Security Engineer | Global Macro Trading Specialist

[Up to c. £230k Comp Package | On-Site Working]

We’re partnered with a highly regarded London-based investment firm seeking a Security Engineer to take on a uniquely influential position within their technology estate. This hire will serve as the technical backbone / informal lead of the security engineering function - designing the roadmap, shaping control strategy, and ensuring that identity, platform, and cloud security are engineered to a high standard. You’ll work directly with the Cybersecurity Lead while collaborating across infrastructure, development, trading, and compliance groups. Expect a role that mixes architecture, hands-on engineering, and ownership of critical initiatives such as RBAC, PAM, cloud hardening, and data protection...

• Define and drive the technical direction for security engineering, ensuring controls and tooling evolve in line with the firm’s broader technology and business objectives
• Shape and maintain the long-term architectural roadmap for security capabilities, ensuring key assets and data pathways are protected end-to-end
• Act as the principal technical adviser to engineering, infrastructure, trading, and operational teams, offering guidance on emerging threats, modern defensive techniques, and secure design patterns
• Partner closely with internal teams to embed security considerations into new systems and services without hindering performance or workflow
• Lead the design, rollout, and iterative refinement of a firm-wide Role-Based Access Control (RBAC) model, mapping access needs to business roles and ensuring permissions reflect least-privilege expectations
• Build and maintain workflows for access provisioning, deprovisioning, entitlement validation, and periodic reviews to keep access clean and aligned with organisational changes
• Own and evolve Privileged Access Management (PAM) controls, including deployment, integration, secure credential handling, rotation mechanisms, and privileged session oversight
• Implement monitoring strategies that ensure privileged activity is tracked, auditable, and meets internal and regulatory expectations
• Lead cloud security assessments across the firm’s Azure and AWS environments, identifying misconfigurations, excessive permissions, insecure interfaces, and other weaknesses
• Work with cloud and DevOps teams to design and implement remediation steps - covering IAM refinement, network segmentation, encryption practices, API security, and data access controls
• Promote strong cloud security hygiene across the organisation, ensuring new deployments follow best practice and remain compliant with internal and external standards
• Contribute to upcoming security engineering initiatives spanning areas such as application whitelisting, secure development patterns, data categorisation, and data loss prevention
• Produce clear security documentation, engineering guidance, and process materials to support consistency and long-term maintainability

• 5-10 years' experience in security engineering or infrastructure security roles within technically demanding environments (financial services a plus)
• Strong understanding of identity controls, including RBAC models, entitlement design, and access governance workflows
• Hands-on experience with privileged access tooling, credential lifecycle processes, and privileged session oversight
• Solid grounding in cloud security across Azure and / or AWS, with the ability to identify configuration risks and guide remediation
• Confident scripting capabilities in PowerShell or Python for automating reviews, workflows, or policy-driven tasks
• Working knowledge of endpoint, logging, and vulnerability tooling and how these components tie together
• A pragmatic, outcome-oriented mindset that balances risk reduction with operational efficiency
• A proactive, ownership-driven approach with the ability to define improvements and drive them through to completion
• A strong academic record from a highly selective university (or international equivalent), ideally in a technical discipline
• ...