
Financial Times · London; Sofia
ABOUT US The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to...
The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and
accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious
thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism
in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your
growth, career aspirations and wellbeing Your future at the FT will be filled with opportunities that challenge and inspire you.
With no fixed path, you’ll discover new skills and forge a career that can take you anywhere. Build a newsworthy career at the FT.
We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A
supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to
removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.
We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native,
AWS-hosted technology estate. This role has an approximate 50/50 focus across application security and cloud security, working
closely with product, platform and engineering teams to make secure delivery easier by default.
You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and
infrastructure-as-code workflows. This includes improving SAST, software composition analysis, secret scanning, IaC scanning,
vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right
teams.
Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks,
support vulnerability and misconfiguration remediation, and build automation that reduces toil. We’re looking for someone who has
demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or
frameworks.
Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands-on and close
to the technical work.
Application and cloud security experience: practical experience across both application security and cloud security, ideally in
AWS-hosted, cloud-native environments.
Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams
move securely without unnecessary friction.
Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings,
penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams.
Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS
vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths.
Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions
and risk reduction.
CI/CD and code security: hands-on experience with security tooling such as SAST, software composition analysis, secret scanning
and IaC scanning.
Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface
meaningful risk.
Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation. Depending
on team structure, this may include line management.
AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not
essential.
Improve application security guardrails
Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and
useful to engineering teams.
Improve cloud and IaC security guardrails
Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale.
Drive vulnerability management
Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third-party
advisories are triaged, prioritised and remediated.
Drive cloud misconfiguration management
Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows.
Run practical threat modelling
Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes.
Build automation and tooling
Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand.
Support secure architecture decisions
Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes.
Partner with engineering teams
Work closely with product, platform and software engineering teams to embed security into design, delivery and operational
practices.
Support incidents and lessons learned
Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and
guidance.
Mentor others
Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include
line management of one or two security engineers.
tracking and noise reduction.
secret scanning or IaC scanning.
gatekeeping.
environment.
Desirable
Our benefits vary by location but we are committed to providing best-in-class perks across all our offices. These include generous
annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the
community. Full details of our benefits are available here.
We currently operate a hybrid model which requires staff to work onsite 50% of the time, subject to role requirements & regular
review. While flexible working requests will be considered, not all patterns are suitable for all roles. We believe this balanced
approach supports flexibility and protects our culture, making collaboration and communication easier, building stronger
relationships and team cohesion, and supporting peer learning. We reserve discretion on reasonable notice to change this approach
either generally or for specific individuals or teams.
Accessibility
We are a disability confident employer and Valuable 500 signatory.
Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you
to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of
our team will be happy to help.
Further information
At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their
job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all
information provided is authentic and accurately represents your skills, experience, and qualifications.
Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent
hiring process for all.
ABOUT BARINGA Baringa is a global consulting firm that partners with leaders to drive change and create value. With deep industry expertise, and enabled by advanced technology, the firm helps clients to deliver with greater confidence and certainty. With over 2,000 people across the UK, Europe, North America, Asia and Australia, the firm combines global insight with local understanding. The firm works across energy and resources, financial services, government and public sector, consumer products and retail, pharmaceuticals and life sciences, manufacturing, and technology, media and telecoms, with capabilities spanning strategy, transformation and operational excellence – all powered by advanced technology, data, AI and digital innovation. Clients value Baringa’s collaborative approach and the way its teams integrate seamlessly – all working with a shared understanding of what matters most. The firm is known for its kind, curious experts who listen closely and care deeply about client success as they help clients transform energy markets, modernise financial platforms, expand telecoms and digital networks through advanced data analytics, enable digital services in government, and unlock growth in consumer sectors. Certified as a Great Place to Work around the world, Baringa has been recognised by the Financial Times in 22 categories of its UK Leading Management Consultants rankings, and by Forbes for four consecutive years as one of the World’s Best Management Consulting Firms. OUR TECHNOLOGY AND CYBER TEAM ARE LOOKING FOR AN EXPERIENCED SENIOR CYBER SECURITY ENGINEER TO JOIN THE TEAM. Baringa has grown so fast, and it continues to grow rapidly. Those new joiners keep on coming! We are a global function supporting the firm as it enters new markets. We are re-architecting and evolving our cloud-based business systems and infrastructure. We are on a mission to develop great technology products, deliver great services, and protect the trust our people and clients place in us. We have installed a new operating system for ourselves, and rebooted what was a corporate IT department into a corporate technology company, transforming the way we work. Now we are building for the next era of work. AI is becoming part of the fabric of how Baringa operates, and we are developing the products and platforms that will help colleagues find knowledge, act on insight, navigate complexity, and get work done with greater speed, quality, and confidence. Some of this will be visible through intelligent experiences and agentic systems. Some of it will sit beneath the surface: data products, workflow platforms, integrations, automations, cyber security, governance, and the architecture that makes all of it safe, scalable, resilient, and useful. So much to build on, so much to progress. So much to deliver. So much to play for! Do you know what though? We are going to do it. All of it and more. We have the support to drive change. We have the belief. We are going to do great things. Come and join us! WHAT YOU WILL BE DOING The Senior Cyber Security Engineer (Cyber Security) will be responsible for designing, implementing, reviewing and managing security measures to protect our Azure and M365 environments. The ideal candidate will have extensive Cloud Security experience and a proven track record in managing security measures to protect our Azure & M365 cloud infrastructure and data. This role requires a deep understanding of Azure and M365 security services, best practices, and will work closely with various stakeholders to ensure the security of our cloud infrastructure. * Design, implement and review security solutions for Azure and M365 environments. * Design, develop, maintain and assess security architecture artifacts (e.g., models, templates, standards, and procedures). * Oversee the development and implementation of security engineering best practices and standards. * Identify & implement automation opportunities, particularly across cloud provisioning, CI/CD pipelines, and policy enforcement. * Coordinate and manage Cyber engineering projects, ensuring timely delivery and quality. * Manage and prioritise an engineering backlog using Agile methodologies. * Maintain accurate documentation and team processes. WHAT ARE WE LOOKING FOR? We recruit individuals at all levels based on merit. Some of the key skills we are looking for: * Minimum of 5 years of experience in cyber security, with at least 3 years focused on cloud security. * Experience integrating security-as-code controls (e.g. policy-as-code, guardrails, or security scanning) into CI/CD pipelines using platforms such as Azure DevOps, GitHub, and Azure Policy, or equivalent technologies. * Proven experience designing and implementing security solutions with Azure and M365 security tools and technologies. * Strong understanding of security frameworks and standards (e.g., NIST, CIS, ISO 27001). * Familiarity with scripting and automation tools (e.g., PowerShell, Azure CLI, Azure Logic Apps). * Bachelor's degree in Computer Science, Information Technology, Cyber Security, or a related field. (Or equivalent experience) * Strong analytical and problem-solving skills. * Excellent communication and teamwork abilities. Relevant certifications such as: * Microsoft 365 Certified: Security Administrator Associate * Microsoft Certified: Cybersecurity Architect Expert certification * Certified Information Systems Security Professional (CISSP) * Certified Cloud Security Professional (CCSP) WHAT A CAREER AT BARINGA WILL GIVE YOU PUTTING PEOPLE FIRST. BARINGA IS A PEOPLE FIRST COMPANY AND WELLBEING IS AT THE FOREFRONT OF OUR CULTURE. WE RECOGNISE THE IMPORTANCE OF WORK-LIFE BALANCE AND FLEXIBLE WORKING AND PROVIDE OUR STAFF AMAZING BENEFITS. SOME OF THESE BENEFITS INCLUDE: * Generous Annual Leave Policy: We recognise everyone needs a well-deserved break. We provide our employees with 5 weeks of annual leave, fully available at the start of each year. In addition to this, we have introduced our 5-Year Recharge benefit which allows all employees an additional 2 weeks of paid leave after 5 years continuous service. * Flexible Working: We know that the ‘ideal’ work-life balance will vary from person to person and change at different stages of our working lives. To accommodate this, we have implemented a hybrid working policy and introduced more flexibility around taking unpaid leave. * Corporate Responsibility Days: Our world is important to us, so all our employees get 3 every year to help social and environmental causes and increase our impact on the communities that mean the most to us. * Wellbeing Fund: We want to encourage all employees to take charge and prioritise their own wellbeing. We’ve introduced our annual People Fund to support this by offering every individual a fund to support and manage their wellbeing through an activity of their choice. * Profit Share Scheme: All employees participate in the Baringa Group Profit Share Scheme so everyone has a stake in the company’s success. DIVERSITY AND INCLUSION We are proud to be an Equal Opportunity Employer. We believe that creating an environment where everyone feels a sense of belonging is central to our culture and that diversity is paramount to driving creativity, innovation, and value for our clients and for our people. AN AWARD-WINNING WORKPLACE You can be a part of our ‘Great Place to Work’ – with our commitment to women and well-being in the workplace for all. Click here to see some of our recent awards and how we’ve achieved this. USING BUSINESS AS A FORCE FOR GOOD. We maintain high standards of environmental performance and transparency, which can be seen through our commitment to Net Zero with our SBTI-verified Scope 1, 2 and 3 emissions reduction targets and our support of the Better Business Act. We report our progress publicly and ensure that we are also externally assessed and scored through organisations like CDP and EcoVadis - helping us to continually identify where we can improve. We have a long legacy of supporting the communities in which we work, and offer a variety of ways to contribute, by putting people first and creating impact that lasts. Our Corporate Social Responsibility (CSR) agenda is about giving back to the communities in which we live and work by sharing our skills, talent and time. In essence, we aim to empower and encourage everyone in the firm to contribute to the things we care about, and support registered charities and organisations with a clear social or environmental purpose to increase the positive impact they can have. JOIN US All applications received will be reviewed by a member of our Talent Acquisition team. We never rely solely on automated screening or AI tools to make hiring decisions. Your application will be considered for employment without regard to race, ethnicity, religion, gender, gender identity or expression, sexual orientation, nationality, disability, age, faith or social background. We do not filter applications by university background and encourage those who have taken alternative educational and career paths to apply. We would like to actively encourage applications from those who identify with less represented and minority groups. We operate an inclusive recruitment process, ensuring reasonable adjustments where needed. Please contact a member of our Recruitment Team to discuss further. BARINGA PRIVACY NOTICES For UK & EU Your personal data will be retained by Baringa for up to two years, in accordance with our UK Recruitment Privacy Notice / EU Recruitment Privacy Notice, to evaluate your application and meet our legal and reporting obligations. In line with the General Data Protection Regulation (GDPR), you have the right to request access to, rectification, or erasure (subject to legal limitations) of your personal data. For more information, please contact us at privacy@baringa.com For the USA Your personal data may be retained by Baringa for up to two years, as outlined in our Recruitment Privacy Notice (AMER & APAC), to support the recruitment process and internal reporting requirements. Where applicable, and in accordance with relevant federal and state laws, you may have the right to request access to or correction of your personal information. For further details, please contact privacy@baringa.com For Australia & Singapore Your personal data will be retained by Baringa for up to two years, in accordance with our Recruitment Privacy Notice (AMER & APAC), to assess your application and meet applicable reporting and legal obligations. In line with the Australian Privacy Act and Singapore’s Personal Data Protection Act (PDPA), you may have rights to access, correct, or request limited deletion of your personal data. For more information, please contact us at privacy@baringa.com
Job Description Join our Cyber Security Engineering unit, where innovation and security drive us. We are transforming technology with modern Network Security, integrations and cloud services. We are looking for a highly skilled and experienced Senior Cyber Security Engineer to join our Network Security Engineering team. This role involves architecting, designing, implementing, and maintaining robust security measures to protect our global network infrastructure. The ideal candidate will blend theoretical knowledge with hands-on expertise. This role requires a deep understanding of cybersecurity principles, Network Security technologies, and the ability to collaborate across multiple globally dispersed stakeholders and teams. WHAT YOU’LL DO Lead the development, optimization and integration of network security policies, rules and monitoring across platforms such as NDR, SSE, SD‑WAN and proxy solutions Design and improve network security solutions across branches, stores and data centers, ensuring strong alignment with business and security needs Conduct security architecture reviews, risk assessments and threat modelling, and drive hardening initiatives across our network landscape Modernize network security by transitioning from legacy systems to modern SSE and ZTNA solutions, supported by clear roadmaps, policies and plans Monitor and enhance the performance, availability and reliability of network security solutions, ensuring compliance with ISO, NIST, GDPR and internal standards Design, configure and troubleshoot network security devices and services across on‑prem and cloud environments, providing advanced Level‑3 support when needed WHO YOU'LL WORK WITH You’ll join a friendly and collaborative Network Security Engineering team of seven, soon to be eight, working closely with colleagues across Business Tech. Your daily partners will include network SMEs, Cyber Security Advisors, Core Platforms and Global Infrastructure Services, as well as teams supporting stores, warehouses and new market entries. You’ll also connect with external partners and contribute to cross‑functional projects where network and cyber security come together. This is a highly collaborative environment where your expertise will help shape our security posture and uplift the team’s cyber maturity. WHO YOU ARE 6+ years of experience in cybersecurity engineering, with a focus on network environments Strong, practical knowledge of: Network security technologies (firewalls, IDS/IPS, SWG, SASE, VPN, CASB, ZTNA), Cloud platforms: Azure, GCP, Security architecture methodologies and governance frameworks Expertise in network security solutions and products provided by Cisco, HP Aruba, Zscaler and Citrix NetScaler (proven by certificates) Strong knowledge of risk assessment and security control frameworks (ISO 27001, NIST). Familiarity with security maturity models including C2M2 Excellent ability to translate security requirements into implementable engineering solutions. Strong understanding of IP networking and protocols, including IPsec, HSRP, BGP, OSPF, 802.11, and QoS. Understand regulatory and compliance requirements (GDPR, PCI-DSS, Schrems, etc.). Independent problem-solving, addressing complex security challenges with minimal supervision. Preferred qualifications: CCNP (Security) or higher-level certifications such as the CCIE. CISSP or OSCP security certifications. Azure Security Engineer, or GCP Security Engineer certification. Experience with Agile methodologies and tools (e.g., Jira/Confluence) WHO WE ARE H&M is a fashion brand that offers the latest styles and inspiration, from fashion pieces and unique designer collaborations to affordable wardrobe essentials. Our business idea is fashion & quality at the best price in a sustainable way. Learn more about H&M here. WHY YOU’LL LOVE WORKING HERE Benefits All our employees are included in our H&M Incentive Program (HIP) All our employees receive a staff discount card, which is usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET. Work-life balance, 30 days’ vacation and wellness allowance 4000 SEK/yearly Access to Benify, for discounts on e.g. Gym memberships, travel, hotels and many other great deals. Compensation boost during parental leave In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment type and countries. Inclusion & Diversity H&M is a part of H&M Group. At H&M Group, we’re determined to create and maintain inclusive, diverse and equitable workplaces throughout our organization. Our teams should consist of a variety of people that share and combine their knowledge, experience and ideas. Having a diverse workforce leads to a positive impact on how we address challenges, on what we perceive possible and on how we choose to relate to our colleagues and customers all over the world. Hence all diversity dimensions are taken into consideration in our recruitment process. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application.
WHO WE ARE We simplify wealth creation. Founded in 2014 in Vienna, Austria by Eric Demuth, Paul Klanschek and Christian Trummer, we’re here to help people trust themselves enough to build their financial freedom — for now and the future. Our user-friendly, trade-everything platform empowers both first-time investors and seasoned experts to invest in the cryptocurrencies, crypto indices, stocks*, precious metals and commodities* they want — with any sized budget, 24/7. Our global team works across different cultures and time zones, bringing our products to more than 7 million customers, making us one of Europe’s safest and most secure platforms that powers modern investing. Headquartered in Austria but operating across Europe, our products are built by fast-moving, talented, “roll-up-your-sleeves-and-make-it-happen” kind of people. It’s these diverse perspectives and innovative minds operating as ONE TEAM that keep Bitpanda at the cutting edge of our industry. So if you’re someone who thinks big, moves fast and wants to make an impact right from day one, then get ready to join our industry-changing team. Let’s go! Your mission Millions of customers trust Bitpanda to protect their money, identities and digital assets. As a Senior Cyber Security Engineer, you'll play a critical role in staying ahead of evolving threats by building the capabilities that detect attacks, respond to incidents and continuously strengthen our security posture. You'll combine deep technical expertise with engineering excellence to evolve our security operations, drive automation at scale and partner across the business to embed security into everything we build. Your work will directly shape how Bitpanda protects its customers today; and how it stays resilient tomorrow. WHAT YOU'LL DO * Detection engineering. Own the strategy and quality of our detection library in Elastic Security (ES|QL/KQL), designing high-fidelity detections mapped to real-world attacker techniques while continuously improving coverage, reducing noise and raising the maturity of our SOC. * Drive incident response and threat hunting. Lead investigations into complex security incidents, proactively hunt for advanced threats across AWS, Elastic and Datadog, refine response playbooks, and turn every incident into lasting improvements to our security capabilities. * Build automation that scales security. Design and implement automated investigation, enrichment and response workflows using SOAR, APIs and custom tooling, reducing manual effort while increasing speed, consistency and resilience across security operations. * Strengthen Bitpanda's security posture. Improve cloud security monitoring, system hardening and security tooling across our AWS environment, partner with engineering teams to proactively eliminate risk, and support compliance initiatives including ISO 27001, PCI DSS and DORA. * Raise the security bar across the organisation. Act as a technical leader within the Security team, mentor engineers, influence architectural decisions, champion security best practices and help build a security-first culture across Bitpanda. WHO YOU ARE: * You have 4+ years of hands-on security engineering experience, with deep expertise across incident response, threat hunting, SIEM, digital forensics and scripting. * You've built and evolved security operations; not just operated them. You have experience designing detections, automating workflows and improving security processes that deliver measurable outcomes. * You have strong experience securing cloud-native environments, particularly AWS, alongside expertise in system hardening, network security, IAM and security monitoring. Experience with Elastic Security, ES|QL and KQL is highly desirable. * You take ownership of complex technical challenges, balancing pragmatism with security excellence, and are comfortable leading initiatives from idea through implementation. * You're an excellent collaborator and communicator who enjoys mentoring others, influencing technical direction and partnering across engineering to build secure systems at scale. WHAT’S IN IT FOR YOU * Flexibility to work where you thrive – Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice. * Reward for your impact – Receive a competitive total compensation package aligned with Bitpanda’s pay-for-impact policy, including participation in our stock option plan. * Support for your mental wellbeing – Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP. * Time to recharge – On top of your standard annual leave, Prioritise your wellbeing with 3 additional days of paid time off to rest, reset, and recharge, available once you’ve been with us for 6 months. * Continuous learning and growth – Grow your skills and stay ahead in your career with unlimited access to Udemy’s library of online courses at your own pace. * Exclusive perks and rewards – Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel. * Support during life milestones – Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family. * Fuel and focus on-site – Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fueled and focused all day long. * Recognition for your contributions – Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda. * Show your Bitpanda pride – Access exclusive Bitpanda-branded merchandise and gear to represent. * Connect and celebrate with your team – Join unforgettable company events, from our Winter Party in Vienna to gatherings worldwide, fostering fun, connection, and celebration .…and even more location-specific benefits designed to make life at Bitpanda even more rewarding wherever you are. Above all, you will have the opportunity to learn and grow as part of Bitpanda’s incredible journey towards being Europe’s future #1 investment platform. BITPANDA IS COMMITTED TO FOSTERING A FAIR AND EQUAL ENVIRONMENT BASED ON TRUST AND MUTUAL RESPECT. WE BELIEVE THAT A DIVERSE AND INCLUSIVE WORKPLACE IS PARAMOUNT TO OUR SUCCESS AND WE ARE COMMITTED TO BUILDING A TEAM THAT REPRESENTS A WIDE VARIETY OF BACKGROUNDS, PERSPECTIVES, AND SKILLS. * THESE BENEFITS MAY BE ADJUSTED AT BITPANDA’S DISCRETION AND DO NOT APPLY TO OUR INTERNSHIPS AND EXCEPTIONS TO OUR HYBRID WORKING POLICY APPLY TO TEAMS WITH SHIFT SCHEDULES OR FOR FOLKS WHOSE ROLES REQUIRE THEM TO BE IN-OFFICE (THINK: WORKPLACES TEAM OR IT).