Full-timeSecurity & InfrastructureSecEng

Funding Circle

Senior Security Engineer

London

Posted

18d ago

Type

Full-time

Location

London

Job Overview

We’re on a mission to back the UK’s small businesses like no one else 🚀 Small businesses are the backbone of the economy, and we’re here to help them win. We’ve built a platform that uses clever data to get them the funding they need in minutes, not weeks. At Funding Circle, we have the restless energy of a fintech start-up with the stability of a public company. It’s a unique mix that gives Circlers the autonomy to take ownership and the scale to make an impact that truly counts. We’re a high-performing team that chooses to lift each other up. We challenge, we champion, and we have each other’s backs - because we know that when we stand together, we move faster and build better. The impact is real: Last year alone, the businesses on our platform generated £7.2bn for the UK economy 📈 Come and join a mission that matters! [ Read our Impact Report ] | [ See our Trustpilot ] The role ⚡ 📍 London (Hybrid) | 🤝 2 days in the office | 💰 Competitive Salary + Benefits • Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling. • Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components. • Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure. • Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset. • Act as a subject matter expert on DevSecOps, and application security, cloud security (AWS), providing guidance and mentorship to other engineers. • Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring. • Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment. What we’re looking for 🌱 We value deep expertise, but a growth mindset and good energy are what really make our team click. We’re a group that chooses to lift each other up and think smart every day. • Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC). • Champion for Secure Development: Proven track record of defining, implementing, and driving the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering teams. • Security Automation & CI/CD Integration: Hands-on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions. • Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs. • Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS. • Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts. Skills we'd love to see: • Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode). Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE). • Proficiency in security automation using scripting languages (e.g., Python). • Experience working in FinTech or other highly regulated environments. • Experience with mobile application security principles and testing. We’re building a place where everyone truly feels they belong. Even if your past experience doesn't align perfectly with every requirement, we'd still love to hear from you. Why join us? 💜 We back you to build an incredible career and by joining us, you'll be part of one of The Sunday Times Best Companies to Work For 2026 ! As a flexible-first employer, we use a "best of both" approach. We’ll see you in our London office to collaborate – with barista coffee and subsidised Just Eat lunches on us! Our Circler Proposition focuses on five areas: • Flexibility: We provide a benefit allowance you can tailor to your own life and family. • Health: This includes private medical and dental, health assessments, and access to a digital GP. • Wealth: We offer life assurance, share schemes, and financial coaching. • Development: You get a dedicated annual learning allowance to help you level up. • Lifestyle: We have electric car and cycle-to-work schemes, plus season ticket loans. We also have award-winning parental leave policies. We're here to support you through the big life moments, from fertility treatments to new additions to the family. Ready to join a mission that matters? We’d love to chat!

Core Requirements

Security & InfrastructureSecEng