Rodeo
ResourcesPartnersSign in

Spendesk

Senior Security Engineer

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Security Engineer

Senior Security Engineer 🛡️

At Spendesk, we’re building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do: our customers trust us to safeguard their financial data, and we’re committed to raising the bar for security in fintech.

We’re creating a dedicated Security Engineering function. You’ll be the first senior hire in this space, shaping how we protect our platform, respond to threats, and build a security-aware engineering culture from the inside.


Your Mission

You’ll be the security conscience for engineering—building tooling, training developers, and partnering with Infrastructure on secure-by-default solutions. You own the technical security roadmap:

  • Partnering with the compliance team to identify risks,
  • Translating findings into actionable engineering-native tools and processes, and
  • Driving remediation while raising standards across the organisation.

This is a pure engineering role, not governance or compliance—policy and risk frameworks are owned by a separate team. An individual contributor track with high influence, focused on technical depth, not people management.

  • You’ll mentor an Associate Security Engineer,
  • Shape practices across engineering squads, and
  • Be the go-to person for security guidance when needed.

You’ll be hands-on across the full security surface from day one. As the team grows, you’ll shift from day-to-day operations toward architecture, strategy, and mentoring, acting as the escalation point for the Associate Security Engineer.


Key Responsibilities

Vulnerability & Incident Management

  • Own and operate our bug bounty program:
    • Manage the platform,
    • Set escalation thresholds,
    • Drive strategic improvements.
  • Act as the escalation point for vulnerability triage, leading on complex or high-severity findings.
  • Lead security incident response:
    • Qualification, forensics (including fraud investigations),
    • Fix coordination,
    • Post-mortem,
    • Resolution tracking.

Detection & SIEM

  • Own our SIEM platform (ElasticSearch, multi-node Linux):
    • Architecture,
    • Detection rules,
    • Indicators of compromise.
  • Build and evolve detection coverage, prioritising signal quality over manual toil.
  • Create and maintain security runbooks and operational documentation.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Identity & Access Management (IAM)

  • Own IAM implementation and operations for product and infrastructure systems (downstream of corporate IT):
    • SSO/MFA configuration,
    • Role and access-rights implementation,
    • Periodic permission reviews,
    • Secrets rotation.
  • Work within authentication standards set by the security governance team.

Secure Development & Audits

  • Embed security into the development lifecycle:
    • Threat modelling,
    • Secure code patterns,
    • CI/CD hardening.
  • Conduct technical security reviews of:
    • Code (TypeScript, Node.js, Python),
    • Infrastructure-as-code (Terraform),
    • Multi-tenant AWS environments.
  • Define and implement security analysis and testing procedures integrated into deployment pipelines.
  • Coordinate and execute penetration tests and security audits:
    • Prepare environments,
    • Manage auditor relationships,
    • Drive post-audit action plans.
  • Drive remediation within qualification rules and timeframes set by security governance.

Education & Influence

  • Coach engineers on secure development through:
    • Workshops,
    • Secure-code guidance,
    • Design reviews.
  • Surface security risks and recommendations to engineering leadership;
    • Own the security backlog and roadmap.
  • Partner with Infrastructure on secure-by-default solutions.

Must-Haves

We’re looking for:

  • A track record of owning security outcomes end-to-end, with hands-on experience in at least three of:
    • Code auditing,
    • Infrastructure security (AWS/Linux),
    • Penetration testing,
    • SIEM operations,
    • Incident response.
  • Ability to own a roadmap:
    • Identify priorities,
    • Build a plan,
    • Execute autonomously,
    • Communicate progress to non-specialists.
  • Deep understanding of modern web architectures (microservices, cloud-native, PaaS/SaaS) and their vulnerabilities.
  • Strong scripting and automation skills (Python, Bash, or similar).
  • Experience mentoring other engineers or security practitioners.
  • Excellent communication:
    • Explain a CVSS 9.8 to a PM and get it prioritised.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Nice-to-Haves

  • Experience with ElasticSearch/ELK stack in production.
  • Familiarity with:
    • AWS, GCP, Snowflake, Datadog, Okta.
  • Knowledge of security standards and frameworks:
    • ISO 27001, OWASP, SOC 2, PCI-DSS.
  • Experience in a regulated fintech or payments environment.
  • Reverse engineering and analysis of minified/obfuscated code.

"Not ticking every box? We’d still love to hear from you. At Spendesk, we value skills, potential, and diverse experiences."


About Spendesk

Spendesk is the AI-powered spend management and procurement platform transforming company spending. By simplifying procurement, payment cards, expense management, invoice processing, and accounting automation, we set a new standard for spending—empowering employees while giving finance leaders full visibility and control.

Trusted by thousands of companies (including Payfit, Accor, Welcome to the Jungle, Swile, Big Mamma, Malt, and Yousign), we support 200,000+ users together.

With offices in the UK, France, Spain, and Germany, we prioritise community and innovation.

🔗 More info: www.spendesk.com/press


About Our People & Culture

We believe people thrive when empowered to grow. Our core values: ✔ Liberation—Ownership, navigate ambiguity, and seize opportunities. ✔ Diversity & Inclusion—Celebrate all backgrounds and perspectives. ✔ Bold curiosity with a positive mindset.

Our team represents +35 countries, united by collaboration, kindness, and challenge-solving.


Benefits

Flexibility & Work-Life Balance

📍 Flexible on-site and remote policy—work where you thrive. 🍎 Latest Apple equipment—macOS upgrades included.

Wellbeing & Support

💙 Moka.care—Emotional and mental health support. 🧀 Great office snacks—Fuel your work. 👥 A positive team—Colleagues you enjoy working with.

Market-Specific Perks

🏥 Health insurance & wellness allowances 🚇 Commuter support 🍽 Meal vouchers 🏋 Gym memberships


"At Spendesk, we build a culture for everyone, with everyone. Apply to help us shape the future of spend management!"

📌 Note: As we are an international team, please submit your application and CV in English.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Engineering
Incident Response
Vulnerability Management
SIEM Operations
Code Auditing
Infrastructure Security
Penetration Testing
Secure Development
AWS
Python
Bash
Automation
Communication
Mentoring
Threat Modelling
CI/CD Hardening

Location

London, England, United Kingdom

Sign up to applySee more jobs like this