Senior Security Engineer

As Senior Security Engineer, you'll embed security throughout the product lifecycle, from design to deployment. You'll drive secure development standards, threat modelling, and security testing across a complex and fast-moving environment. This role sits at the intersection of engineering and security, ensuring that financial products are built to withstand evolving threats while enabling development teams to deliver at pace., Secure Development Lifecycle (SDLC) * Design and implement secure software development practices * Embed security checks and controls into CI/CD pipelines * Establish security quality gates and coding standards (aligned with OWASP) * Define security architecture patterns and reference designs Code Review & Testing * Conduct manual and automated security code reviews * Deploy and manage security tooling (SAST, DAST, IAST, SCA) * Validate cryptographic, authentication and authorisation implementations * Ensure compliance with OWASP ASVS and related standards Threat Modelling & Risk Assessment * Lead threat modelling sessions (STRIDE, PASTA or similar) * Create threat models for new products and architecture changes * Identify attack vectors across web, mobile and API layers * Translate findings into security requirements and test scenarios Platform Security * Web: Protect against OWASP Top 10 vulnerabilities* Mobile: Apply MASVS standards and platform-specific security guidelines * APIs: Enforce best practices for authentication, input validation and rate limiting * Ensure secure session management and data storage Security Tooling & Automation * Build and maintain automated security pipelines * Integrate tools with GitHub Actions and other CI/CD processes * Implement vulnerability tracking, secret scanning and dependency checks * Create security dashboards, reports and remediation workflows Developer Enablement * Build secure coding guidelines across multiple stacks * Develop and scale a security champions programme * Deliver training sessions on platform-specific risks * Provide hands-on guidance during security incidents

Requirements Technical Expertise * 5+ years in application/product security roles * Strong coding skills (Python, JavaScript/TypeScript, Golang) * Deep knowledge of vulnerabilities across web and mobile environments * Hands-on experience with modern frameworks (React, Angular, ReactNative, Flutter)* Experience with security tooling and automated testing Security Knowledge * Strong grounding in OWASP standards (Top 10, ASVS, SAMM, MASVS) * Experience with threat modeling frameworks * Familiarity with OAuth2, OIDC, WebAuthn and related protocols * Understanding of PCI-DSS, PSD2 and SCA requirements Professional Skills * Background in financial services or other highly regulated industries * Ability to explain risks and solutions clearly to developers * Collaborative, pragmatic approach balancing speed and security