Senior Security Engineer

About the Role

A platform that handles financial data is, by its nature, a high-value target. The seriousness of the security posture is, in our reading, table stakes for credibility in the audience we serve. This role exists to set and maintain that posture.

Responsibilities

• Establish and maintain the application security programme, including code review, dependency management, and vulnerability disclosure.
• Own the infrastructure security posture: access controls, secrets management, network controls, and audit logging.
• Lead the response to security incidents, including the disclosure process documented on the Security and Trust page.
• Conduct and oversee the regular security assessments (penetration testing, threat modelling, red-team exercises).
• Liaise with the third-party security advisors and the firm's compliance function as the platform matures.

What We Are Looking For

• Five or more years of professional security engineering experience.
• Substantial application security and infrastructure security background.
• Familiarity with the relevant frameworks (OWASP ASVS, NIST CSF, ISO 27001) and the standards expected in a regulated environment.
• Disciplined approach to risk articulation, threat modelling, and incident response.

Helpful but Not Required

• Prior experience at a financial services firm or fintech with regulatory scrutiny.
• CISSP, OSCP, or comparable credential.
• Experience with AI and LLM security threat models (OWASP LLM Top 10).