Principal Security Engineer

FanvueLondon, United Kingdom2w ago

In Office Principal EMEA Payments Cloud Computing Security Engineer Principal TypeScript AWS Performance Reviews Technical Writing Documentation

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• A senior security engineer with 8+ years of experience, including 3+ years as the solo or founding security hire at a scaling company • Deep AWS security expertise: IAM, GuardDuty, Security Hub, VPC design, service control policies, and multi-account strategy • Strong application security fundamentals: OWASP, OAuth/OIDC, API authorisation, cryptography, and secrets management • Hands-on compliance experience — SOC 2, PCI DSS Level 1, GDPR and data residency • Proficient in TypeScript; can read and review application code for vulnerabilities • A track record of writing clear technical documentation — HLDs, RFCs, and runbooks that others can actually follow • Comfortable with infrastructure as code (CDK/Terraform), CI/CD security, and container scanning • Experience building a security champion programme and influencing cross-functionally without formal authority • ✨ You'll Thrive Here If • You want to build the security function from scratch, not maintain someone else's • You are energised by breadth — infrastructure, application, compliance, and culture all in one role • You are hands-on first: you write code, review PRs, and get into the detail before delegating • You communicate security risk in business terms, not just technical ones • You are excited by the pace and ambiguity of a high-growth startup • ⚠️ You'll Struggle Here If • You prefer to work within an established security team with defined scope • You are more comfortable writing policies than implementing controls • You need everything documented before you can act • You treat compliance as a checkbox exercise rather than a genuine risk reduction effort

Responsibilities

• Design and implement security controls across AWS infrastructure, application layer, CI/CD pipelines, and payment flows • Write RFCs/ADRs for security architecture decisions; maintain the security chapter in the engineering-rfcs-and-adrs repo • Establish and run a security champion network across Platform, Growth, AI, Creator Earnings, and other engineering streams, including weekly security office hours • Own the SOC 2 Type II and PCI DSS roadmap and execution — manage auditor relationships, evidence collection, and remediation tracking • Conduct threat modelling for new features including iframe patterns, AI Creator Studio integrations, and live streaming surfaces • Perform hands-on security reviews: IAM policies, secrets management, API authorisation, data encryption, and vendor contracts • Build incident response playbooks and run quarterly tabletop exercises with the on-call rotation • Partner with Legal on compliance across PCI DSS, GDPR, age verification, and content moderation policy • Configure and tune SIEM, vulnerability scanning, and dependency checks — own alerting and response • Review PRs for security-critical changes and embed security gates into the project checklist

Benefits

• Ownership from day one • Fast-moving team with real autonomy • Direct line of sight to outcomes and visible impact • AI-native working environment • Access to gyms, studios, wellbeing partners, and premium wellbeing apps • Recognised in the Sunday Times Best Places to Work • Winner of an International Business award for fastest-growing company • ⭐ Fanvue is for Everyone • We believe diverse teams build better products, and if you are excited by the role but do not tick every box, we still encourage you to apply. We hire on potential, mindset, and what you will build — not just where you have been.