Senior Security Engineer

Senior Security Engineer

Full-Time 60000 - 80000 £ / year (est.) No working from home possible
Abound

At a Glance

  • Tasks: Design and implement next-gen cloud security architecture while enhancing internal SOC capabilities.
  • Company: Dynamic startup focused on innovative security solutions and collaborative culture.
  • Benefits: Equity ownership, hybrid work, generous holiday, paid volunteering days, and wellness budget.
  • Other info: Opportunity for career growth with a supportive team and exciting challenges.
  • Why this job: Join a fast-paced environment and make a real impact on security in cloud technologies.
  • Qualifications: Strong background in DevSecOps, cloud security, and Python development.

The predicted salary is between 60000 - 80000 £ per year.

About the role

You won't be sitting in an ivory tower throwing policies over the fence. You will be embedded directly within our Platform team in a true DevSecOps capacity. Operating as a highly technical individual contributor, you will bridge the gap between product-led engineering and Corporate IT. You will play a hands-on role in challenging the security architecture of production and corporate IT infrastructure. In your first 6-12 months, you will design and implement our next-generation cloud security architecture across AWS and GCP, while helping to build and mature our internal SOC capabilities, including detection and response. You will take ownership of Microsoft Sentinel, enhancing our SIEM/SOAR capabilities, and strengthen identity and access management through improved and automated RBAC across AWS, Microsoft Entra, and internal systems. You will also drive a shift-left approach to security by embedding controls into GitLab CI/CD pipelines, including scanning, IaC reviews, and automated policy enforcement across the SDLC.

Our technology stack:

  • Cloud & Compute: AWS, ECS Fargate, Aurora, Lambda, GCP
  • Data Lake: S3, DMS, Glue
  • Security & Identity: Microsoft Defender (XDR), Microsoft Sentinel (SIEM/SOAR), Defender for Cloud (CSPM), Microsoft 365, Entra, Intune
  • Cloud Security Tooling: GuardDuty, Security Hub, Inspector, Security Command Center
  • Code & IaC: Python, Java, GitLab, AWS CDK, Terraform/CDK-TF
  • Observability & Incident Management: AMP, Incident.io

Who you are

You are a security professional by trade, but a hacker by design. You have a strong track record in DevSecOps and cloud security engineering, with hands-on experience elevating the security posture of other organisations. You are a strong Python developer. You know how to script automation, interact with APIs, and build security tooling from scratch. You possess a rock-solid understanding of network security fundamentals and how they apply to modern, distributed cloud architectures. You are comfortable owning both the build and run aspects of security - designing systems and responding to incidents. You thrive in the dynamic, ambiguous, and fast-paced environment of a high-growth startup. You know how to balance rigorous security with engineering velocity.

What you'll be doing

  • Actively contribute infrastructure-as-Code (AWS CDK, Terraform) for security risks prior to deployment
  • Implement best practice network security across AWS and GCP (IAM, VPCs, encryption, logging, monitoring)
  • Embed zero-trust policies across the estate
  • Actively challenge the security standards of production applications and infrastructure
  • Embed security controls into CI/CD pipelines (SAST, dependency scanning, container security)
  • Partner with engineering teams on secure architecture and deployment patterns
  • Support secure SDLC practices and pre-deployment security reviews

What we offer

  • Everyone owns a piece of the company - equity
  • Hybrid with 3 days a week in the office
  • 25 days' holiday a year, plus 8 bank holidays
  • 2 paid volunteering days per year
  • One month paid sabbatical after 4 years
  • Employee loan
  • Free gym membership
  • Team wellness budget to be active together - set up a yoga class, a tennis lesson or go bouldering

Senior Security Engineer employer: Abound

Abound is an excellent employer that fosters a collaborative and innovative work culture, particularly in the dynamic field of Generative AI. With a hybrid work model based in London, employees benefit from competitive perks such as equity options and generous paid holidays, while also having the opportunity to work on impactful projects that shape the future of consumer lending. The company prioritises employee growth and encourages curiosity and problem-solving, making it a rewarding place for those looking to make a real-world impact.

Abound

Contact Details:

Abound Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Senior Security Engineer

Tip Number 1

Network like a pro! Get out there and connect with folks in the industry. Attend meetups, webinars, or even local tech events. You never know who might have the inside scoop on job openings or can put in a good word for you.

Tip Number 2

Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to cloud security and DevSecOps. This gives potential employers a taste of what you can do and sets you apart from the crowd.

Tip Number 3

Prepare for interviews by brushing up on your technical knowledge and soft skills. Practice common interview questions, but also be ready to discuss your hands-on experience with tools like Microsoft Sentinel and AWS CDK. Confidence is key!

Tip Number 4

Don't forget to apply through our website! We love seeing candidates who are genuinely interested in joining our team. Tailor your application to highlight how your skills align with our needs, especially in areas like security architecture and CI/CD pipelines.

We think you need these skills to ace Senior Security Engineer

DevSecOps
Cloud Security Engineering
AWS
GCP
Microsoft Sentinel
Identity and Access Management (IAM)
RBAC

Some tips for your application 🫡

Tailor Your CV:Make sure your CV speaks directly to the role of Senior Security Engineer. Highlight your experience in DevSecOps and cloud security, and don’t forget to mention any hands-on projects that showcase your skills in AWS and GCP.

Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to tell us why you’re passionate about security and how your hacker mindset can contribute to our team. Be specific about your achievements and how they relate to the job description.

Show Off Your Technical Skills:We want to see your technical prowess! Include examples of your Python development, automation scripting, and any security tooling you've built. This is your opportunity to demonstrate how you can bridge the gap between product-led engineering and Corporate IT.

Apply Through Our Website:Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, we love seeing candidates who take the initiative to connect with us directly.

How to prepare for a job interview at Abound

Know Your Tech Stack

Familiarise yourself with the specific technologies mentioned in the job description, like AWS, GCP, and Microsoft Sentinel. Be ready to discuss how you've used these tools in your previous roles and how they can be applied to enhance security architecture.

Showcase Your DevSecOps Experience

Prepare examples of how you've successfully integrated security into the development process. Highlight any hands-on experience you have with CI/CD pipelines and how you've implemented security controls in those environments.

Demonstrate Problem-Solving Skills

Be ready to tackle hypothetical scenarios related to security challenges. Think about how you would approach issues like network security or incident response, and articulate your thought process clearly during the interview.

Emphasise Collaboration

Since this role involves working closely with engineering teams, prepare to discuss how you've partnered with others in the past. Share specific instances where your collaboration led to improved security outcomes or streamlined processes.