Security Engineer in London

Our Mission
We’re not your average benefits platform - we’re the driving force that uplifts people’s lives. Our technology connects the entire benefits ecosystem, creating better outcomes for employers, employees, brokers, and providers. Our mission is clear: to build a world where everything works at its best, ensuring every employee gets the support they need to thrive - both at work and beyond.

Your Mission
As a Security Engineer at Ben you will shape Infosec across the domains of infrastructure, product, and compliance. You’ll be a key technical contributor in a small, high-impact team - with direct mentorship from our Security Lead and the autonomy to take full ownership of key projects. We value self-starters who are eager to take on ownership, in a supportive environment where you can make a real impact while developing your skills. Our culture emphasises work-life balance, so while we work hard to ship on time, we also take downtime and relaxation seriously.

Things you will be working on:

• Take ownership of existing security tooling, and implement new ones (e.g. endpoint protection, MDM, access controls), ensuring they’re effectively configured, maintained, and evolving as the business grows.
• Embed secure-by-design practices into the development lifecycle across engineering, including secure coding, threat modeling, and design reviews.
• Monitor systems for irregular behaviour and proactively design detection and prevention mechanisms.
• Ensure infrastructure and applications align with generally accepted industry standards, such as the OWASP Top 10 and the AWS Well-Architected Framework.
• Conduct and lead risk assessments, including third-party/vendor reviews and internal evaluations.
• Document and maintain security policies, procedures, and controls as part of our ISO 27001-certified Information Security Management System (ISMS).

You will love this role if you have:

• Hands-on experience deploying and managing security tooling - such as EDR, MDM, ZTNA, or vulnerability scanners, and enjoy solving problems at the implementation level.
• Worked with Microsoft’s security ecosystem, including Entra ID (Azure AD), Intune, and Defender, and feel confident navigating other vendors’ enterprise tooling.
• Solid foundations in networking, systems, and cloud infrastructure, and understand how to apply industry standards (e.g. OWASP Top 10, AWS Well-Architected) to real-world scenarios.
• Experience reviewing and improving product and infrastructure security, including secure SDLC practices like threat modelling, secure code review, or CI/CD hardening.
• Familiarity with compliance frameworks such as ISO 27001 or SOC 2, and the ability to translate technical controls into well-documented policies and audit-ready evidence.
• Experience automating repetitive security tasks (e.g. with Python, PowerShell, or Bash) or integrating tools via APIs to improve efficiency and reduce manual work.
• A bias toward proactive risk reduction, not just fixing bugs - you think holistically about controls, people, and processes that improve security posture.
• A generalist mindset - you’re comfortable working across infrastructure, product, and compliance domains, even if you’re deeper in one.

You will not love this role if you:

• Want to only do policy work or only implementation - this is a hands-on, full-spectrum security role where you’ll work across engineering and compliance.
• Need a slow pace to feel comfortable - we move fast, and we prioritise action, even when the path isn’t perfectly clear.
• Are uncomfortable being accountable for outcomes - this role involves owning projects end-to-end and being responsible for making them succeed.
• Prefer maintaining the status quo - we want to challenge assumptions, rethink how security is done, and push for better ways of working.
• Prefer a highly structured environment with established processes and clearly defined boundaries - we’re still building, and sometimes that means creating the path as we go.
• Struggle with ambiguity or expect prescriptive direction - you’ll get support and context, but you’ll need to figure things out and take ownership.
• Wait for others to step up, or to be told what to do - We are a high-performance and high-reward workplace and are looking for people who are proactive.

Not sure if you meet 100% of the requirements? That’s okay - we know that not everyone follows a linear career path, and we value diverse perspectives and growth mindsets. If you have a solid technical foundation and a strong interest in security, we’d still love to hear from you. That said, this role does require hands-on experience, so please only apply if you feel confident you can contribute meaningfully from day one.

Our Compensation & Benefits
It’s important to us to practise what we preach when it comes to our benefits. We know what good looks like and we want to provide the best for our team, with a comprehensive and inclusive benefits package. This means you have a choice over the things that are most important to you.

• Competitive base salary + equity, so you own what you build.
• £100 monthly personal Ben Balance: for whatever works for you, whether that’s Netflix, Spotify, or a really expensive cup of coffee! This allowance will increase by £50 for each year of service until you reach £250.
• Weekly lunch provided in office so you can spend quality time with the team over some tasty food!
• 28 days of holidays a year plus...