Senior Security Engineer

About the role

You won't be sitting in an ivory tower throwing policies over the fence. You will be embedded directly within our Platform team in a true DevSecOps capacity. Operating as a highly technical individual contributor, you will bridge the gap between product-led engineering and Corporate IT. You will play a hands-on role in challenging the security architecture of production and corporate IT infrastructure. In your first 6-12 months, you will design and implement our next-generation cloud security architecture across AWS and GCP, while helping to build and mature our internal SOC capabilities, including detection and response. You will take ownership of Microsoft Sentinel, enhancing our SIEM/SOAR capabilities, and strengthen identity and access management through improved and automated RBAC across AWS, Microsoft Entra, and internal systems. You will also drive a shift-left approach to security by embedding controls into GitLab CI/CD pipelines, including scanning, IaC reviews, and automated policy enforcement across the SDLC.

Our technology stack:

• Cloud & Compute: AWS, ECS Fargate, Aurora, Lambda, GCP
• Data Lake: S3, DMS, Glue
• Security & Identity: Microsoft Defender (XDR), Microsoft Sentinel (SIEM/SOAR), Defender for Cloud (CSPM), Microsoft 365, Entra, Intune
• Cloud Security Tooling: GuardDuty, Security Hub, Inspector, Security Command Center
• Code & IaC: Python, Java, GitLab, AWS CDK, Terraform/CDK-TF
• Observability & Incident Management: AMP, Incident.io

Who you are

You are a security professional by trade, but a hacker by design. You have a strong track record in DevSecOps and cloud security engineering, with hands-on experience elevating the security posture of other organisations. You are a strong Python developer. You know how to script automation, interact with APIs, and build security tooling from scratch. You possess a rock-solid understanding of network security fundamentals and how they apply to modern, distributed cloud architectures. You are comfortable owning both the build and run aspects of security - designing systems and responding to incidents. You thrive in the dynamic, ambiguous, and fast-paced environment of a high-growth startup. You know how to balance rigorous security with engineering velocity.

What you'll be doing

• Actively contribute infrastructure-as-Code (AWS CDK, Terraform) for security risks prior to deployment
• Implement best practice network security across AWS and GCP (IAM, VPCs, encryption, logging, monitoring)
• Embed zero-trust policies across the estate
• Actively challenge the security standards of production applications and infrastructure
• Embed security controls into CI/CD pipelines (SAST, dependency scanning, container security)
• Partner with engineering teams on secure architecture and deployment patterns
• Support secure SDLC practices and pre-deployment security reviews

What we offer

• Everyone owns a piece of the company - equity
• Hybrid with 3 days a week in the office
• 25 days' holiday a year, plus 8 bank holidays
• 2 paid volunteering days per year
• One month paid sabbatical after 4 years
• Employee loan
• Free gym membership
• Team wellness budget to be active together - set up a yoga class, a tennis lesson or go bouldering