Senior Security Engineer

Are you passionate about implementation and strategy of securing systems? Become a Senior Security Engineer at Thredd! As a Senior Security Engineer at Thredd, you will be responsible for shaping and maintaining the organisation’s security posture. You will design, build, and operate automated security and compliance controls and manage vulnerabilities and risk across our cloud and engineering environments. This role focuses on embedding security controls, guardrails, and telemetry into AWS platforms and development workflows, enabling continuous assurance and resilience by design.

What you’ll be doing as a Senior Security Engineer:

• Embed security-by-design across all initiatives, ensuring client trust, regulatory alignment, and strong collaboration with IT, business, legal, and external stakeholders.
• Design secure-by-default cloud and platform architectures, implementing automated security and compliance controls using policy-as-code and infrastructure-as-code to improve reliability and reduce manual effort.
• Build and maintain robust security telemetry, dashboards, and reporting to support data-driven risk assessments, vulnerability prioritisation, audit readiness, and alignment with frameworks (e.g., SOC 2, ISO 27001, NIST, CIS).
• Plan and execute complex initiatives, enhance guardrails and validation mechanisms across environments, and drive measurable improvements in security posture, compliance maturity, and operational resilience.
• Shape engineering best practices, identify systemic risks, and lead continuous improvement and change management efforts across systems and departments.
• Mentor and lead within the security architecture function, foster learning and leadership development, remove barriers to performance, and build a strong, future-ready security culture.
• Deliver reliable, well-documented security metrics and reporting aligned to business and regulatory needs; ensure controls are testable, monitored, and continuously enhanced through automation and engineering improvements.
• Influence engineering practices through technical leadership, identifying opportunities to reduce manual effort, improve reliability, and embed security-by-design across all technology initiatives.
• Work closely with IT and business stakeholders to integrate security requirements into project planning, manage organisational impact assessments, and ensure compliance without operational disruption.
• Maintain strong knowledge of cloud security, DevSecOps, application security, and compliance automation practices.
• Design and implement secure-by-default cloud and platform architectures that embed preventative and detective controls, and build and maintain robust security controls, guardrails, and validation mechanisms across cloud, network, and application environments.
• Prioritise vulnerabilities, technical debt, and control improvements based on threat models and risk assessments.
• Build and maintain strategic relationships with senior leadership, legal teams, and external regulatory bodies to ensure security strategies align with business and compliance requirements.
• Shape talent development strategies to build a pipeline of future security leaders, ensuring a high standard of cybersecurity knowledge and capability across the team.

What You’ll Bring To The Senior Security Engineer Role:

• Demonstrate experience designing, building, and operating automated security and compliance controls.
• Strong hands-on experience with AWS security controls, including network security, vulnerability management, cloud security posture management (CSPM), runtime protection, logging and monitoring, and event-driven response and remediation.
• Proficiency in Infrastructure-as-Code (IaC) and CI/CD tooling, with experience embedding security guardrails and policy enforcement.
• Solid understanding of application security (AppSec) principles, including secure SDLC practices, vulnerability management, and remediation.
• Experience integrating and operating core security tooling such as vulnerability scanners, log collection platforms, endpoint protection, and detection capabilities.
• Ability to design and maintain security telemetry pipelines, dashboards, and reporting mechanisms to support continuous assurance.

Where you’ll work:

Our working model varies depending on the specific role and team requirements. We strive to provide flexibility whilst ensuring that each position is best supported for optimal collaboration and performance. For this position we’d ideally require you to be in the London office (Holborn) one day per week.

About Us:

Thredd is the trusted next-gen payments partner for innovators looking to modernise their payments offering. Certified by Mastercard, Visa and Diners & Discover, we process billions of debit, prepaid, and credit transactions annually, supporting consumer and corporate fintechs, digital banks, and embedded finance providers across the globe. Our unique offering is our client-centric approach, combining hands-on support with modern, reliable, and scalable technology. Our assured solution accelerates the development and delivery of consumer and corporate payments components embedded within digital banks, as well as for expense management, B2B payments, crypto, lending, credit, Buy Now Pay Later, FX, remittance, and open banking innovators. Since 2007, Thredd has enabled market leaders through our highly reliable, secure, and scalable platform and supported many of our client’s growth journeys - from early-stage startup through to globally recognised unicorns, including Monzo, Revolut, and Starling.

Diversity and Inclusion at Thredd:

Here at Thredd, we are committed to building a diverse and inclusive workplace where everyone feels valued, respected and empowered. We welcome applications from people of all backgrounds, experiences and identities. If you require any adjustments during the recruitment process, please let us know and we would be happy to support you.

Our Values:

• Own it and deliver – Ensuring understanding of business strategy and enabling alignment with team priorities.
• Collaborate purposefully – Leading collaboration between teams, ensuring open communication, trust and mutual respect.
• Think differently – Valuing different perspectives, celebrating success, and enabling learning if it goes wrong.
• Act courageously – Taking a different approach, showing vulnerability to build trust and enabling others to do the same.