
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Security Engineer
Security Engineering Lead
At Spendesk, we're building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do: our customers trust us to safeguard their financial data, and we're committed to raising the bar for security in financial technology (fintech).
Why This Role?
We're creating a dedicated Security Engineering function. You’ll be the first senior hire in this area, shaping how we protect our platform, how we respond to threats, and how we build a security-aware engineering culture from within.
Your Mission
You’ll serve as the security conscience for engineering, building tooling, training developers, and partnering with Infrastructure to create secure-by-default solutions. You’ll own the technical security roadmap, collaborating with the compliance team to escalate risks, translate findings into engineering-friendly tools, processes, and priorities, and drive improvements across the organisation.
This is a purely technical engineering role, not governance or compliance-driven. While a separate team manages policy and risk frameworks, your individual contributor role focuses on autonomy, influence, and deep technical expertise—not people management.
By mentoring an Associate Security Engineer, shaping security practices across engineering squads, and acting as the go-to resource for secure development decisions, you balance hands-on responsibilities with strategic growth. As the team scales, your focus will shift toward architecture, strategy, and mentorship, escalating pressing issues to enhance our security posture.
Key Responsibilities
1. Vulnerability & Incident Management
- Own and operate our bug bounty program: manage the platform, set escalation thresholds, and refine strategy.
- Lead vulnerability triage, handling complex or critical findings as the primary escalation point.
- Oversee security incident response: qualify incidents, conduct forensics (including fraud investigations), coordinate fixes, create root-cause analyses, and track resolutions.
2. Detection & SIEM
- Manage our SIEM platform (ElasticSearch, multi-node Linux), including architecture, detection rules, and threat indicators.
- Focus on high-quality detection engineering, minimizing reliance on manual toil.
- Develop, refine, and maintain security runbooks and operational documentation.
3. Identity & Access Management (IAM)
- Own IAM implementation and operations for product and infrastructure systems, downstream of corporate IT.
- Configure and maintain SSO/MFA, role-based access, permission reviews, and secrets rotation.
- Align with defined security governance standards.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
4. Secure Development & Audits
- Embed security into the software development lifecycle: threat modelling, secure coding patterns, and CI/CD hardening.
- Conduct code audits (TypeScript, Node.js, Python) and infrastructure security reviews (Terraform-configured AWS environments).
- Define and implement automated security testing (DAST/QAST) into deployment pipelines.
- Coordinate and execute penetration tests and security audits: prepare environments, manage auditor relationships, and drive remediation based on findings, within defined compliance frameworks.
5. Education & Influence
- Cultivate engineering awareness through workshops, training, and design reviews, promoting security-first principles.
- Inform leadership on escalating risks via a security-oriented roadmap and backlog.
- Partner with Infrastructure to embed security into core architectural decisions.
Who We’re Looking For
Must-Haves
✅ A track record of owning security outcomes end-to-end*, with hands-on experience in at least three of:
- Code security auditing
- Infrastructure security (AWS, cloud-native, or Linux)
- Radical vulnerability patching or incident response
- SIEM operations
- Penetration testing & offensive security
✅ Strong roadmap ownership: ability to identify priorities, build executable strategies, execute autonomously, and communicate clearly across disciplines (e.g., explaining a CVSS 9.8 finding to a product manager).
✅ Expertise in modern web architectures (microservices, cloud-native, SaaS/PaaS) and practised exploit scenarios in these environments.
✅ Ability to write/automate using Python, Bash, or similar languages — core skills will be key to your day-to-day tasks.
✅ Originating experience mentoring junior engineers or security practitioners.
✅ Clarity and influence: bounce back requirements across domains with eyes wide open.
Nice-to-Have (Bonus Points for)
- Experience with ElasticSearch/ELK stack in production environments.
- Expertise across AWS, GCP, or Snowflake, especially in operational contexts.
- Comfort with monitoring/observability tools (Datadog).
- Experience associated with Identity Providers or **Okta **-based standards.
- Knowledge of ISO 27001, OWASP, SOC 2, PCI-DSS frameworks.
- Fintech experience, especially in regulated markets like payments.
** “Not a perfect fit? We still want to hear from you.”**
Diversity of skill and background matters. What excites you? Do you align with our mission? We welcome applications from candidates of all trait mixes.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
About Spendesk
Spendesk is an AI-powered spend management and procurement platform dedicated to transforming how businesses handle spending. Separate an employee’s expenses, invoice processing, and procurement workflows with one powerful solution, providing finance leaders actionable insights.
Across industries, we leverage AI, automated Fraud Detection (AI-FD), Blocks, and multi-currency support to empower teams. Our platform scales effortlessly—whether company operations span one entity or hundreds, whether budget decisions originate in global HQs or stand-alone subcompanies, or whether a startup is merely kickstarting operations.
Trusted by thousands of businesses, we coalesce over 200,000 users from scaling startups to market leaders (like Payfit, Accor, Welcome to the Jungle, Swile), all while rethinking finance for modern work.
Culture & Philosophy
Our people-first approach centres on freedom, autonomy, and growth.
- "Liberation" is our guiding philosophy. When people thrive, they excel, and drive innovation.
- Cross-cultural love: Many Spendeskers are living and working abroad (35+ countries).
- Bold, kind, and curious by nature, we’re committed to embracing awkward problems and finding the silver linings in every challenge.
Benefits
Our belief in the exceptional performance of trusted, empowered teams is reflected in the benefits we offer:
- Personal freedom: work remotely or blend in-person with flexible yet enriching site policies.
- Technical edge: latest Apple equipment keeps you competitive.
- Wellbeing support: access Moka.care for mental & emotional health resources.
- Fuel your productivity: great office snacks daily.
- Connected community: a supportive, proactive culture.
Location-specific benefits include health insurance, gym memberships, honourariums, and free meals—tailored for every Spendeskers' global hub (UK, France, Spain, Germany).
Diversity & Inclusion
At Spendesk, we foster an inclusive culture, reflecting our belief that originality is better when infused with outsiders’. Our commitment extends to recruiting, fostering, and celebrating every backgrounds. List us as open to all diversity representations—every voice deserves to be heard.
For more info: www.spendesk.com/press | Unbox the future of spending—join us!
(Application materials—CV, diversified skills, work—all in English.)
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location