
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Associate Security Engineer
Security Engineer - Spendesk
At Spendesk, we're building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do: our customers trust us to safeguard their financial data, and we're committed to raising the bar for security in fintech.
We're building a dedicated Security Engineering function. You'll join alongside a Senior Security Engineer and together form the operational security backbone of the engineering organisation.
Your Mission
You'll be hands-on across vulnerability management, access controls, monitoring, and secure development support. You'll work closely with a Senior Security Engineer who'll mentor you and help your growth, while partnering day-to-day with Infrastructure and product engineering teams.
This is a hands-on engineering role—not a dashboard-watching SOC seat or a governance role—you'll build, fix, and improve, while a separate team owns policy and risk frameworks. You'll learn fast and ship real security improvements from day one. If you love fixing things, digging into alerts, and making systems harder to break, you'll thrive here.
You’ll sit at the intersection of two domains: as a security engineer, your impact will be directly measured by how effectively you translate second-line-of-defense guidance (from the Compliance and Regulatory team) into practice while ensuring technical alignment and buy-in from the Product and Engineering organisation you’ll be part of.
Key Responsibilities
Vulnerability & Incident Management
- Triage vulnerabilities from our bug bounty program, scan tools, and dependency checks.
- Support incident response: develop fixes, track resolution, update tickets, and contribute to post-mortems.
- Monitor and process security alerts from our SIEM and other monitoring tools.
Identity & Access Management
- Implement and maintain SSO/MFA configurations for product and infrastructure systems, leveraging Okta and Google Workspace to manage downstream access rights.
- Implement and enforce role-based access controls (RBAC) per tool and system.
- Run periodic permission reviews and access audits.
- Manage production secrets and credential rotation.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Secure Development Support & Tooling
- Run pre-deployment security checks, including static analysis, dependency scanning, and container image scanning.
- Flag security issues in code reviews when security patterns are violated.
- Help engineers understand and fix security findings.
Monitoring & Detection
- Monitor SIEM alerts, investigate suspicious activity, and escalate when needed.
- Maintain and tune detection rules under guidance from the Senior Security Engineer.
- Help operate and maintain SIEM infrastructure (ElasticSearch, log collection pipelines).
Security Operations
- Support pentest coordination: prepare test environments, track remediation items.
- Maintain documentation on security procedures and runbooks.
Must-Haves
What We’re Looking For
- Foundational experience in security engineering, SOC operations, or a DevOps/SRE role with a strong security focus, eager to deepen skills across the security stack.
- Solid understanding of web application security (OWASP Top 10, common attack vectors).
- Hands-on experience with at least two of:
- Vulnerability scanning tools
- SIEM/log analysis
- IAM systems (Okta, Google Workspace)
- CI/CD security tooling
- Comfortable scripting (Python, Bash) to automate repetitive security tasks.
- Collaborative mindset: work across multiple teams and communicate security issues clearly and constructively. Assess and articulate risk through severity and likelihood, bringing teams along rather than acting as a blocker.
Nice-to-Haves
- Experience with AWS security (IAM policies, Security Hub, GuardDuty).
- Familiarity with ElasticSearch/ELK stack.
- Exposure to infrastructure-as-code (Terraform) and container security.
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS): sufficient to understand why controls exist (not as an auditor).
- Experience in fintech or a regulated environment.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Additional Notes
As we are an international team, please submit your application and CV in English.
Not ticking every box? We’d still love to hear from you. At Spendesk, skills, potential, and diverse experience matter most. If this role excites you and you believe you could contribute, we encourage you to apply.
About Spendesk
Our Mission
Spendesk is the AI-powered spend management and procurement platform transforming company spending. By simplifying:
- Procurement
- Payment cards
- Expense management
- Invoice processing
- Accounting automation
it sets the new standard for spending at work. Its single, intelligent solution makes efficient spending easy for employees and gives finance leaders full visibility and control—even in multi-entity structures.
Trusted by thousands of businesses including Payfit, Accor, Welcome to the Jungle, Swile, Big Mamma, Malt, and Yousign, Spendesk supports 200,000+ users across global markets.
We have offices in the UK, France, Spain, and Germany, and place community building at the heart of our mission.
About Our People & Culture
We believe people do their best work when given freedom to thrive and grow. Our values include:
- Empowering take ownership
- Navigating ambiguity
- Bold, curious, and kind approach
- Positive, growth-focused mindset
Since we recruit globally (35+ countries), we embrace differences, encourage diversity, and foster inclusion—so everyone feels welcomed and valued.
Our Benefits
A culture built on trust, empowerment, and growth—supported by:
Work Environment
- Flexible on-site and remote policy
- Latest Apple gear
Wellbeing
- Access to Moka.care (emotional and mental health support)
- Fantastic office snacks
Additional Rewards
- Positive, collaborative team environment
- Market-specific benefits (health insurance, wellness allowances, commuter support, meal vouchers, gym memberships)
We welcome and celebrate professionals from all backgrounds, so if you are bold, ever-curious, and passionately curious, we’d like to meet you!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location