Senior Security Engineer

About Abound

We’re redefining consumer lending in the UK, and beyond. Using advanced AI and Open Banking data, we make fair, affordable personal finance available to more people. While traditional lenders rely almost entirely on credit scores, we look at the full financial picture - how much you spend, and what you can afford to repay to build a deeper, more accurate understanding of each customer's unique financial situation.

And we've shown it works at scale. We’ve issued over £1.3bn in loans directly to customers while delivering market-leading credit performance - for every 10 defaults the industry expects, we see only 3. We also reached profitability just 2.5 years after launch.

Backed by £2bn+ of funding from top-tier investors including Citi, GSR Ventures, and Deutsche Bank, we’re recognised as one of Europe’s fastest-growing fintechs (Sifted, CNBC). Now, we’re expanding into new markets and product lines - and we’re looking for ambitious people who want to learn fast, take ownership, and grow with us.

About the role:

You won't be sitting in an ivory tower throwing policies over the fence. You will be embedded directly within our Platform team in a true DevSecOps capacity. Operating as a highly technical individual contributor, you will bridge the gap between product-led engineering and Corporate IT.

You will play a hands-on role in challenging the security architecture of production and corporate IT infrastructure.

In your first 6–12 months, you will design and implement our next-generation cloud security architecture across AWS and GCP, while helping to build and mature our internal SOC capabilities, including detection and response.

You will take ownership of Microsoft Sentinel, enhancing our SIEM/SOAR capabilities, and strengthen identity and access management through improved and automated RBAC across AWS, Microsoft Entra, and internal systems.

You will also drive a shift-left approach to security by embedding controls into GitLab CI/CD pipelines, including scanning, IaC reviews, and automated policy enforcement across the SDLC.

Our technology stack:

Cloud & Compute: AWS, ECS Fargate, Aurora, Lambda, GCP
Data Lake: S3, DMS, Glue
Security & Identity: Microsoft Defender (XDR), Microsoft Sentinel (SIEM/SOAR), Defender for Cloud (CSPM), Microsoft 365, Entra, Intune
Cloud Security Tooling: GuardDuty, Security Hub, Inspector, Security Command Center
Code & IaC: Python, Java, GitLab, AWS CDK, Terraform/CDK-TF
Observability & Incident Management: AMP, Incident.io

Who you are:

• You are a security professional by trade, but a hacker by design. You have a strong track record in DevSecOps and cloud security engineering, with hands-on experience elevating the security posture of other organisations.

• You are a strong Python developer. You know how to script automation, interact with APIs, and build security tooling from scratch.

• You possess a rock-solid understanding of network security fundamentals and how they apply to modern, distributed cloud architectures.

• You are comfortable owning both the build and run aspects of security—designing systems and responding to incidents.

• You thrive in the dynamic, ambiguous, and fast-paced environment of a high-growth startup. You know how to balance rigorous security with engineering velocity.

What you'll be doing:

• Actively contribute infrastructure-as-Code (AWS CDK, Terraform) for security risks prior to deployment

• Implement best practice network security across AWS and GCP (IAM, VPCs, encryption, logging, monitoring)

• Embed zero-trust policies across the estate

• Actively challenge the security standards of production applications and infrastructure

• Embed security controls into CI/CD pipelines (SAST, dependency scanning, container security)

• Partner with engineering teams on secure architecture and deployment patterns

• Support secure SDLC practices and pre-deployment security reviews

What we offer

• Everyone owns a piece of the company - equity

• Hybrid with 3 days a week in the office

• 25 days’ holiday a year, plus 8 bank holidays

• 2 paid volunteering days per year

• One month paid sabbatical after 4 years

• Employee loan

• Free gym membership

• Team wellness budget to be active together - set up a yoga class, a tennis lesson or go bouldering