Security Operations Engineer Office: London Remote: Europe

Global payments are not broken. Incentives are. Clearing has been deprioritised inside balance sheet driven institutions whose models rely on lending and interest. When liquidity takes priority over settlement, payments slow and certainty drops. The same financial institutions that distort clearing as providers are disadvantaged as users. They are forced into fragmented setups, inconsistent rails, duplicated compliance, and unpredictable timelines. Stablecoin shortcuts and treasury pooling treat symptoms at the surface, but almost no one is rebuilding the underlying infrastructure in each market.

We are rebuilding clearing as its own specialist function. We act as a clearing and transaction banking partner for regulated institutions, with treasury built into the core so liquidity, settlement, and reconciliation sit in one controlled system. Our platform unifies global and local licenses, direct central bank clearing, and domestic rails. We allow clients to open named customer accounts in every market we operate, collecting funds and paying out through a single network while retaining full ownership of their customer relationships. Market expansion becomes as simple as one correspondent relationship, not hundreds.

Joining Lorum means contributing to one of the most ambitious clearing infrastructure projects in global finance. You will help shape settlement systems that perform under real regulatory standards and institutional volumes. You will build for regulated institutions that rely on precision, predictable timelines, and regulatory integrity. It is about working across currencies, markets, and supervisory frameworks to deliver reliable, final settlement.

The Security Operations Engineer will be responsible for establishing and running Lorum’s core security operations capability, with a primary focus on detection, incident response, and operational security in our cloud-native environment. This role is about building the day-to-day security muscle of the company: ensuring we can reliably detect and respond to security events, maintain strong operational hygiene, and operate in a way that stands up to regulatory and institutional scrutiny. You will work closely with Engineering, Platform, and GRC teams, but your focus remains on security operations execution and improvement, not owning security governance or long-term organisational design.

Key Responsibilities

• Security monitoring & incident response
• Design, implement, and operate security monitoring across cloud infrastructure, applications, and endpoints.
• Own the incident response process, including detection, triage, containment, remediation, and post-incident review.
• Develop and maintain a small, effective set of incident playbooks and operational runbooks.
• Operational security & hardening
• Work with Platform and Engineering teams to improve operational security controls such as IAM, logging, secrets handling, and network boundaries.
• Identify and remediate common classes of operational risk before they become incidents.
• Support secure configuration and change practices in a fast-moving engineering environment.
• Vulnerability management
• Support the vulnerability management lifecycle, from scanning and triage through remediation tracking.
• Partner with service owners to prioritise fixes based on risk and operational impact.
• Maintain a clear view of vulnerability trends and recurring issues.
• Security tooling & automation
• Operate and continuously improve core security tooling (e.g. SIEM, logging, alerting).
• Reduce alert fatigue by tuning detections and focusing on actionable signals.
• Automate routine checks and controls where it materially improves reliability or response time.
• Regulatory & audit support
• Provide technical input and evidence related to security operations during audits and client reviews.
• Work with GRC to ensure operational security practices are accurately reflected in policies and control descriptions.
• Support incident documentation and evidence capture when required.

Must-Haves

• 3+ years of hands-on experience in security operations, incident response, or security engineering.
• Practical experience building and running detection and response capabilities in a modern cloud environment.
• Strong understanding of infrastructure, network, and application security fundamentals.
• Experience working directly with engineers to remediate security issues in production systems.
• Comfortable owning operational security outcomes in an environment that values pragmatism over process.
• Clear communicator who can explain security issues and response decisions succinctly.

Nice-to-Haves

• Experience in fintech, payments, or other regulated technology environments.
• Familiarity with SOC 2, ISO 27001, or similar frameworks from an operational (not purely governance) perspective.
• Experience with infrastructure as code, CI/CD pipelines, or security automation.
• Exposure to containerised or distributed systems.
• Relevant security certifications or equivalent hands-on experience.

Opportunity to travel (if applicable)

Flexible vacation policy

Employee stock ownership (ESOP)

Flexible working and autonomy

Pay it forward days - we offer 2 annual pay it forward days where you can take time to volunteer for a charitable cause that is important to you.

Wellness days - we believe you can only work your best when you feel your best, and we know working at Lorum is intense, so we offer 3 wellness days every quarter where you can take time to re‑energise.