Senior Security Engineer

Senior Security Engineer

Full-Time 70000 - 90000 £ / year (est.) Home office (partial)
Capital Markets Gateway

At a Glance

  • Tasks: Lead security risk management and governance initiatives in a dynamic fintech environment.
  • Company: Join Capital Markets Gateway, a cutting-edge financial technology firm transforming equity capital markets.
  • Benefits: Enjoy unlimited PTO, comprehensive benefits, and a hybrid work environment.
  • Other info: Opportunity for growth into leadership roles as the function scales.
  • Why this job: Make a real impact on security in a fast-paced, innovative company.
  • Qualifications: 6+ years of hands-on security experience with strong risk management skills.

The predicted salary is between 70000 - 90000 £ per year.

The Company

Capital Markets Gateway LLC (CMG) is a financial technology firm, uniquely focused on the equity capital markets (ECM), connecting investors and underwriters via a neutral platform.

CMG delivers integrated ECM data and analytics, unrivaled transparency into deal flow, and workflow efficiencies for an otherwise fragmented and inefficient process.

Providing a digital system of record for firm-wide deal activity, CMG helps clients make more timely, better-informed decisions.

Launched in 2017 by a team of ECM practitioners, CMG has completed two successful fundraising rounds and is backed by a group of the world's most prestigious financial institutions.

The CMG platform is currently relied upon by nearly 150 buy‑side firms representing $40 trillion in AUM and 22 global investment banks.

For more information, please visit www. cmgx. io

The Role

We are hiring a Senior Security Engineer to lead our security risk management and governance work.

This is a senior individual‑contributor role for someone who thrives on owning large, ambiguous initiatives end‑to‑end and turning them into shipped, operationalized programs.

You will report directly to the CISO, own cross‑program initiatives, and collaborate closely with senior leadership across the firm.

The core of the role is hands‑on security risk management, threat modeling, security risk assessments, and security design and architecture reviews, paired with the governance and process work that scales the program.

You will partner on customer due‑diligence and SOC 2 evidence and turn security controls into repeatable workflows that fit how the business already works.

You will apply that lens across the full control landscape: cloud security, supply‑chain and vulnerability management, endpoint and identity, detection and response, and AI security.

CMG operates in a highly regulated, client‑facing market, so scope and impact here are unusually large for the level.

We value strong collaboration and a deep sense of ownership: you will be trusted to take initiatives and run with them, often without an established process or a big team behind you.

The defining shift for the program is moving from reactive to proactive, and this role is central to it.

This is a high‑growth‑potential role: we expect the right person to start as a senior individual‑contributor and grow into broader leadership, including people’s leadership, as the function scales.

Responsibilities

  • Security Risk Management
  • Lead threat modeling across products, infrastructure, and new initiatives, identifying and prioritizing risks, attack surfaces, and vulnerabilities.
  • Conduct security risk assessments and translate findings into pragmatic, risk‑based remediation prioritized by impact and blast radius.
  • Run security design and architecture reviews, partnering with Engineering and Dev Ops to reduce risk through secure design and simplicity, not just added controls.
  • Governance, Risk & Compliance
  • Partner on customer due‑diligence (DDQ) and SOC 2 Type II evidence gathering, keeping compliance sustainable rather than fire‑drilled.
  • Build repeatable security workflows that embed controls into existing engineering processes instead of creating parallel ones.
  • Develop and maintain clear, role‑relevant security policies, standards, and procedures, and drive consensus without direct authority.
  • Security Controls and Technical Program Execution
  • Understand and implement controls for supply‑chain risk and vulnerability management, including CI/CD enforcement and dependency hygiene, and build vulnerability triage workflows that score real risk by exploitability, reachability, and compensating controls rather than raw CVSS.
  • Harden and secure our cloud environment (Azure), partnering with platform engineering on secure configuration, reviewing and remediating vulnerabilities, identity and network controls, posture management, and logging and detection.
  • Strengthen endpoint and identity controls across a global, remote workforce: least privilege, phishing‑resistant MFA, and privileged access controls.
  • Support detection and response, partnering with our DFIR and MDR relationships and helping mature toward a proactive posture.
  • Address AI security risks (prompt injection, data poisoning, model and agent governance) and help keep AI controls ahead of adoption.
  • Cross‑functional Leadership and Program Ownership
  • Take ownership of large, loosely defined initiatives and drive them from problem framing to operationalized program.
  • Work closely with senior leadership across the firm, bringing structure to ambiguity and sequencing work against risk.
  • Surface risk early, challenge assumptions, and communicate clearly to both technical teams and senior stakeholders.

Qualifications

  • Have 6+ years of hands‑on security experience, with real depth in security risk management: threat modeling, risk assessments, and security design and architecture review.
  • Have run governance, risk, and compliance work in practice, including audit and customer due‑diligence support (SOC 2 or similar), and made it operational rather than just documented.
  • Have thrived in a startup or other small, fast‑paced environment, owning large, ambiguous initiatives end‑to‑end with little scaffolding and shipping them.
  • Have working breadth across the control landscape: cloud security, supply‑chain and vulnerability management, endpoint and identity, and detection and response.
  • Are genuinely technical: comfortable in cloud environments (Azure preferred), CI/CD, and at least one scripting language (e. g.

Python, Bash, Power Shell), so your controls hold up in engineering reality.

  • Lead with empathy and influence, and distill complex security concepts into clear, actionable guidance for technical and non‑technical audiences alike.
  • Thrive navigating ambiguity and make sound, risk‑based calls with incomplete information.
  • Work effectively in a remote‑first setup: most of the team is remote, with a small London in‑office presence, so you communicate crisply and operate well asynchronously.
  • Navigate an organization to get things done you know who to pull in for information or alignment, and you drive that alignment without formal authority.
  • Nice to have
  • Have banking, fintech, or other regulated industry experience.
  • Use AI tooling fluently in your own day‑to‑day work and are eager to integrate it into security workflows as a force multiplier.
  • Have a bias toward automating repeatable security work — scripting, tooling, and process — to scale your impact.
  • Be familiar with AI and agentic security risks (prompt injection, data poisoning, model and agent governance).
  • Have experience mapping security frameworks (NIST CSF, ISO 27001, OWASP, NIST AI RMF).
  • Have hands‑on exposure to detection and response, red‑team, or pen‑test work.
  • Have experience with our stack: Azure / Entra ID, Git Hub Enterprise Cloud (GHAS, Actions, Dependabot), Sentinel, Zscaler, Intune, Vanta, and the Atlassian suite.
  • Hold relevant certifications (e. g. CISSP, CRISC, OSCP) — valued but not required.

Our Values

  • We innovate with purpose
  • We focus on outcomes vs. output
  • We believe diverse and inclusive teams fuel innovation
  • We are humble yet candid
  • We do right by the customer

What We Offer

  • Equity
  • Unlimited PTO (28 days including bank holidays + unlimited additional paid leave)
  • Comprehensive benefits program managed by Globalization Partners
  • Premium life and income protection
  • Top private medical and dental insurance
  • Employee Assistance Program (EAP)
  • Pension contributions
  • Hybrid work environment (initially remote until office setup is complete)
  • Education reimbursement
  • Continuous learning opportunities
  • Employee referral bonus
  • Parental leave

CMG embraces our ongoing commitment to building a culture reflecting the people, perspectives, and passions it represents.

We will accept nothing less than equity, inclusion, and belonging for all.

With the only constant in life being change, we will always listen, learn, and improve for the betterment of our teams, customers, and communities.

CMG is proud to be an Equal Opportunity Employer.

#J-18808-Ljbffr

Senior Security Engineer employer: Capital Markets Gateway

At Capital Markets Gateway LLC (CMG), we pride ourselves on being an exceptional employer, offering a dynamic work culture that fosters innovation and collaboration. Our commitment to employee growth is evident through continuous learning opportunities and a clear pathway for advancement, particularly in high-growth roles like the Senior Security Engineer. With a hybrid work environment and comprehensive benefits, including unlimited PTO and equity options, CMG provides a supportive atmosphere where every team member can thrive and contribute meaningfully to our mission in the financial technology sector.

Capital Markets Gateway

Contact Details:

Capital Markets Gateway Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Senior Security Engineer

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Capital Markets Gateway, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through Capital Markets Gateway

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Capital Markets Gateway. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Senior Security Engineer

Security Risk Management
Threat Modeling
Security Risk Assessments
Security Design and Architecture Reviews
Governance, Risk & Compliance
SOC 2 Evidence Gathering
Cloud Security (Azure)

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Capital Markets Gateway insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Capital Markets Gateway that you’re committed to staying ahead in the game.

How to prepare for a job interview at Capital Markets Gateway

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at Capital Markets Gateway to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Capital Markets Gateway.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.