Flagstone
Senior Security Engineer - Contract

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
What is Flagstone?
Flagstone is many things. An online savings platform, reinventing how individuals, businesses, and charities manage, protect, and grow their cash. A diverse group of people, bound by a collaborative spirit, and shared purpose. And lastly, a thriving, profitable business – where smart people do their best work.
Each definition shares a common thread: our unique culture. It’s our pride and joy. And our competitive advantage.
A feel for our culture:
To revolutionise the savings market, we need to be at our best. But high performance takes more than talent – it takes a culture of kindness, respect, and growth.
That’s why we’re building a diverse, inclusive community, where your voice is heard and valued. Where, with close support and room to develop, you can surpass even your own expectations. And be rewarded for it.
We may not change the world, but we can change the world of financial technology. And all it takes is a winning mix of drive, talent, and empathy. Our culture celebrates all three.
But enough about us. Let’s talk about you.
About The Team
Security Engineering is a team of five covering cloud security, detection, and security operations. They work directly in the Azure estate and are close to the infrastructure, not abstracted behind a policy layer. The team runs Microsoft Sentinel, Defender XDR, and Defender for Cloud, and manages tooling through infrastructure-as-code. They run a quarterly penetration test programme and are continuously building out our detection and response capability. It's a small team with broad scope, which means your work is visible, your opinions are heard, and there are meaningful problems for our engineers to work on.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
This is a contract role, so we're looking for someone who can hit the ground running. You'll bring immediate impact and add value from day one, working independently without a long ramp-up. Your work will be visible, and the problems you solve will matter.
Does this sound like you?
You're a senior security engineer who operates credibly across cloud security, detection tooling, and incident response, without being narrowly specialised. You own meaningful parts of the security stack, contribute hands-on to Azure cloud hardening, and show up reliably when incidents need investigating or pen test cycles need coordinating. You're energised by visible impact, your work matters, and your voice is heard.
What you’ll do:
- Own and operate our alerting and monitoring capability through a transition period, keeping detection and response steady.
- Maintain and improve our Microsoft Sentinel deployment: writing and tuning detection rules, managing data connectors, and reducing alert noise.
- Operate and optimise Defender XDR and Defender for Cloud, including policy management and posture recommendations.
- Maintain and extend automated security checks in our delivery pipelines (shift-left).
- Drive down time-to-fix on known vulnerabilities, coordinating remediation with engineering squads.
- Support data-loss-prevention controls that reduce the risk of sensitive data leaving the business.
- Support safeguards around how the business accesses and uses AI, including securing AI workloads and their data exposure.
- Investigate suspicious activity surfaced through Sentinel and Defender: triage, escalate, or contain as appropriate.
- Support incident response, including containment, evidence gathering, and post-incident review.
- Contribute to detection-as-code and infrastructure-as-code (Terraform or Bicep) for security tooling.
- Coordinate penetration test engagements (scope, logistics, findings review) and work with engineering teams to prioritise remediation.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
What you’ll bring:
- Hands-on SIEM experience, ideally Microsoft Sentinel; equivalent platforms (Splunk, Chronicle, QRadar) considered.
- Practical Azure security experience across Defender for Cloud, Entra ID, Azure networking, and cloud security posture management.
- Experience writing infrastructure-as-code using Terraform or Bicep in a security engineering context.
- Experience driving vulnerability remediation cycles with engineering squads.
- Familiarity with data-loss-prevention controls.
- Familiarity with AI security considerations (securing AI workloads, data exposure risks) and/or using AI tooling to augment security engineering workflows.
- Ability to contribute to threat modelling and communicate security risk clearly to engineering and product audiences.
- A growth mindset and genuine curiosity to keep learning.
- SC-200 (Microsoft Security Operations Analyst) certification.
- KQL proficiency for detection rule authoring and threat hunting.
- Experience working in a similar fintech or financial services environment
All are welcome:
At Flagstone, we’re assembling a diverse team that defies our industry’s norms. Think this role could suit you? We encourage you to apply, no matter your background.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location