Role Overview

We are seeking a Senior Security Engineer to embed security throughout our product development lifecycle. You''ll work directly with engineering teams to identify and mitigate security risks through threat modeling, secure code reviews, and integrated security tooling across our web and mobile applications. This role is critical to establishing our secure development practices, implementing industry-standard SSDLC processes, and ensuring our financial products are resilient against evolving threats.Key Responsibilities

Secure Development Lifecycle (SDLC) Implementation

Design and implement secure software development practicesIntegrate security gates into CI/CD pipelines following DevSecOps principlesEstablish security quality gates and acceptance criteriaDevelop secure coding standards based on OWASP guidelinesCreate security architecture patterns and reference implementationsSecurity Code Reviews and Testing

Conduct in-depth security code reviews for critical featuresImplement automated security testing (SAST, DAST, IAST, SCA)Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc)Review cryptographic implementations against industry standardsValidate authentication and authorization implementationsEnsure compliance with OWASP ASVS (Application Security Verification Standard)Threat Modeling and Risk Assessment

Lead threat modeling sessions using STRIDE, PASTA, or similar frameworksCreate threat models for new products and architectural changesIdentify attack vectors specific to web and mobile platformsDevelop abuse cases and security test scenariosMaintain threat intelligence for fintech-specific risksDocument security requirements derived from threat modelsPlatform-Specific Security

Web Applications:

Implement defenses against OWASP Top 10 vulnerabilitiesMobile Applications:

Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config)APIs:

Implement API security best practices (rate limiting, authentication, input validation)Cross-platform session management and secure data storageSecurity Tooling and Automation

Build and maintain security testing pipelinesIntegrate security tools with GitHub ActionsDevelop custom security linters and pre-commit hooksCreate automated vulnerability tracking and remediation workflowsImplement secret scanning and dependency checkingBuild security dashboards and metrics reportingDeveloper Enablement and Training

Create secure coding guidelines for different technology stacksDevelop a security champions program aligned with OWASP SAMMConduct security training on platform-specific vulnerabilitiesProvide hands-on guidance during security incidentsBuild internal security libraries and frameworksCreate threat modeling templates and playbooksRequired Qualifications

Technical Expertise

5+ years of application security experienceStrong programming skills in multiple languages (Python, JavaScript/TypeScript, Golang)Deep understanding of security vulnerabilities across web and mobile platformsHands-on experience with security testing tools and methodologiesExpertise in secure coding practices and design patternsExperience with modern development frameworks (React, Angular, ReactNative, Flutter)Security Domain Knowledge

Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS)Understanding of cryptographic principles and secure implementationsExperience with threat modeling methodologiesKnowledge of authentication standards (OAuth2, OIDC, WebAuthn)Familiarity with PCI-DSS, PSD2, and Strong Customer Authentication requirementsUnderstanding of cloud-native security patternsCode Review and Analysis Skills

Ability to identify security vulnerabilities through manual code reviewExperience with static and dynamic analysis toolsUnderstanding of common vulnerability patterns across languagesKnowledge of secure architecture patterns and anti-patternsAbility to provide actionable remediation guidanceProfessional Requirements

Experience in financial services or high-security environmentsStrong communication skills to explain security risks to developersAbility to balance security requirements with development velocityCollaborative approach to working with engineering teamsTechnical writing skills for documentation and guidelinesPreferred Qualifications

Experience with payment systems and transaction securityKnowledge of mobile app protectionExperience building security champions programsBackground in penetration testing or security researchKey Projects and Initiatives

You\''ll lead critical security initiatives, including:Building threat modeling practice for all productsEstablishing automated security testing in CI/CD pipelinesCreating platform-specific security standards and librariesDeveloping a security training curriculum for 200+ developersWhat We Offer

Direct impact on the security of products used by thousands of businessesWork with cutting-edge fintech products across multiple platformsCollaborate with talented engineers across 25+ countriesModern security tooling and testing infrastructureInvestment in professional development and certificationsClear progression path to Staff/Principal roles#LI-AT1#HYBRIDAbout Us

Ebury is a FinTech success story, positioned among the fastest-growing international companies in its sector.Founded in 2009, we are headquartered in London and have more than 1700 staff with a presence in more than 29 markets worldwide. Cultural diversity is part of what makes Ebury a special place to be. From Sao Paulo to Dubai, Vancouver to Auckland, we enjoy sharing team experiences and celebrating success across our global family.Hard work pays off: in 2019, Ebury received a £350 million investment from Banco Santander and has won internationally recognised awards including Financial Times: 1000 Europe\''s Fastest-Growing Companies.None of this would have been possible without our proudest achievement: our great people. Enthusiastic, innovative and collaborative teams, always ready to disrupt and revolutionise the fast-paced FinTech sector.At Ebury, we\''re committed to building a workplace where everyone feels valued, supported, and empowered to thrive. We\''re proud to have active employee networks and ESG initiatives that reflect our inclusive culture, including our

Women\''s Network ,

LGBTQIA+ Network , and

Veterans Network . These communities provide spaces for connection, mentorship, advocacy, and collaboration across our global teams.We believe in inclusion. We stand against discrimination in all forms and have no tolerance for the intolerance of differences that makes us a modern and successful organisation. At Ebury, you can be whoever you want to be and still feel a sense of belonging no matter your story because we want you and your uniqueness to help write our future.Please submit your application on the careers website directly, uploading your CV / resume in English.

#J-18808-Ljbffr