Staff Cyber Security Engineer

## About the roleWe are looking for a hands-on Staff Cyber Security Engineer to join our InfoSec team and help secure our growing platform and products.This role requires an engineer who can bridge the gap between development teams and security governance, ensuring we maintain a high standard of security, operational resilience, and regulatory compliance as we scale.You will be instrumental in the execution of our security strategy, directly contributing to our Application Security programme, advancing our DevSecOps capabilities, and supporting key Governance, Risk, and Compliance (GRC) activities.**What you’ll be doing**This is a hybrid role covering both technical security implementation and critical compliance/risk management support:**Application Security & DevSecOps*** Secure Development: Work directly with engineering teams to embed security best practices throughout the SDLC.* Automation: Implement, maintain, and tune DevSecOps tools and pipelines (SAST, DAST, SCA) to automatically identify and remediate security flaws in code and infrastructure.* Threat Modelling: Conduct and facilitate threat modelling sessions for new features and systems to proactively identify design-level risks.* Vulnerability Management: Triage, validate, and track vulnerabilities identified across applications and infrastructure, driving efficient remediation efforts.* Security Architecture: Provide technical advice on the secure design and configuration of our cloud environment (AWS/GCP) and associated technologies (Kubernetes, GitOps, Snowflake, Vault).**Governance, Risk, & Compliance (GRC)*** Vendor Security Reviews: Execute vendor security assessments and due diligence reviews for new and existing third-party suppliers, maintaining required documentation for the Vendor Governance Forum.* Audit Support: Assist the team in achieving and maintaining compliance with key regulatory and industry frameworks, including GDPR, ISO 27001, SOC2, and PCI DSS, by gathering evidence and documenting controls.* Policy & Standards: Help translate high-level security policies into practical, actionable security standards and control requirements for engineering teams.* Risk Reporting: Document and track identified risks from AppSec, vendor reviews, and operations, ensuring they are accurately captured and reported.* Security Training: Support the delivery of security awareness and training programs tailored for technical and non-technical staff.**What we're looking for*** Proven, senior experience as a Cyber Security Engineer or similar role* Hands-on experience implementing and managing security tooling within CI/CD pipelines* Familiarity with modern cloud environments (AWS, GCP, or Azure) and container orchestration technologies (e.g., Kubernetes)* Practical experience in conducting vendor security assessments and performing technical due diligence on third parties* Good working knowledge of common security frameworks and regulations (e.g., ISO 27001, SOC2, PCI DSS), with experience supporting audit processes* A strong understanding of common web application vulnerabilities and effective mitigation strategies* Awareness or practical experience with AI-powered security tooling (e.g., AI-driven monitoring, generative AI for code review, or AI defense mechanisms)* Excellent communication skills, capable of explaining complex security concepts to both technical and non-technical audiences**Desirable*** Relevant certifications (e.g., OSCP, CISSP, CSSLP, AWS Security Specialty)* Experience with Engineering and Automation tooling (e.g., Terraform, CloudFormation, GitHub, Python)**Interview process*** Intro Call with People Team: A brief conversation to get to know you and your background.* Call with InfoSec team member: A deeper dive into your experience and how it aligns with our vision.* Final Technical and Cultural Interview: A deeper session where you’ll meet with several team members and stakeholders to discuss your motivations and expertise, and your approach to delivery and collaboration.* The opportunity to scale up one of the **world’s most successful** fintech companies* **Best-in-class** compensation, including equity* You can work from home **every Monday and Friday** if you wish - on the other days we all come together IRL to be together, build and exchange ideas* **Our in-house chefs** prepare fresh, healthy lunches in the office every Tuesday-Thursday* We care for our Lendies’ well-being both physically and mentally, so we offer coverage when it comes to **private health insurance*** We're an **equal opportunity employer** and are keen to make Lendable the most inclusive and open workspace in London