Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security initiatives and automate processes to ensure robust software development.
- Company: Join Smart, a pioneering fintech transforming retirement and savings globally.
- Benefits: Enjoy 25 days holiday, training budget, private healthcare, and more.
- Other info: Inclusive culture with opportunities for personal and professional growth.
- Why this job: Make a real impact on financial wellbeing while working with cutting-edge technology.
- Qualifications: Expertise in security, CI/CD, and cloud governance is essential.
The predicted salary is between 80000 - 100000 £ per year.
At Smart, our mission is to transform retirement, savings and financial wellbeing, across all generations, around the world.
We are looking for a visionary Principal Security Engineer to bridge the gap between rapid development and ironclad security. In this role, you won’t just be "checking boxes" - you will be the primary architect of a culture where security is invisible, automated, and inseparable from the CI/CD pipeline. Reporting to the Director of Engineering Operations, you’ll lead the charge in evolving our infrastructure-as-code (IaC) secure practices, mentoring a team of engineers, and ensuring that our scale never outpaces our safety.
What You’ll Do:
- Architect & Lead: Design and implement end-to-end secure software development toolchain. You’ll own the roadmap for security automation, including building out our AI security posture for our platform.
- Automate Everything: Integrate SAST, DAST, and SCA tools directly into our pipelines so that vulnerabilities are caught before they ever hit a staging environment.
- Cloud Governance: Oversee security posture management (CSPM) across [AWS/Azure/GCP], ensuring our cloud infrastructure is resilient and compliant, including working with our Risk team for ISO and SOC2 compliance.
- Mentor & Evangelise: Act as a technical mentor to all flavours of our Software Engineers, fostering a "Security-First" mindset through workshops and code reviews, fostering ownership of the responsibility for security to our teams and their services.
- Tooling: Own the current and future of our security toolchain, which currently includes Wiz at the heart of our security posture management, but also have a key input into managing the security aspects of our source code management (GitHub) and owning the management of our edge security.
- Threat Response: Partner with Cyber Security and other teams to develop automated remediation playbooks for security events, and ‘shifting left’ by being a key contributor to our Threat Modelling processes, assisting the process and reviewing architecture.
- Monitoring & Observability: Owning our security observability scope and implementations.
WHO WE ARE LOOKING FOR
The skills, experience, and aptitudes we are looking for are listed below but please don’t be discouraged from applying if you don’t meet every single one of these criteria – having a ‘can do’ attitude is sometimes more important than being able to tick every box.
Your Technical Background
- Container Security: Deep expertise in Kubernetes security (e.g., Wiz, OPA Gatekeeper, etc).
- Infrastructure as Code: Mastery of Terraform, or CloudFormation, with a focus on automated linting and policy-as-code.
- CI/CD Mastery: Advanced experience with GitLab CI, GitHub Actions, or Jenkins.
- Scripting & Backend: Proficiency in Python, Go, or Bash for building custom security tooling.
- Security Tooling: Hands‑on experience with tools like Wiz, Snyk, SonarQube etc.
Who You Are
- A Pragmatic Leader: You understand that security shouldn't be a bottleneck. You find ways to say "Yes, and here is how we do it safely."
- A Veteran Engineer: You have experience in DevOps/SRE roles with a focus specifically on security leadership (or becoming one).
- Curious and Egoless: There’s lots of things happening in our Engineering function, some of which you’ll need to know when to jump into, and be comfortable being the person in the meeting with the least contextual information (but knowing the right way to engage and discover more!).
- A Clear Communicator: You can explain the business impact of a $log4j$-style vulnerability to a Stakeholder just as easily as you can explain a heap overflow to a Developer.
WHO WE ARE
We work in partnerships with governments and financial institutions in the UK and internationally. Our cloud-native digital platform is revolutionising how people around the world think about, and save for, their retirement. At heart, we’re a financial technology business. What we do is all about innovation, and using the power of digital change to put the customer first. Our Engineers will tell you that working at Smart gives you the opportunity to play your part in developing world-class technological solutions, working with – and learning from – like-minded people. You’ll also find that, across our business, our colleagues love Smart’s culture, and how what we do means better financial outcomes for savers. That feels worthwhile, and it means that what we do, collectively, goes way beyond the nine to five of a typical working day.
BENEFITS
- 25 days’ holiday per year, increasing with length of service.
- £500 annual training budget to spend on your professional development.
- Extensive private healthcare, including dental, eyecare and EAP.
- Enhanced sick leave (three months’ pay per year).
- Enhanced maternity and paternity (maternity – 6 months fully paid/paternity – 3 weeks fully paid).
- Death in service insurance cover.
- Fully-paid five-week sabbatical after five years of employment.
- In office wellbeing, such as manicures, massages and barbers.
- Smart employees also enjoy a 50% discount on orders from our sister company Arena Flowers, Britain's most ethical florist.
At Smart, we are committed to creating an inclusive and equitable workplace where everyone feels valued, respected, and empowered to do their best work. We believe that diverse perspectives help us lead the way in transforming retirement, savings, and financial wellbeing. We welcome differences in background, experience, thinking, and identity, and we recognise that innovation is strongest when it is built on inclusion and fairness. We encourage applications from people of all backgrounds and experiences and do not discriminate on the basis of any protected characteristic. If you require any reasonable adjustments during the recruitment process or in the workplace, we encourage you to let us know - we are committed to supporting you. We think Smart is an awesome place to work. If it sounds like somewhere you’d like to work, too, and you’re ready to play your part in our continued success in the future, then naturally we’d love to meet you.
Principal Security Engineer employer: smart.co
Contact Detail:
smart.co Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Principal Security Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at meetups. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repo showcasing your projects, especially those related to security automation and CI/CD. This gives potential employers a taste of what you can do.
✨Tip Number 3
Prepare for interviews by practising common security scenarios and questions. Think about how you’d integrate security into the development process and be ready to share your thoughts!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace Principal Security Engineer
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with security practices, especially in CI/CD pipelines. We want to see how your skills align with our mission at Smart!
Showcase Your Leadership Skills: As a Principal Security Engineer, you'll be leading teams and mentoring others. Share examples of how you've fostered a 'Security-First' mindset in previous roles. We love seeing that proactive approach!
Be Clear and Concise: When writing your application, keep it straightforward. Use clear language to explain your technical expertise and how it relates to the role. We appreciate a well-structured application that gets straight to the point.
Apply Through Our Website: We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at smart.co
✨Know Your Stuff
Make sure you brush up on your knowledge of security practices, especially around CI/CD pipelines and infrastructure-as-code. Be ready to discuss how you've implemented security measures in past projects, particularly with tools like Wiz or Terraform.
✨Show Your Leadership Skills
As a Principal Security Engineer, you'll be expected to lead and mentor others. Prepare examples of how you've successfully guided teams in adopting a 'Security-First' mindset. Think about specific workshops or code reviews you've conducted that made a difference.
✨Communicate Clearly
Practice explaining complex security concepts in simple terms. You might need to convey the implications of vulnerabilities to both technical and non-technical stakeholders, so being able to switch your communication style is key.
✨Be Curious and Engaged
Demonstrate your eagerness to learn and adapt. Be prepared to ask insightful questions about the company's current security posture and how they envision evolving it. This shows you're not just interested in the role but also in contributing to their mission.