Security Engineer
Confidential | AI Startup (Series A, Venture Funded) | London (Hybrid)
We are a London and New York based, Series A artificial intelligence startup with $25m in funding from venture capital funds across San Francisco and Palo Alto. We have raised $25m to date, partner with some of the world’s largest and most complex enterprises (Fortune 500 and equivalent), and are currently growing our team from approximately 30 to 60 employees.
We’re seeking a hands-on Security Engineer with 4+ years of experience in high-growth, cloud-native environments to help us enhance and implement security across our tech landscape including web application, cloud infrastructure and endpoints, working alongside our customers, and promote a security-first culture as we scale.
As our first dedicated security engineering specialist, you’ll work both operationally and strategically, partnering closely with our Information Security & Risk Management Lead and collaborating cross-functionally with engineering, product, and other teams.
You’ll own the technical aspects of security, implement and harden controls, manage threats, respond to incidents, elevate our security posture, ensure a security-first culture and drive strategic improvements and projects as we scale. You’ll also collaborate with our Solutions Engineering Lead on enterprise onboarding, helping customers navigate security, identity, networking, and compliance requirements during technical validation and rollout.
Location: London
Working pattern: Hybrid (3 days per week in a central London office)
LOCATION
Hybrid: London based in our office in Central London, with flexible, fluid work options that support in-person collaboration where it makes sense.
We’re committed to building a diverse team and welcome people from all backgrounds to apply. If you’re excited about this role and our mission but aren’t sure you meet every qualification, reach out anyway. You may be just the right candidate.
The Role
What you’ll do:
* Conduct security assessments, threat hunts, code and logs reviews, and penetration testing to identify vulnerabilities in our applications, and drive continuous monitoring improvements.
* Design, implement, optimize, and monitor security controls and tooling from the ground up, strengthening security across endpoints, infrastructure, and application CI/CD pipelines.
* Collaborate with engineering teams to raise the security bar through reviews, guidance, and automation.
* Respond to security incidents in real time - manage containment, remediation, forensics, and root cause analysis. Also participate in tabletop exercises, incident simulations, and coordinate external penetration tests.
* Partner with Solutions Engineering to support enterprise customer onboarding, including SSO integrations (SAML/OIDC), network allowlisting, and security reviews.
* Join customer-facing technical and security discussions where needed, acting as a trusted security point of contact.
* Risk Management: support the Information Security & Risk Management Lead with vendor security assessments to evaluate third-party risk, and ensure we meet our present and future regulatory and certification requirements (GDPR, ISO 27001, ISO 42001 etc.).
* Stay current on emerging threats, vulnerabilities and technologies, and contribute to company-wide security awareness initiatives.
What You Can Expect
* Modern cloud-native stack with the opportunity to influence tooling and architecture.
* Immediate impact by choosing and deploying new tooling to enable a fast-growing business.
* Customer-facing impact - help unlock enterprise deals and accelerate adoption by reinforcing trust, compliance, and smooth technical onboarding. Security as a sales lever, not a cost.
* Autonomy and collaboration - the opportunity to focus on coding/programming and implementation, but also collaborating cross-functionally with other teams such as solutions engineering, product, and GTM.
* Growth potential - opportunity to define our security architecture to ensure resilience and security, including HA and ZTNA in a growing global business.
* You’ll work with people who are passionate about what they do, supported by leaders who are empowering, supportive and inclusive.
Experience
You might be a good fit if you have:
* 4+ years in cybersecurity or technical security or solutions engineering roles.
* Hands-on experience deploying and managing security tooling - such as DLP, EDR, IAM, MDM, SIEM, ZTNA, or vulnerability scanners, and enjoy solving problems at the implementation level.
* Strong communication skills and comfortable communicating technical security concepts to non-security stakeholders.
* Working knowledge of networking, Windows/macOS, and security protocols.
* Experience with security reporting and compliance tools.
* Cloud security knowledge (we use AWS).
* Proficient in programming languages e.g. Typescript, Python, Bash, or similar.
* Strong skills in log analysis, threat investigation, and incident response.
* A proactive and solution-oriented mindset, with a bias for action.
Desirable
It would be a bonus if you have expertise in, or a desire to gain experience in, one or more of the following (note that candidates are not expected to have comprehensive knowledge in all areas)
* Hands-on experience with AWS and AWS security services (CloudTrail, GuardDuty, WAF, IAM, Security Hub).
* Experience supporting enterprise customers during technical onboarding or security validation.
* DAST/SAST tooling and IaC security expertise.
* Knowledge of Kubernetes and container security.
* Identity & Access Management experience (e.g. Okta).
* Experience with JVM languages, Terraform/IaC, CDK, or React.
* Familiarity with GDPR, ISO 27001, SOC 2, EU AI Act/LLMs.
* Experience delivering audits or using GRC tools (e.g. Drata, Vanta)
* Interest in AI and/or knowledge of AI security risks and frameworks (e.g. ISO 42001).
* Security qualifications or certifications such as Security+, CySA+, GSEC, CCSP, CISM, CISA, CISSP, ISO 27001 LI/LA.