IT and OT environments.

You’ll also play an important role in developing our people, building engineering excellence and fostering a culture of continuous improvement, innovation and technical mastery.

What you will do

As the Threat Engineering & Application Security Lead, you will:

Strategy & Leadership

• Define and deliver the Threat Engineering & Application Security strategy in alignment with the CCEP BPT strategy and security policies.
• Provide subject‑matter input to the CISO Leadership Team on cybersecurity priorities, tooling strategy and emerging risks.
• Lead, coach and develop a high‑performing team, ensuring strong technical capability, clarity of direction and high engagement.
• Act as secondary leader for SOC operations, supporting the SOC Lead when required.

Application Security Ownership

• Own the end‑to‑end Application Security programme, including penetration testing, API security, secure development practices and vulnerability identification.
• Govern and oversee application security testing across all critical platforms and services.
• Review and approve solution designs to ensure alignment with security architecture, secure coding standards and regulatory requirements.

Threat Engineering & Tooling

• Manage the lifecycle, optimisation and value realisation of all security tooling, ensuring solutions remain effective, tuned and integrated.
• Lead threat‑driven enhancements to detection, visibility and resilience across IT and OT landscapes.
• Define AI‑security technical controls for application features and integrations.
• Develop and enhance automation for threat engineering, security tooling and application security workflows.

Governance, Compliance & Supplier Management

• Own relevant security policies, standards and procedures related to security tooling and application security.
• Monitor compliance with internal security policies, external regulations and audit requirements, and lead remediation efforts.
• Oversee third‑party security assessments, ensuring supplier compliance and risk mitigation.
• Conduct technology and vendor evaluations to support continuous improvement.

Financial & Operational Management

• Manage budget planning and reporting for the unit, ensuring optimised investment in security solutions.
• Collaborate with BPT teams to enable secure project delivery, technical integration and operational excellence.

What we expect from you

Experience & Qualifications

• Extensive experience (10+ years) in IT Security with progressive responsibility.
• At least 5 years of hands‑on experience with security tooling, architecture and project delivery.
• Degree in Business Administration, Information Management or comparable discipline; a Master’s degree in IT is an advantage.
• Relevant cyber security, cloud, or vendor-specific certifications are beneficial
• Experience leading and developing teams, ideally in international or matrix environments.
• Strong experience in IT service operations and security processes.
• Background in supplier management, sourcing strategies and budget planning.

Technical Skills

• Solid understanding of network protocols, cloud architectures, firewalls, IDS/IPS, encryption and related technologies.
• Experience with security tooling such as EDR, SIEM, email security, automation platforms and attack surface management.
• Strong knowledge of logging, monitoring, incident detection and incident handling.
• Solid understanding of Application Security tools and processes
• Deep understanding of security architectures, threat detection and prevention, SOC operations and OT security tooling.

Personal Skills

• Ability to shape strategy, lead change and translate vision into action.
• Strong communication and presentation capabilities, engaging stakeholders across all levels.
• Creative and solution‑focused mindset with a commitment to continuous improvement.
• Fluent in English; additional European languages (German, Spanish, French) are an advantage.