Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Own security across the full stack, from coding to cloud infrastructure.
- Company: Join a fast-growing EdTech company redefining workplace learning.
- Benefits: Enjoy remote work, competitive salary, wellness perks, and a flexible environment.
- Why this job: Make a real impact in a collaborative culture with global brands.
- Qualifications: 5+ years in fullstack engineering with a strong security mindset required.
- Other info: Opportunity to shape security in a product-led SaaS business.
The predicted salary is between 48000 - 84000 £ per year.
The Opportunity
Join us to own security end-to-end, from shaping WAF rules and cloud posture to building secure APIs that millions rely on.
We’re hiring a Senior Security Engineer to help scale Thrive’s security posture as we continue to grow fast and land major enterprise customers.
This isn’t your typical security role. We’re looking for someone who can code first, audit later & are able to dive into our NodeJS/React stack, help teams ship secure-by-design features, and implement pragmatic security improvements across our application codebase, tooling and cloud infrastructure.
You’ll work closely with Engineering, Product, and InfoSec to ensure Thrive stays secure by design, especially as we expand into new markets, industries, and regulatory environments.
What You’ll Be Doing
• Own security across the full stack, from React & NodeJS through to AWS infrastructure, WAFs, and CI/CD.
• Build and maintain security-first libraries, tooling and pipelines to support engineering at scale.
• Embed secure-by-default practices into our codebase and developer workflows (CI/CD, code reviews, linting, scanning).
• Act as an internal consultant and coach, unblocking teams, upskilling devs, and spotting risks early.
• Partner with Engineering Leads and our CPTO to assess new threats, handle incidents, and continuously improve our posture.
• Support customer security reviews, RFPs, and external audits (SOC2, ISO27001, etc).
• Design and tune WAF rules, bot protections, and layered defenses to mitigate real-world attacks.
• Improve the security of our cloud infrastructure (AWS), IAM policies, and container configurations.
What We’re Looking For
Must-haves
• 5+ years as a fullstack or backend engineer with a strong security mindset.
• Deep experience with fullstack JavaScript/TypeScript (e.g. NodeJS / React or equivalent) and AWS.
• Proven track record of identifying, fixing and preventing security issues in production systems.
• Strong understanding of common vulnerabilities (e.g. OWASP Top 10) and mitigation techniques.
• Comfortable working cross-functionally with engineers, product managers, and leadership.
• Pragmatic – you know when to secure, when to monitor, and when to say no.
• Experience with WAFs, IAM, and infrastructure-layer security (e.g., network, container, or runtime protections).
Nice-to-haves
• Experience with SOC2 / ISO27001, Vanta, or security questionnaires for enterprise customers.
• Familiarity with identity & access management (SSO, SCIM, RBAC), secure frontend patterns, and data encryption at rest/in transit.
• Incident response experience or interest in setting up robust response playbooks.
• Experience working in SaaS or L&D platforms, or building security into multi-tenant cloud applications.
Why Thrive?
-
A chance to join a rocket-ship EdTech company on a mission to redefine workplace learning.
-
A collaborative, people-first culture where your voice matters and your work has a real impact.
-
Competitive salary + uncapped commission + benefits (private health, wellness perks, pension).
-
Remote-first, flexible working environment built on trust and autonomy.
-
The opportunity to work with global brands and cutting-edge learning technologies.
Sound Like You?
If you’re an engineer who sweats the security details, loves building clean and secure code, and wants to shape security at a product-led SaaS business – we’d love to talk.
#LI-Remote
#J-18808-Ljbffr
Senior Security Engineer (Application & Infrastructure) Engineering · UK · employer: Thrive Learning Limited
Contact Detail:
Thrive Learning Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Security Engineer (Application & Infrastructure) Engineering · UK ·
✨Tip Number 1
Familiarise yourself with the specific technologies mentioned in the job description, such as NodeJS, React, and AWS. Being able to discuss your hands-on experience with these technologies during interviews will demonstrate your capability to dive into their stack.
✨Tip Number 2
Showcase your understanding of security best practices by preparing examples of how you've implemented secure coding techniques or mitigated vulnerabilities in past projects. This will highlight your proactive approach to security, which is crucial for this role.
✨Tip Number 3
Network with current or former employees of Thrive or similar companies in the EdTech space. Engaging with them can provide insights into the company culture and expectations, which you can leverage during your interview.
✨Tip Number 4
Prepare to discuss your experience with security frameworks like SOC2 or ISO27001. Even if you haven't worked directly with these, showing that you understand their importance and how they apply to enterprise customers can set you apart from other candidates.
We think you need these skills to ace Senior Security Engineer (Application & Infrastructure) Engineering · UK ·
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience with fullstack JavaScript/TypeScript, AWS, and security practices. Use specific examples that demonstrate your ability to identify and fix security issues in production systems.
Craft a Strong Cover Letter: In your cover letter, express your passion for security and how it aligns with Thrive's mission. Mention your experience with WAFs, IAM, and your pragmatic approach to security, showcasing how you can contribute to their security posture.
Showcase Relevant Projects: Include any relevant projects or contributions that demonstrate your skills in building secure APIs, implementing security improvements, or working with cloud infrastructure. This could be personal projects, open-source contributions, or previous job experiences.
Highlight Cross-Functional Collaboration: Emphasise your ability to work cross-functionally with engineers, product managers, and leadership. Provide examples of how you've successfully collaborated in the past to enhance security measures or improve workflows.
How to prepare for a job interview at Thrive Learning Limited
✨Showcase Your Technical Skills
Be prepared to discuss your experience with fullstack JavaScript/TypeScript, particularly NodeJS and React. Highlight specific projects where you implemented security measures and how you approached coding securely.
✨Understand Security Fundamentals
Familiarise yourself with common vulnerabilities, especially the OWASP Top 10. Be ready to explain how you've identified and mitigated these issues in past roles, demonstrating your strong security mindset.
✨Demonstrate Cross-Functional Collaboration
Since this role involves working closely with various teams, prepare examples of how you've successfully collaborated with engineers, product managers, and leadership in previous positions to enhance security practices.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about how you would handle security incidents or design WAF rules, and be ready to articulate your thought process clearly.
