Senior Security Engineer - Contract in London
About the role
What is Flagstone?
Flagstone is many things.
An online savings platform, reinventing how individuals, businesses, and charities manage, protect, and grow their cash.
A diverse group of people, bound by a collaborative spirit, and shared purpose.
And lastly, a thriving, profitable business – where smart people do their best work.
Each definition shares a common thread: our unique culture. It’s our pride and joy. And our competitive advantage.
A feel for our culture
To revolutionise the savings market, we need to be at our best. But high performance takes more than talent – it takes a culture of kindness, respect, and growth.
That’s why we’re building a diverse, inclusive community, where your voice is heard and valued.
Where, with close support and room to develop, you can surpass even your own expectations.
And be rewarded for it.
We may not change the world, but we can change the world of financial technology. And all it takes is a winning mix of drive, talent, and empathy. Our culture celebrates all three.
About the team
Security Engineering is a team of five covering cloud security, detection, and security operations.
They work directly in the Azure estate and are close to the infrastructure, not abstracted behind a policy layer.
The team runs Microsoft Sentinel, Defender XDR, and Defender for Cloud, and manages tooling through infrastructure-as-code.
They run a quarterly penetration test programme and are continuously building out our detection and response capability.
It's a small team with broad scope, which means your work is visible, your opinions are heard, and there are meaningful problems for our engineers to work on.
This is a contract role, so we're looking for someone who can hit the ground running.
You'll bring immediate impact and add value from day one, working independently without a long ramp-up.
Your work will be visible, and the problems you solve will matter.
Does this sound like you?
You're a senior security engineer who operates credibly across cloud security, detection tooling, and incident response, without being narrowly specialised.
You own meaningful parts of the security stack, contribute hands‑on to Azure cloud hardening, and show up reliably when incidents need investigating or pen test cycles need coordinating.
You're energised by visible impact, your work matters, and your voice is heard.
What you’ll do
- Own and operate our alerting and monitoring capability through a transition period, keeping detection and response steady.
- Maintain and improve our Microsoft Sentinel deployment: writing and tuning detection rules, managing data connectors, and reducing alert noise.
- Operate and optimise Defender XDR and Defender for Cloud, including policy management and posture recommendations.
- Maintain and extend automated security checks in our delivery pipelines (shift-left).
- Drive down time‑to‑fix on known vulnerabilities, coordinating remediation with engineering squads.
- Support data‑loss‑prevention controls that reduce the risk of sensitive data leaving the business.
- Support safeguards around how the business accesses and uses AI, including securing AI workloads and their data exposure.
- Investigate suspicious activity surfaced through Sentinel and Defender: triage, elevate, or contain as appropriate.
- Support incident response, including containment, evidence gathering, and post‑incident review.
- Contribute to detection‑as‑code and infrastructure‑as‑code (Terraform or Bicep) for security tooling.
- Coordinate penetration test engagements (scope, logistics, findings review) and work with engineering teams to prioritise remediation.
What you’ll bring
- Hands‑on SIEM experience, ideally Microsoft Sentinel; equivalent platforms (Splunk, Chronicle, QRadar) considered.
- Practical Azure security experience across Defender for Cloud, Entra ID, Azure networking, and cloud security posture management.
- Experience writing infrastructure‑as‑code using Terraform or Bicep in a security engineering context.
- Experience driving vulnerability remediation cycles with engineering squads.
- Familiarity with data‑loss‑prevention controls.
- Familiarity with AI security considerations (securing AI workloads, data exposure risks) and/or using AI tooling to augment security engineering workflows.
- Ability to contribute to threat modelling and communicate security risk clearly to engineering and product audiences.
- A growth mindset and genuine curiosity to keep learning.
- SC‑200 (Microsoft Security Operations Analyst) certification.
- KQL proficiency for detection rule authoring and threat hunting.
- Experience working in a similar fintech or financial services environment.
All are welcome
At Flagstone, we’re assembling a diverse team that defies our industry’s norms. Think this role could suit you? We encourage you to apply, no matter your background.
#J-18808-Ljbffr
Your tasks
Own and optimise security operations, detection tooling, and incident response in a dynamic environment.
Your profile
Hands-on experience in SIEM, Azure security, and infrastructure-as-code.
What's also included
Competitive pay, inclusive culture, and opportunities for personal growth.
Tech stack & ways of working
Senior Security Engineer - Contract in London employer: jobr.pro
At jobr.pro, we pride ourselves on being an excellent employer by fostering a flexible and culturally diverse work environment in Exeter. Our commitment to personal development ensures that employees have ample opportunities for growth while enjoying attractive benefits, making it a rewarding place to advance your career in the transport infrastructure sector.
Your perspectives
Make a real impact in cloud security while working with cutting-edge technology.
StudySmarter Expert Advice
Get Active on Cybersecurity Forums
Join platforms like Stack Exchange and Reddit’s r/cybersecurity to hang out with industry pros, learn the latest, and share your insights. This will not only boost your visibility but also help you connect with potential clients who might need your freelance services.
Show Off Your Skills with Public Projects
Create a few open-source projects or contribute to existing ones that showcase your cybersecurity skills. Use GitHub to display your work, as this is an excellent way to attract clients looking for freelancers with a proven track record.
Attend Local Conferences and Meetups
Make sure to hit up cybersecurity meetups, workshops, and conferences in your area. These events are goldmines for networking, and you’ll often find people looking for freelancers after a chat over a coffee – so come prepared with your business cards and a killer elevator pitch!
Market Yourself Smartly
Set up a professional website that showcases your portfolio, expertise, and client testimonials. Optimise it for SEO with relevant keywords so potential clients searching for cybersecurity freelancers can easily find you. Don’t forget to link to your site on all your social media and profiles!
Some tips for your application 🫡
Show Your Skills Through a Strong Portfolio
Since you're applying for a freelance role in cybersecurity, it's crucial to showcase your technical skills through a detailed portfolio. Include case studies of projects you've worked on, any security tools you've developed or assessed, and specifics on the methodologies you’ve used. This will help jobr.pro understand what you're capable of.
Certifications Matter!
Make sure to list any relevant certifications you hold, such as CISSP, CEH, or CompTIA Security+. Freelance clients often value these credentials as they reflect your expertise and commitment to the field. If you’re actively pursuing more certifications, don’t hesitate to mention that too!
Rates, Availability, and Your Work Style
In your application, it’s essential to be clear about your freelance rates and availability. Clients appreciate transparency. Mention how many hours a week you can dedicate and your preferred working hours, as this sets expectations from the start and shows you're organised and professional.
Tailor Your CV to Highlight Cybersecurity Experience
When crafting your CV, make sure to tailor it specifically to cybersecurity. Highlight projects, tasks, and achievements related to security assessments, vulnerabilities you've mitigated, or compliance work you've undertaken. Keywords relevant to the job can grab attention and increase your chances of landing a spot at jobr.pro.
How to prepare for a job interview at jobr.pro
Showcase Your Cybersecurity Skills
As a freelancer in cybersecurity, it’s crucial we demonstrate not just our knowledge but our practical skills too. Be ready to discuss specific tools you’ve used, like Wireshark or Metasploit, and share relevant experiences where you identified vulnerabilities or mitigated risks in past projects.
Prepare Your Portfolio
Unlike traditional roles, freelancing relies heavily on your portfolio. Let’s curate a selection of past work that showcases our best projects. If we’ve handled penetration tests, audits, or incident responses, be sure to highlight these in your portfolio, and share any client testimonials if we have them.
Stay Updated on Trends and Tools
Cybersecurity is an ever-evolving field, so we should be prepared to chat about recent developments and how they impact our work. Familiarise ourselves with the latest threats, tools, and frameworks, like MITRE ATT&CK, that are pertinent to the projects we’re pitching.
Pitching Your Value as a Freelancer
When freelancing, we often need to negotiate our rates and value propositions. Be ready to explain how our skills can help jobr.pro protect their assets and manage risks. It can help to outline some potential strategies or improvements we could implement for them based on their current setup.
Locations
- London