Senior Security Engineer We are seeking an experienced Senior Application Security Engineer to join our dynamic Security Team. This is a key role where you will be a primary contributor to Funding Circle's security posture, with a strong focus on Application Security. You will leverage your deep expertise in secure software development lifecycle (SSDLC) practices and CI/CD security to act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our development processes. You will also apply your knowledge of AWS to secure the underlying cloud infrastructure. Join us to protect our platform and customer data in a fast-paced FinTech environment. Who are we? We're Funding Circle. We back small businesses to succeed. At Funding Circle, we believe the world needs small businesses. That's why we've made it our mission to help them get the finance they need to grow. With more than a decade of expertise under our belt, we've built a game-changer of a platform with cutting-edge data and technology that's reshaping the landscape of SME lending. Say goodbye to lengthy applications and hello to lightning-fast decisions! In just minutes, SMEs across the UK can get a decision, giving them access to competitive funding in a flash. We know that good business is about good people. So we pride ourselves on providing meaningful, human support as well as fast, hassle free processes to deliver an unbeatable customer experience. The role Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling. Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components. Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure. Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset. Act as a subject matter expert on DevSecOps, and application security, cloud security (AWS), providing guidance and mentorship to other engineers. Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring. Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment. What we're looking for Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC). Champion for Secure Development: Proven track record of defining, implementing, and driving the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering teams. Security Automation & CI/CD Integration: Hands-on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions. Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs. Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS. Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts. Nice to have Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode). Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE). Proficiency in security automation using scripting languages (e.g., Python). Experience working in FinTech or other highly regulated environments. Experience with mobile application security principles and testing. At Funding Circle we are committed to building diverse teams so please apply even if your past experience doesn't align perfectly with the requirements. Want to learn more? We have a huge impact on the businesses that borrow through our platform, the communities they serve and the overall economy (last year £6.9bn of GDP generated). You can read our full Impact Report here: https://www.fundingcircle.com/uk/impact To see what our customers think, visit our Trustpilot page: https://uk.trustpilot.com/review/fundingcircle.com And we're still evolving! Our award-winning multi-product platform is solving more SME finance challenges than ever before. We think big, rally together and meet the needs of SME customers like no other. Why join us? At Funding Circle, we celebrate and support the differences that make you, you. We're proud to be an equal-opportunity workplace and affirmative-action employer. We truly believe that diversity makes us better. As a flexible-first employer we offer hybrid working at Funding Circle, and we've long believed in a 'best of both' approach to in-office collaboration and non-office days. We expect our teams to be in our London office two times a week, where you can take advantage of our newly refurbished hybrid working space, barista made coffee and subsidised lunches (via JustEat) every day! We back our Circlers to build their own incredible career, making a difference to small businesses every day. Our Circler proposition is designed to support employees both in and out of work, and it is anchored around four pillars: Health, Wealth, Development & Lifestyle. A few highlights: Health: Private Medical Insurance through Aviva, Dental Insurance through Bupa, MediCash, access to free online therapy sessions and exclusive discounts with Hertility for reproductive health support. Wealth: Octopus Money Coach, free mortgage advisor partnership and discounts across numerous retailers through Perks at Work. Development: Dedicated annual learning allowance and full access to internal learning platform. Lifestyle: Wellhub (for fitness discounts), Electric Car Scheme and more! And finally, we have award winning parental leave policies supporting parents through enhanced maternity, partner and adoption leave, as well as additional leave for parental bereavement and for fertility treatments. Ready to make a difference? We'd love to hear from you.