Senior Developer Experience Security Engineer in London

About Motorway

Motorway is the UK's fastest-growing used car marketplace – our award-winning, online-only platform connects private car sellers with over 7,500 verified dealers nationwide, who compete to offer the best price. Founded in 2017, our technology makes the process refreshingly easy, earning us an 'Excellent' Trustpilot rating with over 70,000 reviews. We're not just building a platform; we're changing how people sell cars. Backed by leading investors like Index Ventures and ICONIQ Growth, and following a successful $190 million funding round, we're on a mission to transform the used car market.

About the role

Motorway is rapidly growing its technology team and business, and we are looking for a Developer Experience Security Engineer to help enable a secure, scalable, and frictionless developer experience across Motorway. We have recently built and rolled out a new container platform on top of AWS Fargate, and are currently enhancing our observability, reliability, and developer-focused tooling. This role will act as a bridge between the Developer Experience team and Security Operations team, ensuring security strategy is embedded into platform abstractions, tooling, and defaults.

As a Security Developer Experience Security Engineer, you will ensure that security is built into how engineers build, deploy, and operate software, making the secure path the easiest path.

The role will involve:

• Design, implement, and maintain secure-by-default platform capabilities (e.g. IAM patterns, network primitives, secrets management, runtime protections, encryption) that are easy for product teams to adopt.
• Build automated security checks, guardrails, and visibility that continuously assess risk and reduce the need for manual security audits.
• Collaborate with engineering to embed secure software development practices into CI/CD pipelines, templates, and shared tooling (Shift left and Secure by design principles).
• Reduce manual work (toil) for the technology and Security Operations Team using automation (e.g. scripting, workflows, tooling).
• Ensure platform-level security telemetry, logging, and monitoring are consistent, high-quality, and provided as a standard capability for all teams.
• Define and implement platform-wide security use cases (e.g. SIEM detections, alerts, and signals) that scale across teams without bespoke configuration.
• Work as part of a virtual SOC with the Security Operations Team to support in security incident response.
• Stay up-to-date with the latest security trends and best practices.
• Enable secure engineering practices through documentation, examples, platform defaults, and targeted training where appropriate.
• Help translate security policies and standards into practical, enforceable platform patterns and guardrails.

Requirements

We encourage you to apply, even if you might not meet all the requirements. You'll be directly reporting to an Engineering Manager, who will help mentor and guide you in your career.

• Proven experience as a Platform engineer, Developer Experience engineer, or similar role focused on enabling other engineers.
• Proven experience working with Containers and serverless with Infrastructure as code.
• Good knowledge of AWS cloud security best practices and tooling.
• Technical knowledge of best practice security for networks, systems, web applications, APIs and databases.
• Good understanding of secure software development practices.
• Familiarity with security tools and technologies, such as SIEM, IDS/IPS, WAF and vulnerability scanners.
• Knowledge of common adversarial Tactics, Techniques and Procedures (Mitre Att&ck TTPs).
• Knowledge of security standards and frameworks (e.g. ISO27001, NIST CSF) is beneficial.
• Relevant security certifications (e.g. GCLD, Security+, AWS/GCP Security Certifications) are a plus.
• Excellent problem-solving and analytical skills.
• Strong communication and collaboration abilities.