Overview

Ebury is a fintech company seeking a Senior Security Engineer (Product Security) to embed security throughout the product development lifecycle. You will work with engineering teams to identify and mitigate security risks through threat modeling, secure code reviews, and integrated security tooling across web and mobile applications. This role helps establish secure development practices, implement SSDLC processes, and ensure our financial products are resilient against evolving threats.

Location: London Office - Hybrid: 4 days in the office, 1 day working from home.

Responsibilities

• Secure Development Lifecycle (SDLC) implementation: design and implement secure software development practices, integrate security gates into CI/CD pipelines following DevSecOps principles, establish security quality gates and acceptance criteria, develop secure coding standards based on OWASP guidelines, and create security architecture patterns and reference implementations.
• Security Code Reviews & Testing: conduct in-depth security code reviews for critical features, implement automated security testing (SAST, DAST, IAST, SCA), configure and tune security scanning tools, review cryptographic implementations against industry standards, validate authentication and authorization implementations, and ensure compliance with OWASP ASVS.
• Threat Modeling & Risk Assessment: lead threat modeling sessions using STRIDE, PASTA, or similar frameworks; create threat models for new products and architectural changes; identify attack vectors for web and mobile platforms; develop abuse cases and security test scenarios; maintain threat intelligence for fintech-specific risks; document security requirements from threat models.
• Platform-Specific Security: secure web applications against OWASP Top 10, apply OWASP MASVS for mobile, implement API security best practices (rate limiting, authentication, input validation), and manage cross-platform session management and secure data storage.
• Security Tooling & Automation: build and maintain security testing pipelines; integrate security tools with GitHub Actions; develop custom security linters and pre-commit hooks; create automated vulnerability tracking and remediation workflows; implement secret scanning and dependency checking; build security dashboards and metrics reporting.
• Developer Enablement & Training: create secure coding guidelines for different technology stacks; develop a security champions program aligned with OWASP SAMM; conduct security training on platform-specific vulnerabilities; provide hands-on guidance during security incidents; build internal security libraries and frameworks; create threat modeling templates and playbooks.

Required Qualifications

• Technical Expertise: 5+ years of application security experience; strong programming skills in Python, JavaScript/TypeScript, Golang; deep understanding of security vulnerabilities across web and mobile platforms; hands-on experience with security testing tools and methodologies; expertise in secure coding practices and design patterns; experience with modern development frameworks (React, Angular, ReactNative, Flutter).
• Security Domain Knowledge: expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS); understanding of cryptographic principles and secure implementations; experience with threat modeling methodologies; knowledge of authentication standards (OAuth2, OIDC, WebAuthn); familiarity with PCI-DSS, PSD2, and Strong Customer Authentication requirements; understanding of cloud-native security patterns.
• Code Review & Analysis Skills: ability to identify security vulnerabilities through manual code review; experience with static and dynamic analysis tools; understanding of common vulnerability patterns across languages; knowledge of secure architecture patterns and anti-patterns; ability to provide actionable remediation guidance.
• Professional Requirements: experience in financial services or high-security environments; strong communication skills to explain security risks to developers; ability to balance security requirements with development velocity; collaborative approach to working with engineering teams; technical writing skills for documentation and guidelines.
• Preferred Qualifications: experience with payment systems and transaction security; knowledge of mobile app protection; experience building security champions programs; background in penetration testing or security research.

Key Projects & Initiatives

• Lead building threat modeling practice for all products; establish automated security testing in CI/CD pipelines; create platform-specific security standards and libraries; develop a security training curriculum for 200+ developers.

What We Offer

• Direct impact on the security of products used by thousands of businesses
• Work with cutting-edge fintech products across multiple platforms
• Collaborate with engineers across 25+ countries
• Modern security tooling and testing infrastructure
• Investment in professional development and certifications
• Clear progression path to Staff/Principal roles

About Us

Ebury is a FinTech success story with a global footprint and a focus on inclusive culture. Since 2009, we have grown to 1,700+ staff across 29+ markets worldwide. We are committed to building a workplace where everyone feels valued and empowered to thrive, with active employee networks and ESG initiatives.

Please submit your application on the careers website directly, uploading your CV/resume in English.