Senior Security Engineer

The Role

As Senior Security Engineer, you’ll embed security throughout the product lifecycle, from design to deployment. You’ll drive secure development standards, threat modelling, and security testing across a complex and fast-moving environment. This role sits at the intersection of engineering and security, ensuring that financial products are built to withstand evolving threats while enabling development teams to deliver at pace.

Key Responsibilities

Secure Development Lifecycle (SDLC)

• Design and implement secure software development practices
• Embed security checks and controls into CI/CD pipelines
• Establish security quality gates and coding standards (aligned with OWASP)
• Code Review & Testing

Threat Modelling & Risk Assessment

• Lead threat modelling sessions (STRIDE, PASTA or similar)
• Create threat models for new products and architecture changes
• Identify attack vectors across web, mobile and API layers
• Translate findings into security requirements and test scenarios

Platform Security

• Mobile: Apply MASVS standards and platform-specific security guidelines
• APIs: Enforce best practices for authentication, input validation and rate limiting
• Ensure secure session management and data storage

Security Tooling & Automation

• Build and maintain automated security pipelines
• Integrate tools with GitHub Actions and other CI/CD processes
• Implement vulnerability tracking, secret scanning and dependency checks
• Create security dashboards, reports and remediation workflows

Developer Enablement

• Build secure coding guidelines across multiple stacks
• Develop and scale a security champions programme
• Deliver training sessions on platform-specific risks
• Provide hands-on guidance during security incidents

Requirements

Technical Expertise

• 5+ years in application/product security roles
• Deep knowledge of vulnerabilities across web and mobile environments
• Hands-on experience with modern frameworks (React, Angular, ReactNative, Flutter)
• Experience with security tooling and automated testing

Security Knowledge

• Experience with threat modelling frameworks
• Familiarity with OAuth2, OIDC, WebAuthn and related protocols
• Understanding of PCI-DSS, PSD2 and SCA requirements

Professional Skills

• Background in financial services or other highly regulated industries
• Ability to explain risks and solutions clearly to developers
• Collaborative, pragmatic approach balancing speed and security

#J-18808-Ljbffr…