Senior Security Engineer
Role details
Job location
Tech stack
Job description
As a Senior Security Engineer, you will embed security across the entire product lifecycle from initial design through to deployment. You'll lead secure development standards, conduct threat modelling as well as oversee security testing within a dynamic, fast-paced environment. Positioned at the intersection of engineering and security, this role ensures that financial products are resilient against emerging threats while empowering development teams to move quickly and confidently., * Secure Development Lifecycle (SDLC)
- Design and implement secure software development practices
- Embed security checks and controls into CI/CD pipelines
- Establish security quality gates and coding standards (aligned with OWASP)
- Define security architecture patterns and reference designs Code Review & Testing
- Conduct manual and automated security code reviews
- Deploy and manage security tooling (SAST, DAST, IAST, SCA)
- Validate cryptographic, authentication and authorisation implementations
- Ensure compliance with OWASP ASVS and related standards Threat Modelling & Risk Assessment
- Lead threat modelling sessions (STRIDE, PASTA or similar)
- Create threat models for new products and architecture changes
- Identify attack vectors across web, mobile and API layers
- Translate findings into security requirements and test scenarios Platform Security
- Web: Protect against OWASP Top 10 vulnerabilities
- Mobile: Apply MASVS standards and platform-specific security guidelines
- APIs: Enforce best practices for authentication, input validation and rate limiting
- Ensure secure session management and data storage Security Tooling & Automation
- Build and maintain automated security pipelines
- Integrate tools with GitHub Actions and other CI/CD processes
- Implement vulnerability tracking, secret scanning and dependency checks
- Create security dashboards, reports and remediation workflows
Developer Enablement
- Build secure coding guidelines across multiple stacks
- Develop and scale a security champions programme
- Deliver training sessions on platform-specific risks
- Provide hands-on guidance during security incidents, This is a very exciting opportunity for a Senior Security Engineer to drive security across high-growth fintech products used globally and work in a collaborative environment with modern tooling and frameworks that has a clear pathway leading to a Staff / Principal Engineer roles. If you're an experienced Security Engineer looking to make a real impact in a fast scaling fintech environment, we'd love to discuss this opportunity with you.
Requirements
Technical Expertise
-
Solid experience in application/product security roles
-
Extensive coding skills (Python, JavaScript/TypeScript, Golang)
-
Deep knowledge of vulnerabilities across web and mobile environments
-
Hands-on experience with modern frameworks (React, Angular, ReactNative, Flutter)
-
Experience with security tooling and automated testing
Security Knowledge
-
Strong grounding in OWASP standards (Top 10, ASVS, SAMM, MASVS)
-
Experience with threat modeling frameworks
-
Familiarity with OAuth2, OIDC, WebAuthn and related protocols
-
Understanding of PCI-DSS, PSD2 and SCA requirements
Professional Skills
-
Background in financial services or other highly regulated industries
-
Ability to explain risks and solutions clearly to developers
-
Strong documentation and technical writing skills
-
Collaborative, pragmatic approach balancing speed and security
Preferred
-
Payments or transaction security knowledge
-
Mobile application protection
-
Experience building internal security programmes
-
Pen testing or security research background, * Application Security
-
Financial Services
-
SDLC
-
Coding Experience
-
Penetration Testing
