stackone - Security Engineer

London, United Kingdom, Hybrid£15/hour+ Equity1mo ago

In Office Mid EMEA Cloud Computing Artificial Intelligence Security Engineer AWS TypeScript Python Go B2B

Requirements

• 3+ years in security engineering with hands-on AWS security: IAM, KMS, networking, secrets, GuardDuty / Security Hub. • Strong coding ability in TypeScript or Python or Go comfortable shipping production code, not just configs and scripts. • Application security fluency: OWASP Top 10, threat modeling, and code-level reviews on real systems. • Experience securing a B2B SaaS multi-tenant production environment. • Comfort owning end-to-end work: scope, ship, measure. You don’t wait for a queue. • Clear communication with engineers, product, and non-technical stakeholders. • Bias toward automating security checks instead of running manual checklists. • (Preferred) IaC fluency in AWS CDK or Terraform , comfortable reviewing infrastructure code for security misconfigs and writing custom scanning rules. • (Preferred) Experience with Aikido, Drata, Cloudflare Workers, or pen testing in a compliance-mature environment. • We’re pragmatic about tooling. Today’s stack includes: • Cloud & infra: AWS (ECS, RDS, Lambda, KMS, GuardDuty, Security Hub, Inspector), Cloudflare (Workers, WAF, Zero Trust) • IaC: AWS CDK, Terraform • Security tooling: Aikido (SAST, DAST, container scanning, pen testing), 1Password, GitHub (org-level enforcement, Advanced Security) • Compliance & ops: Drata, Iru, EasyLlama • Observability & IR: Datadog, Sentry, Logfire, Incident.io http://Incident.io • Languages: TypeScript (Node.js), Python

Responsibilities

• Own the secure SDLC: drive SAST, dependency scanning, secrets detection, and PR-blocking standards across every repository. • Harden our AWS and Cloudflare estate: IAM, secrets, network segmentation, KMS, WAF, GuardDuty, and zero-trust patterns. • Run pen testing end-to-end: scope and coordinate engagements with both AI-driven scanners and human researchers, then drive findings through fix and retest. • Threat-model product features before they ship, new Auth provider, expanded multi-tenant APIs, connector executions, agent tool-calling paths etc. • Build detection and response capability around credential and authentication flows, with observability that closes incidents fast. • Partner with engineering to raise the bar day-to-day: architecture reviews, written standards, and security embedded in code review. • Use LLMs and agents to accelerate security workflows (triage, code review, evidence gathering) with guardrails you trust and help secure and monitor the (code/application/device) fleet. • Support compliance work where it intersects security engineering: SOC 2, ISO 27001, customer security reviews, and pen test responses.

Benefits

• Meaningful share options (EMI) - share in the company’s success as we grow • 25 days holiday + 1 additional day per year of tenure • Private health insurance - including dental & optical • £15/day lunch budget when working from our London office, up to £120/month • £1,000 for your home office set up + £500/year top-up • Annual team offsite to sunny spots (last ones were in Spain and Portugal ☀️) • Join one of Europe’s fastest-growing startups • Work with a veteran team of ex-employees of Google, Microsoft, Oracle, Coinbase, JP Morgan and more • Health, fitness and gift card discounts • Cycle2Work and Electric Cars scheme • Hybrid working friendly - typically 2 days/week in our London office. We’re open to discussing flexible arrangements—please share any preferences in your application • We believe diversity drives innovation. We encourage individuals from all backgrounds to apply. As an equal-opportunity employer, we celebrate diversity and are committed to creating an inclusive environment for all employees.