Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security initiatives and automate processes to ensure robust software development.
- Company: Join Smart, a pioneering fintech transforming retirement and savings globally.
- Benefits: Enjoy 25 days holiday, extensive healthcare, and a £500 training budget.
- Other info: Inclusive culture with opportunities for professional growth and a supportive environment.
- Why this job: Make a real impact on financial wellbeing while working with cutting-edge technology.
- Qualifications: Expertise in Kubernetes security and CI/CD tools is essential.
The predicted salary is between 80000 - 100000 £ per year.
At Smart, our mission is to transform retirement, savings and financial wellbeing, across all generations, around the world.
We are looking for a visionary Principal Security Engineer to bridge the gap between rapid development and ironclad security. In this role, you won’t just be "checking boxes" - you will be the primary architect of a culture where security is invisible, automated, and inseparable from the CI/CD pipeline. Reporting to the Director of Engineering Operations, you’ll lead the charge in evolving our infrastructure-as-code (IaC) secure practices, mentoring a team of engineers, and ensuring that our scale never outpaces our safety.
What You’ll Do:
- Architect & Lead: Design and implement end-to-end secure software development toolchain. You’ll own the roadmap for security automation, including building out our AI security posture for our platform.
- Automate Everything: Integrate SAST, DAST, and SCA tools directly into our pipelines so that vulnerabilities are caught before they ever hit a staging environment.
- Cloud Governance: Oversee security posture management (CSPM) across [AWS/Azure/GCP], ensuring our cloud infrastructure is resilient and compliant, including working with our Risk team for ISO and SOC2 compliance.
- Mentor & Evangelise: Act as a technical mentor to all flavours of our Software Engineers, fostering a "Security-First" mindset through workshops and code reviews, fostering ownership of the responsibility for security to our teams and their services.
- Tooling: Own the current and future of our security toolchain, which currently includes Wiz at the heart of our security posture management, but also have a key input into managing the security aspects of our source code management (GitHub) and owning the management of our edge security.
- Threat Response: Partner with Cyber Security and other teams to develop automated remediation playbooks for security events, and ‘shifting left’ by being a key contributor to our Threat Modelling processes, assisting the process and reviewing architecture.
- Monitoring & Observability: Owning our security observability scope and implementations.
WHO WE ARE LOOKING FOR
The skills, experience, and aptitudes we are looking for are listed below but please don’t be discouraged from applying if you don’t meet every single one of these criteria – having a ‘can do’ attitude is sometimes more important than being able to tick every box.
Your Technical Background
- Container Security: Deep expertise in Kubernetes security (e.g., Wiz, OPA Gatekeeper, etc).
- Infrastructure as Code: Mastery of Terraform, or CloudFormation, with a focus on automated linting and policy-as-code.
- CI/CD Mastery: Advanced experience with GitLab CI, GitHub Actions, or Jenkins.
- Scripting & Backend: Proficiency in Python, Go, or Bash for building custom security tooling.
- Security Tooling: Hands‑on experience with tools like Wiz, Snyk, SonarQube etc.
Who You Are
- A Pragmatic Leader: You understand that security shouldn't be a bottleneck. You find ways to say "Yes, and here is how we do it safely."
- A Veteran Engineer: You have experience in DevOps/SRE roles with a focus specifically on security leadership (or becoming one).
- Curious and Egoless: There’s lots of things happening in our Engineering function, some of which you’ll need to know when to jump into, and be comfortable being the person in the meeting with the least contextual information (but knowing the right way to engage and discover more!).
- A Clear Communicator: You can explain the business impact of a $log4j$-style vulnerability to a Stakeholder just as easily as you can explain a heap overflow to a Developer.
WHO WE ARE
We work in partnerships with governments and financial institutions in the UK and internationally. Our cloud-native digital platform is revolutionising how people around the world think about, and save for, their retirement. At heart, we’re a financial technology business. What we do is all about innovation, and using the power of digital change to put the customer first. Our Engineers will tell you that working at Smart gives you the opportunity to play your part in developing world-class technological solutions, working with – and learning from – like-minded people. You’ll also find that, across our business, our colleagues love Smart’s culture, and how what we do means better financial outcomes for savers. That feels worthwhile, and it means that what we do, collectively, goes way beyond the nine to five of a typical working day.
BENEFITS
- 25 days’ holiday per year, increasing with length of service.
- £500 annual training budget to spend on your professional development.
- Extensive private healthcare, including dental, eyecare and EAP.
- Enhanced sick leave (three months’ pay per year).
- Enhanced maternity and paternity (maternity – 6 months fully paid/paternity – 3 weeks fully paid).
- Death in service insurance cover.
- Fully-paid five-week sabbatical after five years of employment.
- In office wellbeing, such as manicures, massages and barbers.
- Smart employees also enjoy a 50% discount on orders from our sister company Arena Flowers, Britain's most ethical florist.
At Smart, we are committed to creating an inclusive and equitable workplace where everyone feels valued, respected, and empowered to do their best work. We believe that diverse perspectives help us lead the way in transforming retirement, savings, and financial wellbeing. We welcome differences in background, experience, thinking, and identity, and we recognise that innovation is strongest when it is built on inclusion and fairness. We encourage applications from people of all backgrounds and experiences and do not discriminate on the basis of any protected characteristic. If you require any reasonable adjustments during the recruitment process or in the workplace, we encourage you to let us know - we are committed to supporting you. We think Smart is an awesome place to work. If it sounds like somewhere you’d like to work, too, and you’re ready to play your part in our continued success in the future, then naturally we’d love to meet you.
Principal Security Engineer in London employer: smart.co
Contact Detail:
smart.co Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Engineer in London
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at meetups. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repo showcasing your projects, especially those related to security automation and CI/CD. It’s a great way to demonstrate your expertise without just relying on a CV.
✨Tip Number 3
Prepare for interviews by practising common questions and scenarios specific to security engineering. Think about how you’d tackle real-world problems and be ready to share your thought process.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Principal Security Engineer in London
Some tips for your application 🫡
Show Your Passion for Security: When writing your application, let your enthusiasm for security shine through! Share specific examples of how you've integrated security into development processes and why it matters to you. We love seeing candidates who are genuinely excited about making a difference.
Tailor Your Application: Make sure to customise your CV and cover letter to highlight the skills and experiences that align with the role. Use keywords from the job description to demonstrate that you understand what we're looking for. This helps us see how you fit into our vision!
Be Clear and Concise: Keep your application straightforward and to the point. Avoid jargon unless it's relevant, and make sure your key achievements stand out. We appreciate clarity, as it reflects your communication skills – a must-have for this role!
Apply Through Our Website: We encourage you to submit your application directly through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it shows you're keen on joining our team at Smart!
How to prepare for a job interview at smart.co
✨Know Your Stuff
Make sure you brush up on your technical skills, especially around Kubernetes security and infrastructure as code. Be ready to discuss specific tools like Wiz and Terraform, and how you've used them in past projects.
✨Show Your Leadership Skills
Prepare examples of how you've led teams or mentored others in a security context. Highlight your ability to foster a 'Security-First' mindset and how you've integrated security into the development process.
✨Communicate Clearly
Practice explaining complex security concepts in simple terms. You might need to convey the impact of vulnerabilities to both technical and non-technical stakeholders, so being able to switch your communication style is key.
✨Be Curious and Engaged
Demonstrate your eagerness to learn and adapt. Show that you're comfortable asking questions and diving into discussions, even if you're not the most knowledgeable person in the room. This will highlight your collaborative spirit.