
Apollo Research · London
Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable. THE OPPORTUNITY We're looking fo...
Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable.
We're looking for a senior Security Engineer to own security at Apollo Research from end to end. You'll be the first dedicated security hire at Apollo. Security at Apollo exists to maintain the trust of our frontier AI lab partners and enable our research mission. This role sits within the engineering team and reports directly to the CEO.
About us: Causaly is redefining how humans acquire knowledge and develop insights in biomedicine. Our AI-powered platform enables researchers and decision-makers to discover and interpret evidence from millions of scientific publications, clinical trials, regulatory documents, and other complex data sources in minutes. We are building the world’s most advanced biomedical knowledge platform, powered by a high-precision Knowledge Graph and GenAI capabilities. Our technology is already used by leading biopharmaceutical organizations to accelerate drug discovery, improve safety, and drive better decision-making. Backed by top-tier investors including ICONIQ, Index Ventures, Pentech, and Marathon, we are scaling rapidly and expanding our product suite and market presence. About the Role We are looking for a Senior or Staff Security Engineer to join our security team and own our vulnerability management program, collaborate with several Engineering and Product teams as a Security advisor and support SecOps. You will operate with a high degree of autonomy — defining strategy, building processes, and acting as a trusted security advisor to our engineering organisation. What You'll Do * Own the vulnerability management program end-to-end: strategy, tooling, prioritisation, and remediation tracking across dependencies, containers, and cloud environments. * Define and maintain a dependency security strategy, including policies for third-party library adoption and update cadence. * Integrate and maintain security tooling in CI/CD pipelines (SAST, SCA, secrets detection, container scanning). * Act as a security consultant to product and engineering squads — supporting design reviews, architecture decisions, and secure coding practices. * Define and maintain security standards and guidelines practical for development teams. * Manage and continuously improve the Security Champions program — growing security awareness and capability across engineering teams. * Support SecOps in incident triage and response, contributing security engineering context where needed. Requirements * Strong knowledge of cloud security — IAM, network security, secure configuration best practices. * Hands-on experience with security tooling in CI/CD pipelines (SAST, SCA, secrets scanning, container scanning). * Proven experience in a vulnerability management role, through the entire lifecycle. * Passionate and knowledgeable about using LLMs for building robust security practices, including triage, secure code review, threat analysis and tooling * In-depth knowledge of secure coding practices in Node.js, TypeScript, Python, and/or React. * Familiarity with security frameworks and standards (e.g. OWASP, NIST, CIS Benchmarks). * Strong communication skills, with the ability to translate risk for both technical and non-technical audiences. Nice to Have * Experience with Semgrep for static analysis and custom rule authoring. * Experience with Wiz for cloud security posture management. * Experience running or contributing to a Security Champions program. * Experience with threat modelling (e.g. STRIDE). * Familiarity with SOC 2 and ISO 27001. * Relevant certifications are considered a plus (e.g. CISSP, IaaS specific certifications, etc..). Benefits UK: 💰 Competitive compensation package 🩺 Private medical insurance 🦷 Private dental insurance 📔 Life insurance (4 x salary) 🤓 Personal development budget 🧘 Individual wellbeing budget 🌴 25 days holiday plus bank holidays 🥳 Your birthday off! 🚀 Potential to have real impact and accelerated career growth as a member of an international team that's building a transformative AI product. We are on a mission to accelerate scientific breakthroughs for ALL humankind, and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.
CUBE are a global RegTech business defining and implementing the gold standard of regulatory intelligence for the financial services industry. We deliver our services through intuitive SaaS solutions, powered by AI, to simplify the complex and everchanging world of compliance for our clients. Why us? 🌍 CUBE is a globally recognized brand at the forefront of Regulatory Technology. Our industry-leading SaaS solutions are trusted by the world’s top financial institutions globally. 🚀 In 2024, we achieved over 50% growth, both organically and through two strategic acquisitions. We’re a fast-paced, high-performing team that thrives on pushing boundaries—continuously evolving our products, services, and operations. At CUBE, we don’t just keep up we stay ahead. 🌱 We believe our future is built by bold, ambitious individuals who are driven to make a real difference. Our “make it happen” culture empowers you to take ownership of your career and accelerate your personal and professional development from day one. 🌐 With over 700 CUBERs across 19 countries spanning EMEA, the Americas, and APAC, we operate as one team with a shared mission to transform regulatory compliance. Diversity, collaboration, and purpose are the heartbeat of our success. 💡 We were among the first to harness the power of AI in regulatory intelligence, and we continue to lead with our cutting-edge technology. At CUBE, You will work alongside some of the brightest minds in AI research and engineering in developing impactful solutions that are reshaping the world of regulatory compliance. Purpose Provide senior-level security engineering expertise as part of a shared enabling function, helping teams across the organisation design, build, and operate systems securely. This role contributes to the organisation’s mission by embedding security into systems and development workflows, reducing risk through secure patterns and automation, and raising the overall security capability of engineering teams. Key Responsibilities Act as a senior hands-on contributor to the design, implementation, and operation of security controls within systems and platforms. Partner with Software Engineers and Platform Engineers to embed security considerations into system design, code review practices, and delivery workflows. Define, promote, and evolve secure development and operational practices, enabling teams to identify and address security concerns independently. Design and maintain secure defaults, guardrails, and reusable security patterns that teams can safely adopt. Build and operate security tooling and automation that integrates naturally into development and delivery processes. Support threat modelling, design review, and targeted code or configuration review, focusing on enablement rather than approval. Participate in build–run ownership for security-related systems and controls, including monitoring and incident response. Lead investigation and response to security incidents in collaboration with affected teams, ensuring learning is shared and acted upon. Support vulnerability management by helping teams prioritise, remediate, and verify security issues. Provide security input to change management processes, ensuring risk is understood and mitigated without unnecessary friction. Collaborate with Architecture and Platform Engineering to ensure security principles are reflected in shared patterns and reference designs. Contribute to security standards and guidance in partnership with governance and risk functions. Mentor and support Junior Security Engineers and Security Engineers, raising security maturity across the organisation. Skills & Competencies Strong security engineering expertise with experience securing modern software and cloud-based systems. Ability to translate security risks into practical engineering guidance and controls. Experience building or operating security tooling, automation, and reusable patterns. Good understanding of application, infrastructure, and cloud security principles. Experience responding to security incidents and supporting effective remediation. Clear communication skills, able to explain security concepts and risks to non-specialists. Collaborative mindset focused on enabling teams rather than policing delivery. Required Experience & Qualifications Relevant experience, training, or demonstrated capability for the role's track, domain, and level. Practical understanding of the tools, methods, governance, and delivery practices used in the role. Ability to work effectively with relevant stakeholders and contribute to reliable, high-quality outcomes. Relevant degree, professional qualification, certification, apprenticeship, or equivalent experience is desirable where applicable. Performance Indicators Increased adoption of secure patterns and practices by engineering teams. Reduction in repeat security issues and common failure modes. Improved quality of security considerations in design and code reviews. Effective handling of security incidents with clear learning and follow-up actions. Positive feedback from teams regarding the usefulness and approachability of security support. Development Pathways Progression to Lead Security Engineer or broader security leadership roles as the organisation matures. Interested? If you are passionate about leveraging technology to transform regulatory compliance and meet the qualifications outlined above, we invite you to apply. Please submit your resume detailing your relevant experience and interest in CUBE. CUBE is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
The Company Cubic³ provides advanced software-defined vehicle solutions to over 200 countries around the world. Our powerfully smart connectivity enables leading automotive, agriculture, and transportation OEMs to deliver innovative new services and fully compliant in-vehicle experiences that customers desire, regardless of local market requirements. We believe in leadership that supports empowerment and responsibility, while recognising and developing leadership qualities across Our Team. Together we bring out the best in each other. So, whether you’re interested in joining us as an individual contributor, manager, senior leader – or someone who aspires to growing into a leadership role – we look for people who are results focused, empathetic, visionary, empowering, and who ‘champion’ our cultures and values. Role Overview Responsible for leading the design, implementation, and continuous improvement of security engineering practices across cloud, on-premise, and hybrid environments. This role drives security-by-design principles, DevSecOps integration, Cloud and platform hardening, while providing technical leadership across the organisation. Key Responsibilities * Define and implement security-by-design principles across cloud, on-premise, endpoint, and network environments * Embed security into CI/CD pipelines (DevSecOps) in collaboration with engineering and DevOps teams * Conduct and lead security risk assessments, ensuring mitigation strategies are implemented across new applications, platforms, and third-party tools * Own and enhance cloud, platform, and endpoint security posture, including monitoring for configuration drift and vulnerabilities * Develop and enforce hardening standards across endpoints (Windows/macOS), servers, and compute environments * Support and partner with teams across IAM, GRC, DLP, SOC, and Vulnerability Management to strengthen overall security capability * Own and manage security tools related to the role and discipline e.g. SAST Tooling * Drive automation, AI usage and tooling improvements to increase efficiency and reduce risk * Provide support to the business as it relates to solution design, project and change management security. * Provide technical leadership and incident response support during security events * Collaborate with IT, DevOps, Software, Networks and Infra teams to embed security practices * Stay current on emerging threats, vulnerabilities, and security technologies Required Qualifications * Bachelor’s degree in computer science, Cybersecurity, or related field * 8+ years of experience in cybersecurity or information security roles. * Experience designing and implementing enterprise scale security principles * Proven ability to influence and work with cross-functional teams and departments * Hands on experience with end user and cloud security (Azure, AWS, Windows and MAC O/S) * Strong technical knowledge of software development (CI/CD pipeline), cloud and security by design ways of working. * Experience with security frameworks (NIST, ISO/IEC 27001, NIS2 TISAX) Key Skills Required * Security architecture & Zero Trust principles * Cloud security (Azure & AWS) * DevSecOps and CI/CD security integration (SDLC) * Security frameworks & compliance (ISO 27001, NIST, NIS2, TISAX) * Workflow Automation & AI adoption * Stakeholder management & technical leadership Tool Experience * Microsoft Azure (E5 Toolset) - Defender for Cloud, Defender for Endpoint, Defender for Identity, Microsoft Purview * AWS Security Hub (CSPM), Amazon Guard Duty, AWS Inspector, AWS Identity Analyser, AWS Config * SonarCloud (SAST Tooling) * Atlassian Cloud (Confluence / Jira) * Vanta (GRC) * Strong Microsoft Office 365 knowledge Certifications (Desired) * ISC2 - CISSP/CCSP/CSSLP * AWS Certified Security - Specialty * Microsoft Azure Security Engineer Associate (AZ-500) * Microsoft Cybersecurity Architect Expert (SC-100) * GIAC GSSP/ GCSA New hires at Cubic³ are required to work onsite five days a week during their six-month probation period to get to know the company, their team, and our ways of working. After probation, we offer a flexible arrangement of up to eight work-from-home days per month, provided it aligns with business needs and performance standards. This arrangement is not a given for all roles. Cubic³ is an equal opportunities employer and committed to fostering a diverse and inclusive workplace.