Security Engineer

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Engineer based in United Kingdom.

This is a hands-on product security role at the heart of a fast-scaling payments infrastructure environment. You will help design, review, and continuously improve the security posture of systems processing payments at global scale. The role combines deep technical execution with strategic influence, as you work closely with engineering teams building cloud, infrastructure, and product capabilities. You will be responsible for identifying risks early, shaping secure architecture decisions, and ensuring security is embedded throughout the development lifecycle. The environment is highly collaborative, engineering-led, and fast-moving, with strong ownership and autonomy. This is a unique opportunity to join a growing security function early and help define its long-term structure, tooling, and standards.

• Conduct security reviews and threat modeling across product features and system designs, translating findings into clear, actionable recommendations for engineering teams.
• Take ownership of end-to-end security initiatives, from initial design and planning through implementation and rollout.
• Build and maintain internal security tooling and automation to streamline reviews, detection, and remediation workflows.
• Coordinate penetration testing activities and ensure timely tracking and resolution of identified vulnerabilities.
• Support compliance programs such as SOC2 and PCI, including evidence gathering, audit preparation, and remediation tracking.
• Contribute to the broader Application Security roadmap, including initiatives in cloud security, supply chain security, AI-related risks, and ASPM.
• Engage in proactive security research and incident investigation to continuously improve system resilience.
• Partner closely with Cloud, Infrastructure, and Engineering teams to embed security into daily development practices.

Requirements:

• Proven experience in product or application security, including conducting threat modeling and security reviews in production environments.
• Strong ability to read and write code, with a hands-on mindset for building security tools and automation rather than only reviewing findings.
• Solid understanding of risk evaluation, with the ability to balance real-world threats against theoretical vulnerabilities and communicate trade-offs clearly.
• Experience delivering security projects independently while aligning with broader technical direction and collaborating with senior engineers when needed.
• Strong communication skills, particularly in translating security concepts to non-security engineering teams.
• Familiarity with cloud, distributed systems, or modern software architectures is highly beneficial.

Nice to have:

• Exposure to or interest in compliance frameworks such as SOC2 or PCI DSS.
• Experience in fintech, payments, or other regulated, high-security domains.
• Interest in advanced security areas such as supply chain security, detection engineering, or AI-related security challenges.

Benefits:

• Fully remote-first work environment with global flexibility.
• Competitive share options as part of long-term alignment.
• Minimum 25 days of paid vacation, with uncapped holiday allowance.
• Access to co-working spaces worldwide.
• Workations and annual company retreats to support team connection.
• Top-tier equipment and home office support (including setup budget).
• Generous learning and development budget for courses, certifications, and training.
• Private medical insurance and additional location-based benefits.
• Flexible, distributed culture designed to support deep technical work and autonomy.