SENIOR SECURITY ENGINEER

We are seeking an experienced Senior Security Engineer to join our dynamic Security Team. In this key role, you will be a key contributor to Funding Circle’s cloud and application security posture. You will leverage your deep expertise in AWS security, secure software development lifecycle (SSDLC) practices, and CI/CD security to implement and champion robust security solutions. You will act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our cloud infrastructure and development processes, ensuring the protection of our platform and customer data in a fast-paced FinTech environment.

EXPOSURE AND KNOWLEDGE OF THE MITRE ATT&CK FRAMEWORK.

• Experience effectively coordinating external penetration testing engagements and managing remediation efforts.

• Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
• Architect, build, and maintain automated security controls, tooling, and “security rails” within CI/CD pipelines to ensure secure and efficient deployments.
• Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
• Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components.
• Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
• Oversee and enhance vulnerability management processes, focusing on strategic remediation, root cause analysis, and preventative measures.
• Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
• Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.
• Act as a subject matter expert on cloud security (AWS), DevSecOps, and application security, providing guidance and mentorship to other engineers.
• Contribute to the incident response planning for complex cloud and application security events.
• Proactively monitor the threat landscape, evaluate emerging cloud security risks and trends, and translate them into actionable security improvements.