Senior Security Engineer

Company: Funding Circle UK
Apply for the Senior Security Engineer
Location: London
Job Description:

The role

London (Hybrid) | 2 days in the office | Competitive Salary + Benefits

  • Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
  • Perform threat modelling exercises for cloud‑native applications, microservices, and infrastructure components.
  • Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
  • Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
  • Act as a subject‑matter expert on DevSecOps, application security, and cloud security (AWS), providing guidance and mentorship to other engineers.
  • Contribute to the implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
  • Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.

What we’re looking for

We value deep expertise, but a growth mindset and good energy are what really make our team click.

  • Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC).
  • Champion for Secure Development: Proven track record of defining, implementing, and driving the adoption of SSDLC practices and secure coding standards within engineering teams.
  • Security Automation & CI/CD Integration: Hands‑on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions.
  • Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs.
  • Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS.
  • Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts.

Skills we’d love to see

  • Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode). Relevant advanced security certifications (e.g., AWS Certified Security – Specialty, CISSP, CCSP, OSCP/OSWE).
  • Proficiency in security automation using scripting languages (e.g., Python).
  • Experience working in FinTech or other highly regulated environments.
  • Experience with mobile application security principles and testing.

Why join us?

We back you to build an incredible career and are part of the Sunday Times Best Companies to Work For 2026. As a flexible‑first employer, we use a best‑of‑both approach. We’ll see you in our London office to collaborate – with barista coffee and subsidised lunch.

Our Circler Proposition focuses on five areas:

  • Flexibility: We provide a benefit allowance you can tailor to your control.
  • Health: This includes private medical and dental, health assessments, and access to a digital GP.
  • Wealth: We offer life assurance, share schemes, and financial coaching.
  • Development: You get a dedicated annual learning allowance to help you level up.
  • Lifestyle: We have electric car, cycle‑to‑work schemes, and season ticket loans.

We also have award‑winning parental leave policies to support you through big life moments.

#J-18808-Ljbffr…

Posted: July 10th, 2026