Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Own security from WAF rules to secure APIs in a fast-growing EdTech company.
- Company: Join Thrive, a mission-driven EdTech company redefining workplace learning.
- Benefits: Enjoy remote work, competitive salary, wellness perks, and a flexible environment.
- Why this job: Shape security in a collaborative culture where your contributions truly matter.
- Qualifications: 5+ years in fullstack engineering with a strong security mindset required.
- Other info: Work with global brands and cutting-edge technologies in a fully remote role.
The predicted salary is between 43200 - 72000 £ per year.
The Opportunity
Join us to own security end-to-end, from shaping WAF rules and cloud posture to building secure APIs that millions rely on.
We\’re hiring a Senior Security Engineer to help scale Thrive\’s security posture as we continue to grow fast and land major enterprise customers.
This isn\’t your typical security role. We\’re looking for someone who can code first, audit later & are able to dive into our NodeJS/React stack, help teams ship secure-by-design features, and implement pragmatic security improvements across our application codebase, tooling and cloud infrastructure.
You\’ll work closely with Engineering, Product, and InfoSec to ensure Thrive stays secure by design, especially as we expand into new markets, industries, and regulatory environments.
What You\’ll Be Doing
• Own security across the full stack, from React & NodeJS through to AWS infrastructure, WAFs, and CI/CD.
• Build and maintain security-first libraries, tooling and pipelines to support engineering at scale.
• Embed secure-by-default practices into our codebase and developer workflows (CI/CD, code reviews, linting, scanning).
• Act as an internal consultant and coach, unblocking teams, upskilling devs, and spotting risks early.
• Partner with Engineering Leads and our CPTO to assess new threats, handle incidents, and continuously improve our posture.
• Support customer security reviews, RFPs, and external audits (SOC2, ISO27001, etc).
• Design and tune WAF rules, bot protections, and layered defenses to mitigate real-world attacks.
• Improve the security of our cloud infrastructure (AWS), IAM policies, and container configurations.
What We\’re Looking For
Must-haves
• 5+ years as a fullstack or backend engineer with a strong security mindset.
• Deep experience with fullstack JavaScript/TypeScript (e.g. NodeJS / React or equivalent) and AWS.
• Proven track record of identifying, fixing and preventing security issues in production systems.
• Strong understanding of common vulnerabilities (e.g. OWASP Top 10) and mitigation techniques.
• Comfortable working cross-functionally with engineers, product managers, and leadership.
• Pragmatic – you know when to secure, when to monitor, and when to say no.
• Experience with WAFs, IAM, and infrastructure-layer security (e.g., network, container, or runtime protections).
Nice-to-haves
• Experience with SOC2 / ISO27001, Vanta, or security questionnaires for enterprise customers.
• Familiarity with identity & access management (SSO, SCIM, RBAC), secure frontend patterns, and data encryption at rest/in transit.
• Incident response experience or interest in setting up robust response playbooks.
• Experience working in SaaS or L&D platforms, or building security into multi-tenant cloud applications.
Why Thrive?
- A chance to join a rocket-ship EdTech company on a mission to redefine workplace learning.
- A collaborative, people-first culture where your voice matters and your work has a real impact.
- Competitive salary + uncapped commission + benefits (private health, wellness perks, pension).
- Remote-first, flexible working environment built on trust and autonomy.
- The opportunity to work with global brands and cutting-edge learning technologies.
Sound Like You?
If you\’re an engineer who sweats the security details, loves building clean and secure code, and wants to shape security at a product-led SaaS business – we\’d love to talk.
#LI-Remote
Team Engineering Locations UK Remote status Fully Remote #J-18808-Ljbffr
Senior Security Engineer (Application & Infrastructure) employer: Thrive
Contact Detail:
Thrive Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Security Engineer (Application & Infrastructure)
✨Tip Number 1
Familiarise yourself with the specific technologies mentioned in the job description, such as NodeJS, React, and AWS. Being able to discuss your hands-on experience with these technologies during an interview will demonstrate your capability to dive into their stack.
✨Tip Number 2
Showcase your understanding of security best practices by preparing examples of how you've implemented secure coding practices in past projects. This will help you stand out as someone who can embed security into the development process.
✨Tip Number 3
Network with current or former employees of Thrive, if possible. Engaging with them can provide insights into the company culture and expectations, which can be invaluable during interviews.
✨Tip Number 4
Prepare to discuss real-world security incidents you've managed or learned from. This will not only highlight your experience but also show your proactive approach to security challenges, aligning with Thrive's need for a pragmatic mindset.
We think you need these skills to ace Senior Security Engineer (Application & Infrastructure)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience with fullstack JavaScript/TypeScript, AWS, and security practices. Emphasise any relevant projects where you've implemented security measures or worked cross-functionally.
Craft a Strong Cover Letter: In your cover letter, express your passion for security and how your background aligns with the role. Mention specific experiences that demonstrate your ability to build secure applications and your understanding of common vulnerabilities.
Showcase Relevant Projects: Include examples of past projects in your application that showcase your skills in coding, security improvements, and working with cloud infrastructure. Highlight any experience with WAFs, IAM, and incident response.
Prepare for Technical Questions: Be ready to discuss your technical expertise during the interview process. Brush up on your knowledge of OWASP Top 10 vulnerabilities, mitigation techniques, and your experience with secure coding practices.
How to prepare for a job interview at Thrive
✨Showcase Your Technical Skills
Be prepared to discuss your experience with fullstack JavaScript/TypeScript, particularly NodeJS and React. Highlight specific projects where you implemented security measures and how you approached coding securely.
✨Understand Security Fundamentals
Familiarise yourself with common vulnerabilities, especially the OWASP Top 10. Be ready to explain how you've identified and mitigated these issues in past roles, demonstrating your strong security mindset.
✨Demonstrate Cross-Functional Collaboration
Since this role involves working closely with various teams, prepare examples of how you've successfully collaborated with engineers, product managers, and leadership to enhance security practices.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about how you would handle security incidents or improve security posture in a fast-paced environment like Thrive.
