[Up to c. £230k Comp Package | On-Site Working]
Role Overview
We’re partnered with a highly regarded London-based investment firm seeking a Security Engineer to take on a uniquely influential position within their technology estate. This hire will serve as the technical backbone of the security engineering function - designing the roadmap, shaping control strategy, and ensuring that identity, platform, and cloud security are engineered to a high standard. You’ll work directly with the Cybersecurity Lead while collaborating across infrastructure, development, trading, and compliance groups. Expect a role that mixes architecture, hands-on engineering, and ownership of critical initiatives such as RBAC, PAM, cloud hardening, and data protection...
Key Responsibilities
* Define and drive the technical direction for security engineering, ensuring controls and tooling evolve in line with the firm’s broader technology and business objectives
* Shape and maintain the long-term architectural roadmap for security capabilities, ensuring key assets and data pathways are protected end-to-end
* Act as the principal technical adviser to engineering, infrastructure, trading, and operational teams, offering guidance on emerging threats, modern defensive techniques, and secure design patterns
* Partner closely with internal teams to embed security considerations into new systems and services without hindering performance or workflow
* Lead the design, rollout, and iterative refinement of a firm-wide Role-Based Access Control (RBAC) model, mapping access needs to business roles and ensuring permissions reflect least-privilege expectations
* Build and maintain workflows for access provisioning, deprovisioning, entitlement validation, and periodic reviews to keep access clean and aligned with organisational changes
* Own and evolve Privileged Access Management (PAM) controls, including deployment, integration, secure credential handling, rotation mechanisms, and privileged session oversight
* Implement monitoring strategies that ensure privileged activity is tracked, auditable, and meets internal and regulatory expectations
* Lead cloud security assessments across the firm’s Azure and AWS environments, identifying misconfigurations, excessive permissions, insecure interfaces, and other weaknesses
* Work with cloud and DevOps teams to design and implement remediation steps - covering IAM refinement, network segmentation, encryption practices, API security, and data access controls
* Promote strong cloud security hygiene across the organisation, ensuring new deployments follow best practice and remain compliant with internal and external standards
* Contribute to upcoming security engineering initiatives spanning areas such as application whitelisting, secure development patterns, data categorisation, and data loss prevention
* Produce clear security documentation, engineering guidance, and process materials to support consistency and long-term maintainability
What You’ll Bring…
* 4-8 years' experience in security engineering or infrastructure security roles within technically demanding environments (financial services a plus)
* Strong understanding of identity controls, including RBAC models, entitlement design, and access governance workflows
* Hands-on experience with privileged access tooling, credential lifecycle processes, and privileged session oversight
* Solid grounding in cloud security across Azure and/or AWS, with the ability to identify configuration risks and guide remediation
* Confident scripting capabilities in PowerShell or Python for automating reviews, workflows, or policy-driven tasks
* Working knowledge of endpoint, logging, and vulnerability tooling and how these components tie together
* A pragmatic, outcome-oriented mindset that balances risk reduction with operational efficiency
* A proactive, ownership-driven approach with the ability to define improvements and drive them through to completion
* A strong academic record from a highly selective university (or international equivalent), ideally in a technical discipline
..