Define and embed secure software development lifecycle (SSDLC) practices while managing penetration testing engagements and collaborating with engineering teams on security integration.
Small businesses are the backbone of the economy, and we’re here to help them win. We’ve built a platform that uses clever data to get them the funding they need in minutes, not weeks.
At Funding Circle, we have the restless energy of a fintech start-up with the stability of a public company. It’s a unique mix that gives Circlers the autonomy to take ownership and the scale to make an impact that truly counts.
We’re a high-performing team that chooses to lift each other up. We challenge, we champion, and we have each other’s backs - because we know that when we stand together, we move faster and build better.
The impact is real: Last year alone, the businesses on our platform generated £7.2bn for the UK economy 📈 Come and join a mission that matters!
[Read our Impact Report] | [See our Trustpilot]
📍 London (Hybrid) | 🤝 2 days in the office | 💰 Competitive Salary + Benefits
Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.
Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components.
Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.
Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.
Act as a subject matter expert on DevSecOps, and application security, cloud security (AWS), providing guidance and mentorship to other engineers.
Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.
Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.
We value deep expertise, but a growth mindset and good energy are what really make our team click. We’re a group that chooses to lift each other up and think smart every day.
Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC).
Champion for Secure Development: Proven track record of defining, implementing,
and driving the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering teams.
Security Automation & CI/CD Integration: Hands-on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions.
Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs.
Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS.
Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts.
Skills we'd love to see:
Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode). Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE).
Proficiency in security automation using scripting languages (e.g., Python).
Experience working in FinTech or other highly regulated environments.
Experience with mobile application security principles and testing.
We’re building a place where everyone truly feels they belong. Even if your past experience doesn't align perfectly with every requirement, we'd still love to hear from you.
We back you to build an incredible career. As a flexible-first employer, we use a "best of both" approach. We’ll see you in our London office to collaborate – with barista coffee and subsidised Just Eat lunches on us!
Our Circler Proposition focuses on five areas:
Flexibility: We provide a benefit allowance you can tailor to your own life and family.
Health: This includes private medical and dental, health assessments, and access to a digital GP.
Wealth: We offer life assurance, share schemes, and financial coaching.
Development: You get a dedicated annual learning allowance to help you level up.
Lifestyle: We have electric car and cycle-to-work schemes, plus season ticket loans.
We also have award-winning parental leave policies. We're here to support you through the big life moments, from fertility treatments to new additions to the family.
Health Insurance
This includes private medical and dental, health assessments, and access to a digital GP.
Learning Budget
You get a dedicated annual learning allowance to help you level up.
Electric car & cycle-to-work schemes
We have electric car and cycle-to-work schemes, plus season ticket loans.
Funding Circle is a lending platform designed specifically for small businesses, connecting them with investors for fast and affordable financing. By leveraging data analysis, it streamlines the funding process, enabling businesses to secure loans in as little as 48 hours, combining the agility of a startup with the reliability of a public company.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Senior Security Engineer Q&A's