Senior Security Engineer

We're not your average benefits platform - we're the driving force that uplifts people's lives. Our technology connects the entire benefits ecosystem, creating better outcomes for employers, employees, brokers, and providers.

Our mission is clear: to build a world where everything works at its best, ensuring every employee gets the support they need to thrive-both at work and beyond.

As a Senior Security Engineer at Ben you will shape how infosec is done across the domains of infrastructure, product, and compliance. You'll be a key technical contributor in a small, high-impact team - with direct mentorship from our Security Lead and the autonomy to take full ownership of key projects.

We value self-starters who are eager to take on ownership, in a supportive environment where you can make a real impact while developing your skills. Our culture emphasises work-life balance, so while we work hard to ship on time, we also take downtime and relaxation seriously.

• Take ownership of existing security tooling, and implement new ones (e.g. endpoint protection, MDM, access controls), ensuring they're effectively configured, maintained, and evolving as the business grows
• Embed secure-by-design practices into the development lifecycle across engineering, including secure coding, threat modeling, and design reviews
• Monitor systems for irregular behavior and proactively design detection and prevention mechanisms
• Ensure infrastructure and applications align with generally accepted industry standards, such as the OWASP Top 10 and the AWS Well-Architected Framework
• Conduct and lead risk assessments, including third-party/vendor reviews and internal evaluations
• Document and maintain security policies, procedures, and controls as part of our ISO 27001-certified Information Security Management System (ISMS)

• Hands-on experience deploying and managing security tooling - such as EDR, MDM, ZTNA, or vulnerability scanners, and enjoy solving problems at the implementation level
• Worked with Microsoft's security ecosystem, including Entra ID (Azure AD), Intune, and Defender, and feel confident navigating other vendors' enterprise tooling
• Solid foundations in networking, systems, and cloud infrastructure, and understand how to apply industry standards (e.g. OWASP Top 10, AWS Well-Architected) to real-world scenarios
• Experience reviewing and improving product and infrastructure security, including secure SDLC practices like threat modelling, secure code review, or CI/CD hardening
• Familiarity with compliance frameworks such as ISO 27001 or SOC 2, and the ability to translate technical controls into well-documented policies and audit-ready evidence
• Experience automating repetitive security tasks (e.g. with Python, PowerShell, or Bash) or integrating tools via APIs to improve efficiency and reduce manual work
• A bias toward proactive risk reduction, not just fixing bugs - you think holistically about controls, people, and processes that improve security posture
• A generalist mindset - you're comfortable working across infrastructure, product, and compliance domains, even if you're deeper in one

• Want to only do policy work or only implementation - this is a hands-on, full-spectrum security role where you'll work across engineering and compliance
• Need a slow pace to feel comfortable - we move fast, and we prioritise action, even when the path isn't perfectly clear
• Are uncomfortable being accountable for outcomes - this role involves owning projects end-to-end and being responsible for making them succeed
• Prefer maintaining the status quo - we want to challenge assumptions, rethink how security is done, and push for better ways of working
• Prefer a highly structured environment with established processes and clearly defined boundaries - we're still building, and sometimes that means creating the path as we go
• Struggle with ambiguity or expect prescriptive direction - you'll get support and context, but you'll need to figure things out and take ownership
• Wait for others to step up, or to be told what to do - We are a high-performance and high-reward work place and are looking for people who are proactive

Not sure if you meet 100% of the requirements?

That's okay - we know that not everyone follows a linear career path, and we value diverse perspectives and growth mindsets. If you have a solid technical foundation and a strong interest in security, we'd still love to hear from you. That said, this role does require hands-on experience, so please only apply if you feel confident you can contribute meaningfully from day one.

It's important to us to practise what we preach when it comes to our benefits. We know what good looks like and we want to provide the best for our team, with a comprehensive and inclusive benefits package. This means you have a choice over the things that are most important to you. You can see a selection below, along with the full offering here.

Competitive base salary + equity, so you own what you build

£100 monthly personal Ben Balance: for whatever works for you, whether that's Netflix, Spotify, or a really expensive cup of coffee! This allowance will increase by £50 for each year of service until you reach £250

Weekly lunch provided in office so you can spend quality time with the team over some tasty food!

28 days of holidays a year plus bank holidays, and an option to buy or sell 5 days per year. Also, your holiday entitlement will increase to 30 days at your 3rd year of service!

Work-from-abroad scheme, so you can support your travels, enjoy an extended holiday, or visit loved ones.

Enhanced parental leave and workplace nursery scheme to support with the cost of childcare in a nursery setting

Comprehensive Private Medical Insurance

💌 Funded Life Assurance cover with the option to voluntarily increase - this also includes an annual health check

Comprehensive and tailored mental health support and professional coaching through a leading provider

We are organically growing a brilliantly diverse, inclusive and respectful bunch of people we are extremely proud of. This should go without saying but all applications are very much welcome. If you need any adjustments to support you with your application, just let us know by emailing jobs@thanksben.com. You can learn more about DEI at Ben here.