Senior Platform Security Engineer

Role Overview

• Architect Secure Foundations: You help the platform team to own the security of our developer platform. This includes designing, building, and maintaining security controls and services within our CI/CD pipelines.
• Secure Our Infrastructure as Code (IaC): Partner with your Platform teammates to be the subject matter expert for securing our Terraform modules and cloud environments (AWS, Azure). You'll focus on preventing misconfigurations before they're deployed.
• Incident Response and Operations: Participate in the team's on-call rotation, including out-of-hours coverage to support platform availability and security. We strive to keep our rotation sustainable and low-noise to respect your work-life balance. You will assist in troubleshooting critical issues, lead the response for security-specific incidents. Crucially, we believe in a blameless culture, so you will drive post-mortems focused on learning and preventing recurrence.
• Build a Secure "Paved Road": Seamlessly integrate and orchestrate security testing (SAST, DAST, SCA, container scanning) into developer workflows. The goal is to make security testing a self-service, low-friction part of the development lifecycle.
• Enable Vulnerability Remediation: Develop tools and processes to help engineering teams triage, prioritise, and remediate vulnerabilities. Your focus will be on automating discovery and providing clear, actionable context to developers.
• Implement Platform-Level Detection: Leverage our cloud security and observability platforms to build robust, automated threat detection and response capabilities for the platform itself.
• Be a Security Partner: In partnership with Infosec team, act as a primary security consultants for our developers. You'll provide expert guidance on secure coding (Elixir, TypeScript/Node, Python), secret management, and securing our event-driven architecture and AI services.
• Govern Emerging Technologies: Help architect and implement our AI Management System, ensuring our innovative AI services are built on a secure foundation that meets governance standards like ISO42001.

Requirements

• A "Builder" Mindset: You have strong coding and scripting skills (e.g., Python, TypeScript/Node) and a passion for automating everything.
• Cloud & Infrastructure Experience: You have experience building and securing modern cloud-native infrastructure, including CI/CD pipelines (like GitHub Actions), cloud environments (AWS/Azure), and Infrastructure as Code (like Terraform).
• Application Security Knowledge: You have a solid understanding of the AppSec landscape and practical experience integrating tools (SAST, DAST, SCA) into developer workflows.
• A Collaborative Partner: You have excellent communication skills. You enjoy collaborating with engineering teams and translating complex security concepts into clear guidance.
• Observability-Driven: You have experience using security and monitoring platforms (like Datadog) to detect and respond to threats.

Tech Stack

• AWS
• Azure
• Cloud
• Elixir
• Node.js
• Python
• Terraform
• TypeScript

Benefits

• 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year
• private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill
• all in one mental health support
• hybrid work offering
• for most roles we collaborate in the office three days per week with the exception of Coaches and Instructors who collaborate in the office once a month
• Work-from-anywhere scheme
• you'll have the opportunity to work from anywhere, up to 10 days per year
• Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!