
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Associate Security Engineer
Security Engineer
At Spendesk, we're building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do—our customers trust us to safeguard their financial data, and we're committed to raising the bar for security in fintech.
We're building a dedicated Security Engineering function. You'll join alongside a Senior Security Engineer and together form the operational security backbone of the engineering organisation.
Your Mission
You'll be hands-on across vulnerability management, access controls, monitoring, and secure development support. You'll work closely with a Senior Security Engineer who'll mentor you and help you grow, while partnering day-to-day with Infrastructure and product engineering teams.
This is a hands-on engineering role, not a dashboard-watching SOC seat or a governance role—you'll build, fix, and improve, with a separate team owning policy and risk frameworks. You'll learn fast and ship real improvements from week one. If you like fixing things, digging into alerts, and making systems harder to break, you'll thrive here.
You will sit at the intersection of two domains: as a security engineer, your impact will be directly measured by how effectively you translate second-line-of-defense guidance (from the Compliance and Regulatory team) into practice while ensuring technical alignment and buy-in from the Product and Engineering organisation.
Key Responsibilities
Vulnerability & Incident Management
- Triage vulnerabilities from our bug bounty program, scanners, and dependency checks.
- Support incident response: develop fixes, track resolution, update tickets, and contribute to post-mortems.
- Monitor and process security alerts from our SIEM and other monitoring tools.
Identity & Access Management
- Implement and maintain SSO/MFA configurations for product and infrastructure systems, leveraging Okta and Google Workspace to manage downstream access rights.
- Implement roles and access rights per tool and system.
- Run periodic permission reviews and access audits.
- Manage production secrets and credential rotation.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Secure Development Support & Tooling
- Run pre-deployment security checks: static analysis, dependency scanning, container image scanning.
- Flag issues in code reviews when security patterns are violated.
- Help engineers understand and fix security findings.
Monitoring & Detection
- Monitor SIEM alerts, investigate suspicious activity, and escalate when needed.
- Maintain and tune detection rules under guidance from the Senior Security Engineer.
- Help operate and maintain SIEM infrastructure (ElasticSearch, log collection pipelines).
Security Operations
- Support pentest coordination: prepare test environments, track remediation items.
- Maintain documentation on security procedures and runbooks.
What We're Looking For
Must-haves
- Foundational experience in security engineering, SOC, or a DevOps/SRE role with a strong security focus, eager to deepen across the security stack.
- Solid understanding of web application security (OWASP Top 10, common attack vectors).
- Hands-on experience with at least two of:
- Vulnerability scanning tools
- SIEM/log analysis
- IAM systems (Okta, Google Workspace)
- CI/CD security tooling
- Comfortable scripting (Python, Bash, or similar) to automate repetitive security tasks.
- Collaborative mindset: you work across many teams and communicate security issues clearly and constructively. Rather than binary "allowed/forbidden" calls, you assess and articulate risk through a severity and likelihood lens, bringing teams along instead of acting as a blocker.
Nice-to-haves
- Experience with AWS security (IAM policies, Security Hub, GuardDuty).
- Familiarity with ElasticSearch / ELK stack.
- Exposure to infrastructure-as-code (Terraform) and container security.
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS)—not as an auditor, but enough to understand why controls exist.
- Experience in fintech or a regulated environment.
Note: Not ticking every box? We’d still love to hear from you. At Spendesk, we value skills, potential, and diverse experiences. If this role excites you, we encourage you to apply.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
About Spendesk
Spendesk is the AI-powered spend management and procurement platform that transforms company spending. By simplifying procurement, payment cards, expense management, invoice processing, and accounting automation, Spendesk sets the new standard for spending at work. Its single, intelligent solution makes efficient spending easy for employees and gives finance leaders the full visibility and control they need across all company spend, even in multi-entity structures.
Trusted by thousands of companies, Spendesk supports over 200,000 users across brands such as Payfit, Accor, Welcome to the Jungle, Swile, Big Mamma, Malt, and Yousign. With offices in the United Kingdom, France, Spain, and Germany, Spendesk also puts community at the heart of its mission.
About Our People & Culture
We believe that people do their best work when energised and supported. That's why we empower every Spendesk employee to take ownership of their work, navigate ambiguity, and seize opportunities. Our international team—representing *35+ countries—shares a bold, curious, and kind approach, tackling challenges with a positive mindset. Together, we embrace diversity, empowerment, and boundless growth.
Our Benefits
Our culture is built on trust, empowerment, and growth—with benefits to match:
- Flexible on-site and remote policy – Freedom to work where you thrive.
- Latest Apple equipment – The tools to excel in your role.
- Moka.care – Emotional and mental wellness support.
- Great office snacks – Fuelling your productivity.
- A positive team – Everyday collaboration with colleagues who inspire.
Our location-specific benefits include:
- Health insurance, wellness allowances
- Commuter support and meal vouchers
- Gym memberships
Diversity & Inclusion
At Spendesk, we foster an environment where all differences are celebrated. We aim to attract and build a diverse, equal, and inclusive team, ensuring everyone feels welcome. Our goal is to embrace and encourage perspectives from all backgrounds. If you believe in the power of inclusion, we’d love to have you on board!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location