Senior Security Engineer

We are looking for a Senior Security Engineer to join CUBE Global and help drive the standard of security engineering across our product and platform. This is a hands‑on, high‑impact role in a growing security function, reporting to the Head of Information Security. You will be a key contributor to our security engineering capability: designing and building security controls, embedding security into development and delivery workflows, and building the automation and systems integration that allows security to scale across the organization. We need someone who can help ensure our systems meet the standards expected of a RegTech company serving the global financial services industry.

Key Responsibilities

• Act as a senior hands‑on contributor to the design, implementation, and operation of security controls across application, infrastructure, and cloud environments.
• Partner with Software Engineering and Platform Engineering teams to embed security into system design, code review, CI/CD pipelines, and operational workflows.
• Design, build, and maintain reusable security patterns, guardrails, and automated controls that engineering teams can adopt with confidence.
• Build and operate security automation and systems integration: connecting security tooling into development, delivery, and compliance workflows to reduce manual effort and increase coverage.
• Develop and maintain integrations between security platforms, compliance tooling, and engineering systems to enable continuous visibility and evidence collection.
• Support and contribute to threat modelling and security design review for new and changing systems, focusing on enablement rather than gatekeeping.
• Contribute to vulnerability management operations: triage, prioritization, remediation tracking, and verification across the product and infrastructure estate.
• Participate in investigation and response to security incidents, coordinating with affected teams through containment, recovery, and root cause analysis.
• Help ensure security controls are implemented consistently and produce auditable evidence, supporting ISO 27001, SOC 2, and regulatory compliance requirements.
• Provide security input to change management, ensuring risk is understood and mitigated without unnecessary friction in delivery.
• Collaborate with Architecture and Platform Engineering to ensure security principles are reflected in shared patterns, reference designs, and infrastructure decisions.
• Contribute to security standards, guidance, and policy in partnership with GRC and compliance functions.
• Mentor and support other security engineers, raising security engineering maturity and consistency across the organization.

Skills and Experience

Essential

• Strong security engineering expertise across application security, cloud security (Azure preferred), and infrastructure security.
• Hands‑on experience securing modern software delivery environments: CI/CD pipelines, containerised workloads, IaC, and cloud‑native services.
• Practical experience with security tooling: SAST, SCA, DAST, vulnerability scanners, endpoint protection, and SIEM integration.
• Demonstrated ability to build security automation and systems integration: scripting, API integration, workflow orchestration, and connecting tooling into engineering pipelines.
• Experience with threat modelling methodologies and security architecture review for complex, distributed systems.
• Strong understanding of identity and access management principles, including privileged access, RBAC, and SSO/MFA architectures.
• Experience contributing to security incident investigation and response.
• Ability to produce clear, auditable evidence of security controls for internal audit and external certification (ISO 27001, SOC 2).
• Clear communication skills: able to articulate security risks and trade‑offs to engineering teams, leadership, and non‑technical stakeholders.
• Collaborative, enabling mindset: focused on raising the security capability of engineering teams rather than policing delivery.

Desirable

• Experience operating in a regulated financial services or RegTech environment.
• Familiarity with DORA, NIS2, or UK Cyber Security and Resilience Bill requirements as they apply to technology controls.
• Experience with compliance automation platforms (e.g., Vanta) and integrating evidence collection into engineering workflows.
• Exposure to AI/ML security considerations: model security, data pipeline integrity, and responsible AI governance.
• Experience with asset discovery and inventory tooling (e.g., Axonius) and configuration management at scale.
• Track record of supporting external certification audits.

Performance Indicators

• Measurable adoption of secure patterns and automated controls by engineering teams.
• Reduction in repeat security findings across audit cycles and vulnerability assessments.
• Timely remediation of vulnerabilities and security findings within agreed SLAs.
• Effective incident handling with clear root cause analysis, learning, and preventive action.
• Audit readiness: ability to produce evidence of control effectiveness on demand.
• Positive feedback from engineering teams on the quality and approachability of security partnership.

Why CUBE Global

• The opportunity to build and shape a security engineering function from the ground up in a growing, PE‑backed RegTech company.
• Direct reporting line to the Head of Information Security with visibility to executive leadership.
• A product that matters: CUBE tracks regulations across 750+ jurisdictions for 1,000+ financial services clients globally.
• A technology environment with real problems to solve: cloud migration, multi‑region operations, and regulatory technology at scale.
• Investment in your development: conference attendance, training, and certification support.

CUBE is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.