Senior Security Engineer

Social network you want to login/join with:

We are seeking an experienced Senior Security Engineer to join our dynamic Security Team. In this key role, you will be a key contributor to Funding Circle's cloud and application security posture. You will leverage your deep expertise in AWS security, secure software development lifecycle (SSDLC) practices, and CI/CD security to implement and champion robust security solutions. You will act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our cloud infrastructure and development processes, ensuring the protection of our platform and customer data in a fast-paced FinTech environment.

We’re Funding Circle. We back small businesses to succeed. At Funding Circle, we believe the world needs small businesses. That’s why we’ve made it our mission to help them get the finance they need to grow.

With more than a decade of expertise, we’ve built a platform with cutting-edge data and technology that’s reshaping SME lending. We offer quick decisions for SMEs across the UK, providing access to competitive funding in minutes. We pride ourselves on providing meaningful support and fast, hassle-free processes to deliver an unbeatable customer experience.

1. Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
2. Architect, build, and maintain automated security controls, tooling, and "security rails" within CI/CD pipelines to ensure secure and efficient deployments.
3. Collaborate closely with Cloud Platform Engineers, DevX, and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
4. Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components.
5. Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
6. Oversee and enhance vulnerability management processes, focusing on strategic remediation, root cause analysis, and preventative measures.
7. Contribute to the implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
8. Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.
9. Act as a subject matter expert on cloud security (AWS), DevSecOps, and application security, providing guidance and mentorship to other engineers.
10. Contribute to incident response planning for complex cloud and application security events.
11. Proactively monitor the threat landscape, evaluate emerging cloud security risks and trends, and translate them into actionable security improvements.

• Significant (3+ years) hands-on experience in Information Security, with a focus on AWS cloud security and application security.
• Deep expertise in designing, implementing, securing, and managing AWS security services.
• Experience integrating security tooling (SAST, DAST, SCA, secrets management, IAST) within CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions).
• Proven experience supporting secure software development lifecycle (SSDLC) practices and secure coding standards.
• Knowledge of web application vulnerabilities (OWASP Top 10), attack vectors, and mitigation techniques.
• Experience securing Infrastructure as Code (Terraform) and implementing security checks.
• Experience with container security and Kubernetes/EKS security.
• Ability to contribute to vulnerability management programs, including triaging, root cause analysis, and remediation planning.
• Strong communication skills to articulate complex security concepts clearly.
• Knowledge of security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS).
• Understanding of the MITRE ATT&CK framework.
• Experience coordinating external penetration testing and remediation efforts.

• Advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE).
• Experience with security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode).
• Scripting skills in Python or similar for automation.
• Experience working in FinTech or regulated environments.
• Knowledge of mobile application security principles.

We are committed to building diverse teams. Please apply even if your experience doesn’t align perfectly with all requirements.

• Impact on SME businesses, communities, and the economy (last year £6.9bn GDP generated). Read our Impact Report:
• Customer feedback on Trustpilot:
• Our evolving multi-product platform solving SME finance challenges.

We celebrate diversity and are an equal-opportunity employer. We offer hybrid working, with in-office days in London, and support career development through various benefits covering health, wealth, and lifestyle.

We’d love to hear from you.

Please note: If you are not a passport holder of the country for the vacancy, you might need a work permit. For more info, see our Blog. Do not include bank or payment details in your application. All applications should be made via the 'Apply now' button.

Created on 02/07/2025 by TN United Kingdom