Senior Security Engineer

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Taking full ownership of the security framework for our institutional product, encompassing threat modeling, secure design evaluations, sensitive operational procedures, and incident response.

• Collaborating with engineering teams to ensure secure design practices across our backend systems, which includes reviewing cryptographic protocols and integrations.

• Developing and expanding our application security initiative: secure Software Development Life Cycle (SDLC), code review standards, supply chain fortification, dependency scanning, and secrets management.

• Implementing and managing vulnerability assessments, penetration testing schedules, and bug bounty programs as we grow.

• Enhancing our incident response capabilities: creating runbooks, establishing on-call rotations, and fostering a postmortem culture.

• Working in partnership with our compliance program (with SOC 2 Type II as the initial goal) to set up controls, policies, and evidence collection that meet institutional due diligence requirements.

• Serving as the security representative in discussions with customers, responding to due diligence questionnaires, and conducting security reviews with institutional clients.

⛳️ Requirements

• A minimum of 5 years in security engineering, with substantial responsibility for a production security program (not just advisory or audit-focused).

• Proven experience in securing systems at significant scale while maintaining strong correctness, reliability, and compliance with regulatory standards.

• In-depth knowledge of applied cryptography, including key management, signing protocols, and secure key handling during storage and usage.

• Experience guiding an organization through SOC 2, ISO 27001, or similar certifications.

• Practical experience with cloud security (AWS) and modern deployment platforms; proficient in reading and writing infrastructure code.

• A history of collaborating with engineering teams instead of acting as a barrier; capable of delivering security enhancements through code and policy rather than merely issuing tickets.

• Strong threat modeling skills and the ability to make practical risk assessments in a dynamic startup environment.

• Excellent English communication skills, including the capacity to clearly convey security concepts to institutional clients and auditors.

🏝️ Benefits

• Equal Opportunity: We are dedicated to equal employment opportunities and believe that diverse teams create better products. All qualified candidates will be considered without regard to any protected characteristic as defined by applicable law.