Senior Security Engineer (Product Security)

Ebury is a global fintech firm dedicated to empowering businesses to expand internationally through tailored and forward-thinking financial solutions. Since our founding in , we’ve grown to a diverse team of over 1, professionals across 40+ offices and 29+ markets worldwide. Joining Ebury means becoming part of a collaborative and innovative environment where your contributions are valued. You’ll play a key role in shaping the future of cross-border finance, while advancing your own career in a dynamic, high-growth industry.

Senior Security Engineer

London Office - Hybrid: 4 days in the office, 1 day working from home

Role Overview

We are seeking a Senior Security Engineer to embed security throughout our product development lifecycle. You'll work directly with engineering teams to identify and mitigate security risks through threat modeling, secure code reviews, and integrated security tooling across our web and mobile applications. This role is critical to establishing our secure development practices, implementing industry-standard SSDLC processes, and ensuring our financial products are resilient against evolving threats.

Key Responsibilities

Secure Development Lifecycle (SDLC) Implementation

Design and implement secure software development practices

Integrate security gates into CI/CD pipelines following DevSecOps principles
Establish security quality gates and acceptance criteria
Develop secure coding standards based on OWASP guidelines
Create security architecture patterns and reference implementations

Security Code Reviews & Testing

Conduct in-depth security code reviews for critical features

Implement automated security testing (SAST, DAST, IAST, SCA)
Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc)
Review cryptographic implementations against industry standards
Validate authentication and authorization implementations
Ensure compliance with OWASP ASVS (Application Security Verification Standard)

Threat Modeling & Risk Assessment

Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks

Create threat models for new products and architectural changes
Identify attack vectors specific to web and mobile platforms
Develop abuse cases and security test scenarios
Maintain threat intelligence for fintech-specific risks
Document security requirements derived from threat models

Platform-Specific Security

Web Applications: Implement defenses against OWASP Top 10 vulnerabilities

Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config)
APIs: Implement API security best practices (rate limiting, authentication, input validation)
Cross-platform session management and secure data storage

Security Tooling & Automation

Build and maintain security testing pipelines

Integrate security tools with GitHub Actions
Develop custom security linters and pre-commit hooks
Create automated vulnerability tracking and remediation workflows
Implement secret scanning and dependency checking
Build security dashboards and metrics reporting

Developer Enablement & Training

Create secure coding guidelines for different technology stacks

Develop a security champions program aligned with OWASP SAMM
Conduct security training on platform-specific vulnerabilities
Provide hands-on guidance during security incidents
Build internal security libraries and frameworks
Create threat modeling templates and playbooks

Required Qualifications

Technical Expertise

5+ years of application security experience

Strong programming skills in multiple languages (Python, JavaScript/TypeScript, Golang)
Deep understanding of security vulnerabilities across web and mobile platforms
Hands-on experience with security testing tools and methodologies
Expertise in secure coding practices and design patterns
Experience with modern development frameworks (React, Angular, ReactNative, Flutter)

Security Domain Knowledge

Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS)

Understanding of cryptographic principles and secure implementations
Experience with threat modeling methodologies
Knowledge of authentication standards (OAuth2, OIDC, WebAuthn)
Familiarity with PCI-DSS, PSD2, and Strong Customer Authentication requirements
Understanding of cloud-native security patterns

Code Review & Analysis Skills

Ability to identify security vulnerabilities through manual code review

Experience with static and dynamic analysis tools
Understanding of common vulnerability patterns across languages
Knowledge of secure architecture patterns and anti-patterns
Ability to provide actionable remediation guidance

Professional Requirements

Experience in financial services or high-security environments

Strong communication skills to explain security risks to developers
Ability to balance security requirements with development velocity
Collaborative approach to working with engineering teams
Technical writing skills for documentation and guidelines

Preferred Qualifications

Experience with payment systems and transaction security

Knowledge of mobile app protection
Experience building security champions programs
Background in penetration testing or security research

Key Projects & Initiatives

You'll lead critical security initiatives, including:

Building threat modeling practice for all products

Establishing automated security testing in CI/CD pipelines
Creating platform-specific security standards and libraries
Developing a security training curriculum for + developers

What We Offer

Direct impact on the security of products used by thousands of businesses

Work with cutting-edge fintech products across multiple platforms
Collaborate with talented engineers across 25+ countries
Modern security tooling and testing infrastructure
Investment in professional development and certifications
Clear progression path to Staff/Principal roles

#LI-AT1
#HYBRID