Infrastructure Security Engineer

We are looking for a Senior Infrastructure Security Engineer with a proven track record in keeping systems safe. You will play a critical role in building and providing tooling that monitors our entire stack, from supporting our consumer-facing products and our institutional offerings to ensuring that we are capable of rapidly responding to cyber attacks on our colleagues and endpoints.

Throughout our company, Security is a well-established mindset that leverages novel engineering approaches - as a Senior Infrastructure Security Engineer, you will lead by example and drive technical discussions with engineering teams and influence the overall architecture of our platform.

Our day-to-day work is interesting and dynamic, driven by a focus on proactive threat actor identification and in-depth investigation of security issues. These practices are key to ensuring strong product security and fostering continuous, iterative improvement.

WHAT YOU WILL DO:

• Design, build, and implement security controls, automation, and processes across product, platform, and infrastructure environments.
• Identify operational and technical security gaps, propose solutions, and drive engineering initiatives to close them.
• Collaborate with the SRE and engineering teams to integrate security into CI/CD pipelines, deployment workflows, and cloud-native architectures.
• Build automated tooling and services to enforce secure configurations, detect misconfigurations, and support continuous compliance.
• Assist in threat modeling, design reviews, and architectural assessments for new and existing systems.
• Contribute to internal security documentation, best practices, and developer guidance.
• Participate in security incident response when engineering expertise or automation support is needed.

WHAT YOU WILL NEED:

• 4+ years of experience in security engineering, platform security, or DevSecOps roles.
• Hands-on experience implementing security controls and automation within cloud environments, GCP or AWS are preferred.
• Proficiency in modern scripting, automation and infrastructure as code e.g. Python, Bash, Go, Terraform, or similar.
• Ability to collaborate closely with engineering teams and translate security requirements into practical, scalable solutions.
• Strong analytical and problem-solving skills, with a bias toward automation over manual workflows.
• Curiosity, ownership, and a drive to continuously improve the security posture of complex systems.
• Familiarity with some of the following: Cloudflare (DDoS protection, WAF), OSS SIEM tools (Splunk, Elastic, etc), Incident management platforms (e.g. Incident.io, PagerDuty)
• Familiarity with at least one of the following CI/CD systems (Github Actions, Concourse, CircleCI)
• Familiarity with maintaining HIDS systems (Wazuh preferred).

NICE TO HAVE

• Knowledge of security standards and governance frameworks (e.g., CIS Benchmarks, NIST, SOC2, ISO 27001, PCI DSS) and how to operationalize them.
• Hands-on experience with building and maintaining a SIEM comprised of open-source and hosted components
• Experience securing consumer-facing web and iOS / Android applications
• Experience designing policies and administering Vault & other Hashicorp products.
• Experience managing security vendors

COMPENSATION & PERKS

• Full-time salary based on experience and meaningful equity in an industry-leading company
• This is a role based in our London office, with a mandatory in-office presence four days per week.
• Work from Anywhere Policy: You can work remotely from anywhere in the world for up to 20 days per year.
• ClassPa