At a Glance
- Tasks: Lead security initiatives, mentor engineers, and develop secure solutions for our fintech platform.
- Company: Join Spendesk, a leading spend management platform revolutionising fintech security.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic team environment with a focus on innovation and career advancement.
- Why this job: Make a real impact on security in fintech while working with cutting-edge technologies.
- Qualifications: Proven experience in security engineering, mentoring skills, and strong communication abilities.
The predicted salary is between 60000 - 80000 £ per year.
Spendesk is building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond.
Security is at the heart of what we do, and we’re committed to raising the bar for security in fintech.
Your Mission You’ll be the security conscience for engineering: building tooling, training developers, and partnering with Infrastructure on secure‑by‑default solutions.
You own the technical security roadmap: partnering with the compliance team to identify risks, translating findings into actionable engineering‑native tools and processes, driving remediation, and raising the bar across the organization.
This is a pure engineering role, not governance or compliance: a separate team owns policy and risk frameworks.
It’s an individual contributor track with high influence, focused on technical depth, not people management.
You’ll mentor an Associate Security Engineer, shape practices across squads, and be the go‑to person when engineering teams need security guidance.
You’ll be hands‑on across the full security surface from day one.
As the team grows, you’ll move from day‑to‑day operations toward architecture, strategy, and mentoring, acting as the escalation point for the Associate Security Engineer.
Key Responsibilities Vulnerability own the security backlog and roadmap.
Partner with Infrastructure on secure‑by‑default solutions.
Must‑Haves A track record of owning security outcomes end to end, with hands‑on experience across at least three of: code auditing, infrastructure security (AWS/Linux), penetration testing, SIEM operations, incident response.
Ability to own a roadmap: identify priorities, build a plan, execute autonomously, and communicate progress to non‑specialists.
Deep understanding of modern web architectures (microservices, cloud‑native, Paa S/Saa S) and where they break.
Strong scripting and automation ability (Python, Bash, or similar).
Experience mentoring other engineers or security practitioners.
Excellent communication: explain a CVSS 9.8 to a PM and get them to prioritise it.
Nice‑to‑Haves Experience with Elastic Search / ELK stack in production.
Familiarity with AWS, GCP, Snowflake, Datadog, Okta.
Knowledge of security standards and frameworks (ISO 27001, OWASP, SOC 2, PCI‑DSS).
Experience in a regulated fintech or payments environment.
Reverse engineering and analysis of minified/obfuscated code.
Not ticking every box?
We’d still love to hear from you.
If this role excites you and you believe you could contribute, we encourage you to apply. #J-18808-Ljbffr