
Freetrade · London
ABOUT FREETRADE Freetrade’s mission is to become the default place to invest. Investing has been too complicated and expensive for too long, keeping millions f...
Freetrade’s mission is to become the default place to invest. Investing has been too complicated and expensive for too long,
keeping millions from making the most of their savings.
We’re changing that.
We’re building our team and looking for people who are excited to reshape how our customers invest and grow their wealth. If
you’re driven by solving complex problems and building innovative products, you’ll fit right in.
2026 is a big year for us. Last year, we announced a game changing deal to become part of the IG Group. We’ll continue to operate
as an independent business while gaining access to the resources and support of an established leader in the space.
This year, we’re accelerating our roadmap and taking our products to the next level. We’re building new features like mutual
funds, bonds, and family investment tools. We’re also exploring how we can leverage AI to deliver an even better experience for
our customers.
At Freetrade, we're on a mission to make investing accessible to everyone. We operate in a highly regulated financial environment
where security isn't just a function, it's a foundation. As we scale, we're looking for a sharp, motivated Security Intern to join
our Security, Privacy and Infrastructure team for the summer and contribute to real, meaningful work from day one.
About the Role
This is a hands-on internship, not a shadowing exercise. Whether you're a student, a recent graduate, or making your first move
into security, you'll be embedded in the security team, working on operational tasks and a dedicated project designed to directly
improve security at Freetrade. Your time will be split roughly 50/50 between supporting ongoing security operations and owning a
scoped project with a clear outcome.
You'll be supported throughout, with a defined onboarding plan, pre-scoped tasks, daily check-ins with your manager, and weekly
visibility with the Director of SPI.
What You'll Work On
practical use.
What You Bring
Programme Structure
Support and Management
What's in it for You
Please note, applicants must be 18 years of age or older at the time of application and legally eligible to work in the relevant
location.
We are an Equal Opportunity employer committed to a diverse and representative team. Whatever your race, religion, colour,
national origin, gender, sexual orientation, age, marital status, or disability - we want to hear from you.
To find out more about how we look after your personal data when you apply for a job with us, please see our Recruitment Privacy
Policy here.
Please note we are not accepting agency CVs.
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. The Security Assurance team is responsible for identifying, assessing, and validating security risks across QRT’s technology environment. The team works closely with Security Engineers, Software Engineers, Infrastructure Engineers, Cloud Engineers, and Technology stakeholders to evaluate the effectiveness of security controls and strengthen the firm's overall security posture through adversarial testing and assurance activities. Your Future Role within QRT You will: * Conduct internal penetration testing across a wide range of systems, including trading infrastructure, cloud platforms, APIs, and business applications in both Windows and Linux environments. * Perform red team-style assessments and adversarial simulations to identify weaknesses in detection, response, and resilience capabilities. * Design and execute security assurance strategies to validate the effectiveness of security controls across applications, infrastructure, and cloud environments. * Coordinate external penetration testing engagements with third-party security vendors, including scoping, execution oversight, validation of findings, and remediation tracking across cloud, infrastructure, and application environments. * Identify, exploit, and clearly document vulnerabilities, providing actionable remediation guidance tailored to engineering teams. * Collaborate with product security and development teams to ensure vulnerabilities are properly remediated. * Support threat modelling exercises by providing an attacker’s perspective on system design and architecture. * Develop and maintain tooling, scripts, and frameworks to automate testing and improve coverage of security assessments. * Contribute to continuous security testing within CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls. * Conduct security reviews of internal and third-party systems, validating real-world exploitability of identified risks. * Provide mentorship and training to engineers on common attack vectors, exploitation techniques, and secure design principles. * Stay current with emerging threats, vulnerabilities, and offensive security techniques relevant to financial systems and low-latency environments. Your present skillset: * 5+ years of experience in penetration testing, red teaming, or security assurance roles, with hands-on experience testing complex, large-scale systems. * Strong practical knowledge of offensive security techniques, including web application, API, network, and cloud exploitation. * Solid understanding of system internals, networking, and common vulnerability classes, including OWASP Top 10, logic flaws, authentication and authorisation issues, and race conditions. * Familiarity with both Windows and Linux environments from an attacker’s perspective. * Experience using standard penetration testing tools such as Burp Suite, Metasploit, Nmap, BloodHound, and similar offensive security tooling. * Ability to assess the real-world impact of vulnerabilities and prioritise risks in a high-stakes environment. * Ability to clearly document findings, explain exploitability, and provide practical remediation guidance to engineering and infrastructure teams. * Strong communication skills, with the ability to clearly articulate technical risks and remediation strategies to engineering stakeholders. * Ability to operate independently, manage multiple assessments, and provide senior-level technical judgement during security assurance activities. * Preferred: * Experience testing applications and services developed in languages such as Python, C++, Rust, Go, and Kotlin/Java. * Experience with cloud security testing across AWS or Azure, including IAM, network configuration, storage, managed services, and common cloud misconfigurations. * Experience developing custom penetration testing tools, automation, scripts, exploits, or fuzzers. * Experience integrating security testing into CI/CD pipelines or supporting continuous assurance practices. * Understanding of detection and response mechanisms, with the ability to evaluate or bypass them during controlled testing. * Experience conducting red team exercises, adversary simulations, or purple team engagements. * Experience with containerised environments, Kubernetes, infrastructure-as-code, or hybrid cloud infrastructure. * Knowledge of low-latency systems, financial trading environments, or high-performance distributed systems. * Relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, CCT INF, or equivalent practical experience. QRT is an equal opportunity employer. We value diversity as essential to our success and are committed to creating an environment where employees can work openly, respectfully, and collaboratively. In addition to supporting professional achievement, QRT offers initiatives and programmes designed to help employees maintain a healthy work-life balance.
OPPORTUNITY The Security Engineer will join Brunswick's Information Security team and play a key role in supporting the firm's secure adoption of AI and emerging technologies. This role will act as a dedicated security professional supporting requests and initiatives originating from the firm's AI team, providing security review, architecture input, and risk-based guidance across third-party AI tools, enterprise platforms, AI-enabled applications, and internally developed solutions. Working closely with the AI team, ICT, application owners, and business stakeholders, the Security Engineer will help ensure new technologies are protected through appropriate security controls and guardrails throughout the development and delivery lifecycle. ABOUT THE ROLE In this role, you will provide technical security expertise across AI-related requests, third-party AI tools, internally developed applications, workflows, enterprise features, and emerging agent-based use cases. Key responsibilities include: * Review and assess third-party AI tools, enterprise AI platforms, and new AI-enabled features, including solutions such as ChatGPT, Claude, Microsoft Copilot, and other emerging technologies. * Review and assess requests relating to AI-enabled solutions, enterprise AI platforms, new features, integrations, and internally developed applications. * Provide security architecture guidance for applications and solutions developed or introduced by the AI team. * Support the implementation of security guardrails, governance processes, and secure design patterns for AI adoption across the firm. * Conduct STRIDE-based threat modelling for new internally developed solutions, AI-enabled workflows, integrations, and automation use cases. * Assess risks associated with AI use cases, including data exposure, prompt injection, model misuse, third-party dependency risk, inappropriate access to sensitive information, and insecure integrations. * Advise on secure design principles, including identity and access management, data protection, logging, monitoring, encryption, resilience, and secure configuration. * Define and document security requirements, architecture decisions, design recommendations, and risk-based remediation actions. * Monitor emerging AI security risks, attacker techniques, and industry best practices, ensuring relevant mitigations are considered within Brunswick's environment. WHAT WE'RE LOOKING FOR We're looking for an experienced, technically capable security professional who can combine strong security engineering expertise with practical judgement and clear communication. The ideal candidate will demonstrate: * 5-7 years' experience in cyber security, information security, security engineering, or a related technical security role. * Proven experience providing security guidance across technology projects, enterprise platforms, AI-related initiatives, third-party tools, cloud-based solutions, or internally developed applications. * Strong understanding of security architecture and secure design principles, including identity and access management, data protection, logging, monitoring, encryption, network security, and resilience. * Familiarity with AI-related technologies, enterprise AI platforms, large language models, agentic AI, and the security risks associated with AI adoption. * Experience conducting STRIDE-based threat modelling, technical risk assessments, or security design reviews. * Practical understanding of cloud and enterprise environments, particularly Microsoft 365, Azure, SaaS platforms, and modern workplace technologies. * Ability to translate technical security risks into clear, business-focused recommendations. * Strong written and verbal communication skills, with confidence engaging technical and non-technical stakeholders. * Understanding of security risks associated with third-party AI tools, internally developed AI applications, integrations, automation, and agent-based use cases. * Sound judgement, attention to detail, and the ability to balance security requirements with business needs. * Experience working in an ISO27001-aligned or regulated environment would be beneficial. * Preferred, but not essential, certifications: * ISC2: CISSP, CCSP, SSCP * ISACA: CISM, CISA, CRISC * CompTIA: Security+, CySA+, CASP+ WHY JOIN US Whether you are joining a client facing team, a core services team, or starting out on your professional career journey, joining Brunswick unlocks a range of employee benefits to support your financial future, health and wellness, family and community and continuous professional development. ABOUT BRUNSWICK Brunswick is a global advisory firm. We help companies tackle high-stakes issues, navigate complex stakeholder relationships, and deliver high-impact outcomes. Our clients value our ability to anticipate, shape, and respond to the key players and forces in the financial and investment arena, regulatory and geopolitical universe, NGO community, workforce and beyond. They rely on us for deep experience, fresh perspectives and original thinking. So, in Brunswick you will find an exceptional range of experience and talent with a rich mix of backgrounds. From the beginning, we have prioritized attracting, developing, and retaining the best professionals in the industry, united by a culture of inclusivity, excellence, and intellectual curiosity. Founded in 1987 in London, the firm has organically grown to 27 offices in 18 countries across the Americas, Europe, Middle East, Africa, Asia and Australia. We operate as a “one-firm firm” with no individual profit centers. This allows us to assemble fully integrated, bespoke teams for each client, able to draw on the full resources of Brunswick anywhere in the world. Brunswick is an equal opportunity employer. All qualified applicants will be considered without regard to race, religion, color, national origin, gender, sexual orientation, age, disability, pregnancy, genetic information, or any other status protected by applicable law. Please read our Global Privacy Notice to understand how your data is managed.
Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable. THE OPPORTUNITY We're looking for a senior Security Engineer to own security at Apollo Research from end to end. You'll be the first dedicated security hire at Apollo. Security at Apollo exists to maintain the trust of our frontier AI lab partners and enable our research mission. This role sits within the engineering team and reports directly to the CEO. YOU HAVE THE OPPORTUNITY TO - Build and own Apollo's security programme. Own the security roadmap, conduct risk assessments, and evolve the programme as the org grows. You decide what Apollo's security posture needs to look like given our size, threat model, and partner relationships. - Maintain the trust of our frontier AI lab partners. Become the primary security point of contact for partner security teams. Build relationships with partner CISOs, produce and maintain technical documentation on Apollo's security practices, and demonstrate that our security posture meets the bar required for our ongoing partnerships. - Set security direction for engineering. Define security principles and AppSec strategy which the engineering team implements. Build paved roads that make the secure path easy for engineers. - Define how Apollo uses AI tools, agents, and integrations. Decide what's approved, what data can go where, and how new tools get vetted. This is a live and evolving challenge, and you'll need to balance security with the fact that researchers need to use cutting-edge tools to do their jobs. - Own the security tooling stack and automate security operations. Select, implement, and manage security controls including EDR/MDR, endpoint management, email protection, and identity management. Automate wherever possible: zero-touch deployments, IaC for security tooling, automated provisioning and deprovisioning. - Drive compliance and certification. Lead certification efforts (ISO 27001, SOC 2) as needed to meet partner requirements. Automate where needed and treat compliance as a byproduct of good security practice. - Own IT administration across the organisation. Manage Google Workspace, define access policies, and build secure onboarding and offboarding processes. WHAT WE'RE LOOKING FOR - Engineering mindset. You treat security operations and GRC as engineering problems. You reach for automation and systems solutions over manual processes. - Pragmatism. You understand that security exists to enable Apollo's mission and maintain partner trust, and you tailor your advice to our risk profile. - Leadership. You are capable of building out our security programme from scratch. - Hands-on. In addition to leading the security programme, you are willing and able to drive implementation yourself. - Speed. You make good-enough decisions quickly and execute fast once a decision is made. - Adaptability to new developments. You have a strong base of knowledge that enables you to make decisions under uncertainty as AI tooling and the threat landscape evolve. - Stakeholder credibility. Non-security people trust you internally, and you can credibly represent Apollo to lab partner security teams externally.