Security Engineer

Security Engineer

Job Description

[Up to c. £230k Comp Package | On-Site Working]

Role Overview

We’re partnered with a highly regarded London-based investment firm seeking a Security Engineer to take on a uniquely influential position within their technology estate. This hire will serve as the technical backbone of the security engineering function - designing the roadmap, shaping control strategy, and ensuring that identity, platform, and cloud security are engineered to a high standard. You’ll work directly with the Cybersecurity Lead while collaborating across infrastructure, development, trading, and compliance groups. Expect a role that mixes architecture, hands-on engineering, and ownership of critical initiatives such as RBAC, PAM, cloud hardening, and data protection...

Key Responsibilities

• Define and drive the technical direction for security engineering, ensuring controls and tooling evolve in line with the firm’s broader technology and business objectives
• Shape and maintain the long-term architectural roadmap for security capabilities, ensuring key assets and data pathways are protected end-to-end
• Act as the principal technical adviser to engineering, infrastructure, trading, and operational teams, offering guidance on emerging threats, modern defensive techniques, and secure design patterns
• Partner closely with internal teams to embed security considerations into new systems and services without hindering performance or workflow
• Lead the design, rollout, and iterative refinement of a firm-wide Role-Based Access Control (RBAC) model, mapping access needs to business roles and ensuring permissions reflect least-privilege expectations
• Build and maintain workflows for access provisioning, deprovisioning, entitlement validation, and periodic reviews to keep access clean and aligned with organisational changes
• Own and evolve Privileged Access Management (PAM) controls, including deployment, integration, secure credential handling, rotation mechanisms, and privileged session oversight
• Implement monitoring strategies that ensure privileged activity is tracked, auditable, and meets internal and regulatory expectations
• Lead cloud security assessments across the firm’s Azure and AWS environments, identifying misconfigurations, excessive permissions, insecure interfaces, and other weaknesses
• Work with cloud and DevOps teams to design and implement remediation steps - covering IAM refinement, network segmentation, encryption practices, API security, and data access controls
• Promote strong cloud security hygiene across the organisation, ensuring new deployments follow best practice and remain compliant with internal and external standards
• Contribute to upcoming security engineering initiatives spanning areas such as application whitelisting, secure development patterns, data categorisation, and data loss prevention
• Produce clear security documentation, engineering guidance, and process materials to support consistency and long-term maintainability

What You’ll Bring…

• 4-8 years' experience in security engineering or infrastructure security roles within technically demanding environments (financial services a plus)
• Strong understanding of identity controls, including RBAC models, entitlement design, and access governance workflows
• Hands-on experience with privileged access tooling, credential lifecycle processes, and privileged session oversight
• Solid grounding in cloud security across Azure and/or AWS, with the ability to identify configuration risks and guide remediation
• Confident scripting capabilities in PowerShell or Python for automating reviews, workflows, or policy-driven tasks
• Working knowledge of endpoint, logging, and vulnerability tooling and how these components tie together
• A pragmatic, outcome-oriented mindset that balances risk reduction with operational efficiency
• A proactive, ownership-driven approach with the ability to define improvements and drive them through to completion
• A strong academic record from a highly selective university (or international equivalent), ideally in a technical discipline

...

Apply for this role

All fields marked with * are required.