Senior Security Engineer in London

We are seeking an experienced Senior Application Security Engineer to join our dynamic Security Team. This is a key role where you will be a primary contributor to Funding Circle's security posture, with a strong focus on Application Security. You will leverage your deep expertise in secure software development lifecycle (SSDLC) practices and CI/CD security to act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our development processes. You will also apply your knowledge of AWS to secure the underlying cloud infrastructure. Join us to protect our platform and customer data in a fast-paced FinTech environment.

The role:

• Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
• Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components.
• Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
• Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
• Act as a subject matter expert on DevSecOps, and application security, cloud security (AWS), providing guidance and mentorship to other engineers.
• Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
• Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.

What we're looking for:

• Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC).
• Champion for Secure Development: Proven track record of defining, implementing, and driving the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering teams.
• Security Automation & CI/CD Integration: Hands-on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions.
• Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs.
• Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS.
• Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts.

Nice to have:

• Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode).
• Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE).
• Proficiency in security automation using scripting languages (e.g., Python).
• Experience working in FinTech or other highly regulated environments.
• Experience with mobile application security principles and testing.

At Funding Circle we are committed to building diverse teams so please apply even if your past experience doesn’t align perfectly with the requirements.

As a flexible-first employer we offer hybrid working at Funding Circle, and we’ve long believed in a 'best of both' approach to in-office collaboration and non-office days. We expect our teams to be in our London office two times a week, where you can take advantage of our newly refurbished hybrid working space, barista made coffee and subsidised lunches (via JustEat) every day!

We back our Circlers to build their own incredible career, making a difference to small businesses every day. Our Circler proposition is designed to support employees both in and out of work, and it is anchored around four pillars: Health, Wealth, Development & Lifestyle.

A few highlights:

• Health: Private Medical Insurance through Aviva, Dental Insurance through Bupa, MediCash, access to free online therapy sessions and exclusive discounts with Hertility for reproductive health support.
• Wealth: Octopus Money Coach, free mortgage advisor partnership and discounts across numerous retailers through Perks at Work.
• Development: Dedicated annual learning allowance and full access to internal learning platform.
• Lifestyle: Wellhub (for fitness discounts), Electric Car Scheme and more!

And finally, we have award winning parental leave policies supporting parents through enhanced maternity, partner and adoption leave, as well as additional leave for parental bereavement and for fertility treatments.