Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join our Security Team to enhance cloud and application security for small businesses.
- Company: Funding Circle empowers small businesses with fast, hassle-free finance solutions.
- Benefits: Enjoy hybrid working, private medical insurance, and a dedicated learning allowance.
- Why this job: Make a real impact in FinTech while collaborating with innovative teams.
- Qualifications: 3+ years in Information Security with expertise in AWS and secure coding practices.
- Other info: Diversity is celebrated here; all backgrounds are encouraged to apply.
The predicted salary is between 48000 - 84000 £ per year.
We are seeking an experienced Senior Security Engineer to join our dynamic Security Team. In this key role, you will be a key contributor to Funding Circle's cloud and application security posture. You will leverage your deep expertise in AWS security, secure software development lifecycle (SSDLC) practices, and CI/CD security to implement and champion robust security solutions. You will act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our cloud infrastructure and development processes, ensuring the protection of our platform and customer data in a fast-paced FinTech environment.
The role includes:
- Defining, championing, and embedding secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
- Architecting, building, and maintaining automated security controls, tooling, and "security rails" within CI/CD pipelines to ensure secure and efficient deployments.
- Collaborating closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
- Performing threat modelling exercises for cloud-native applications, microservices, and infrastructure components.
- Managing internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
- Overseeing and enhancing vulnerability management processes, focusing on strategic remediation, root cause analysis, and preventative measures.
- Contributing to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
- Designing, implementing, and supporting the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.
- Acting as a subject matter expert on cloud security (AWS), DevSecOps, and application security, providing guidance and mentorship to other engineers.
- Contributing to the incident response planning for complex cloud and application security events.
- Proactively monitoring the threat landscape, evaluating emerging cloud security risks and trends, and translating them into actionable security improvements.
What we’re looking for:
- Significant (3+ years) hands-on experience in Information Security, with a demonstrable deep focus on AWS cloud security and application/product security.
- Deep, demonstrable expertise in designing, implementing, securing, and managing a wide range of AWS security services.
- Proven, hands-on experience architecting, building, and integrating security tooling (SAST, DAST, SCA, secrets management, IAST) and automated security controls within CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions).
- Strong track record of defining, implementing, measuring, and supporting the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering organizations.
- Strong understanding of web application security vulnerabilities (OWASP Top 10 and beyond), attack vectors, and mitigation techniques.
- Significant experience securing Infrastructure as Code (IaC), particularly Terraform, and implementing relevant security checks.
- Solid experience with container security and securing container orchestration platforms (Kubernetes/EKS).
- Proven ability contributing significantly to vulnerability management programs, including advanced triaging, root cause analysis, risk assessment, and strategic remediation planning.
- Strong communication and influencing skills, with the ability to articulate complex security concepts clearly to technical audiences.
- Strong knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS).
- Exposure and knowledge of the MITRE ATT&CK framework.
- Experience effectively coordinating external penetration testing engagements and managing remediation efforts.
Nice to have:
- Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE).
- Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode).
- Proficiency in security automation using scripting languages (e.g., Python).
- Experience working in FinTech or other highly regulated environments.
- Experience with mobile application security principles and testing.
At Funding Circle we are committed to building diverse teams so please apply even if your past experience doesn’t align perfectly with the requirements.
Ready to make a difference? We’d love to hear from you.
Senior Cloud & Application Security Engineer employer: Funding Circle Ltd.
Contact Detail:
Funding Circle Ltd. Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Cloud & Application Security Engineer
✨Tip Number 1
Familiarise yourself with AWS security services and best practices. Since the role heavily focuses on AWS, having a solid understanding of its security features will help you stand out during discussions.
✨Tip Number 2
Engage with the FinTech community to understand current trends and challenges in cloud security. This knowledge can be invaluable when discussing how to enhance Funding Circle's security posture.
✨Tip Number 3
Prepare to discuss your experience with CI/CD security practices. Be ready to share specific examples of how you've implemented security controls in CI/CD pipelines, as this is a key aspect of the role.
✨Tip Number 4
Showcase your mentoring skills. Since the position involves acting as a subject matter expert, think of ways you've successfully guided others in security practices and be prepared to share those experiences.
We think you need these skills to ace Senior Cloud & Application Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience in AWS security, secure software development lifecycle (SSDLC), and CI/CD security. Use specific examples that demonstrate your expertise in these areas.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cloud and application security. Mention how your skills align with Funding Circle's mission to support small businesses and how you can contribute to their security posture.
Showcase Relevant Projects: Include details of any relevant projects or experiences where you've implemented security solutions in cloud environments. Highlight your role and the impact of your contributions on the overall security framework.
Highlight Soft Skills: Don't forget to mention your communication and mentoring skills. As a Senior Security Engineer, you'll need to collaborate with various teams, so showcasing your ability to articulate complex security concepts is crucial.
How to prepare for a job interview at Funding Circle Ltd.
✨Showcase Your AWS Expertise
Make sure to highlight your hands-on experience with AWS security services during the interview. Be prepared to discuss specific projects where you implemented security measures and how they improved the overall security posture.
✨Demonstrate Your Knowledge of SSDLC
Since the role involves championing secure software development lifecycle practices, be ready to explain your understanding of SSDLC. Share examples of how you've successfully integrated these practices into engineering teams in the past.
✨Prepare for Technical Questions
Expect technical questions related to web application security vulnerabilities and attack vectors. Brush up on the OWASP Top 10 and be ready to discuss mitigation techniques you've employed in previous roles.
✨Communicate Clearly
Strong communication skills are essential for this role. Practice articulating complex security concepts in a clear and concise manner, as you'll need to convey these ideas to both technical and non-technical audiences.
