Teya
Senior Security Engineer Crypto

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Hello! We're Teya.
Teya is a payment and software service provider, headquartered in London serving small, local businesses across Europe. Founded in 2019, we build easy to use, integrated tools that enable our members to accept payments and boost business performance.
At Teya we believe small, local businesses are the lifeblood of our communities.
We’re here because we don’t believe there’s a level playing field that gives small businesses with a fighting chance against the giants of the high street.
We’re here because we see banks and legacy service providers making things harder for them. We don’t think the best technology or the best service should be reserved for those with the biggest headquarters.
We’re here to fight for a future where small, local businesses can thrive, and to commit the same dedication they offer all of us.
Become a part of our story.
We’re looking for exceptional talent to join our mission. We offer a chance to create impact in a high-energy and connected culture, while benefiting from continuous learning opportunities, a supportive community which is proud to serve our mission, and comprehensive benefits.
Your mission
We're a regulated payments fintech operating across multiple European markets, scaling into banking-licence territory. Security Engineering is being rebuilt around a joint operating model with our platform and infrastructure teams. We're hiring a Senior Security Engineer who can pick up specific gaps in our current coverage: payment cryptography operations on cloud-hosted HSM services, application security at scale, and pipeline-embedded controls that let the rest of the company move fast without security sitting in the critical path.
This is not a review-queue role. We're not looking for another pair of hands doing manual pen tests, PR reviews, or spreadsheet audits. We want an engineer who builds, someone who writes production-quality Go, ships services, and turns manual security work into platforms other teams operate against.
Responsibilities
- Design, implement, and continuously improve a Secure SDLC integrated from design through production
- Embed security into planning and delivery via threat modelling, security requirements, and automated controls
- Lead application security reviews for new systems, major features, and high-risk changes across web, API, mobile, and backend services
- Define and maintain secure architecture patterns for authentication, authorisation, APIs, data protection, and multi-tenant isolation
- Own the application security tooling stack (SAST, DAST, SCA), integrating it into CI/CD with high-signal, low-noise outputs
- Partner with engineers to triage and remediate vulnerabilities based on exploitability, impact, and regulatory risk
- Work with Security Operations to improve application-level logging, telemetry, and incident response readiness
- Act as a trusted advisor to engineering teams, raising the bar through practical guidance, documentation, and targeted training
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Requirements
- 5+ years in security engineering. With a demonstrable track record of shipping platforms, not just performing reviews or writing policy.
- Production Go experience. You should be comfortable designing, writing, testing, and shipping production Go services. Our platform is Go-native and we build our security tooling in the same stack. Applications without production Go will not progress.
- Software engineering fundamentals. Version control, code review, testing, CI/CD, observability, on-call for services you've built. You are an engineer who does security, not a security person who occasionally scripts.
- Payment cryptography operations. Hands-on experience with payment HSM services (cloud- hosted such as VirtuCrypt, AWS CloudHSM, Google Cloud HSM; or on-prem operated as a service). Payment key management including PIN keys, DUKPT, master/session key hierarchies, and TR-31 or TR-34 key exchange.
- Experience with key lifecycle management, PCI PIN and PCI-DSS scope experience is required.
- Application security at scale. SAST/DAST/SCA toolchain design and rollout. Threat modelling as a routine practice, not an event. Familiarity with modern AppSec tooling (Snyk, Wiz, Veracode, Checkmarx, Semgrep, GitHub Advanced Security or equivalents).
- Cloud security depth on AWS. IAM design, workload identity, network isolation, and integration patterns between application workloads and HSM-backed key services.
- Written communication. You will publish runbooks, standards, ADRs, and reporting dashboards. If it isn't documented, it didn't happen.
- Comfort with a small team carrying real regulatory scope. PCI-DSS, PCI PIN, DORA and GDPR are constraints on the work, not optional context.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Nice To Have
- Open source contributions or side projects, we would like to see how you write code before the technical interview.
- Payments industry experience (card acquiring, issuing, PIN, EMV, terminal fleet operations).
- Regulated fintech environment (FCA, ECB, or equivalent supervisory scope).
Ways of working
- Out-of-band, non-blocking. We embed in the pipeline, we do not sit in the critical path.
- Skin in the game is shared. Application owners own their app's security posture. We provide the patterns, tooling, and verification.
- Automation first. If you're doing something manually more than twice, you automate or you hand it back to the owning team.
- Public requests, not DMs. All work in the open. Backlog visible. Decisions logged.
- Ways of working matter. Defined split between roadmap, keep-the-lights-on, and unplanned work. We push back on unplanned demand with reasons
The Perks
- We trust you, so we offer flexible working hours, as long it suits both you and your team;
- Health Insurance;
- Physical and mental health support through our partnership with MyFitness;
- 25 days of Annual leave (+ Bank Holidays);
- Possibility to visit other Teya offices to meet colleagues in instances when travel is safe and appropriate;
- Friday lunch in the office;
- Friendly, comfortable and high-end work equipment and informal office environment;
- Hybrid work mode policy.
Teya is proud to be an equal opportunity employer.
We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all.
If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location