
Abound · London
About Abound We’re redefining consumer lending in the UK, and beyond. Using advanced AI and Open Banking data, we make fair, affordable personal finance availa...
About Abound
We’re redefining consumer lending in the UK, and beyond. Using advanced AI and Open Banking data, we make fair, affordable
personal finance available to more people. While traditional lenders rely almost entirely on credit scores, we look at the full
financial picture - how much you spend, and what you can afford to repay to build a deeper, more accurate understanding of each
customer's unique financial situation.
And we've shown it works at scale. We’ve issued over £1.3bn in loans directly to customers while delivering market-leading credit
performance - for every 10 defaults the industry expects, we see only 3. We also reached profitability just 2.5 years after
launch.
Backed by £2bn+ of funding from top-tier investors including Citi, GSR Ventures, and Deutsche Bank, we’re recognised as one of
Europe’s fastest-growing fintechs (Sifted, CNBC). Now, we’re expanding into new markets and product lines - and we’re looking for
ambitious people who want to learn fast, take ownership, and grow with us.
You won't be sitting in an ivory tower throwing policies over the fence. You will be embedded directly within our Platform team in
a true DevSecOps capacity. Operating as a highly technical individual contributor, you will bridge the gap between product-led
engineering and Corporate IT.
You will play a hands-on role in challenging the security architecture of production and corporate IT infrastructure.
In your first 6–12 months, you will design and implement our next-generation cloud security architecture across AWS and GCP, while
helping to build and mature our internal SOC capabilities, including detection and response.
You will take ownership of Microsoft Sentinel, enhancing our SIEM/SOAR capabilities, and strengthen identity and access management
through improved and automated RBAC across AWS, Microsoft Entra, and internal systems.
You will also drive a shift-left approach to security by embedding controls into GitLab CI/CD pipelines, including scanning, IaC
reviews, and automated policy enforcement across the SDLC.
Cloud & Compute: AWS, ECS Fargate, Aurora, Lambda, GCP
Data Lake: S3, DMS, Glue
Cloud Security Tooling: GuardDuty, Security Hub, Inspector, Security Command Center
Code & IaC: Python, Java, GitLab, AWS CDK, Terraform/CDK-TF
Observability & Incident Management: AMP, Incident.io
security engineering, with hands-on experience elevating the security posture of other organisations.
scratch.
architectures.
security with engineering velocity.
What we offer
Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable. THE OPPORTUNITY We're looking for a senior Security Engineer to own security at Apollo Research from end to end. You'll be the first dedicated security hire at Apollo. Security at Apollo exists to maintain the trust of our frontier AI lab partners and enable our research mission. This role sits within the engineering team and reports directly to the CEO. YOU HAVE THE OPPORTUNITY TO - Build and own Apollo's security programme. Own the security roadmap, conduct risk assessments, and evolve the programme as the org grows. You decide what Apollo's security posture needs to look like given our size, threat model, and partner relationships. - Maintain the trust of our frontier AI lab partners. Become the primary security point of contact for partner security teams. Build relationships with partner CISOs, produce and maintain technical documentation on Apollo's security practices, and demonstrate that our security posture meets the bar required for our ongoing partnerships. - Set security direction for engineering. Define security principles and AppSec strategy which the engineering team implements. Build paved roads that make the secure path easy for engineers. - Define how Apollo uses AI tools, agents, and integrations. Decide what's approved, what data can go where, and how new tools get vetted. This is a live and evolving challenge, and you'll need to balance security with the fact that researchers need to use cutting-edge tools to do their jobs. - Own the security tooling stack and automate security operations. Select, implement, and manage security controls including EDR/MDR, endpoint management, email protection, and identity management. Automate wherever possible: zero-touch deployments, IaC for security tooling, automated provisioning and deprovisioning. - Drive compliance and certification. Lead certification efforts (ISO 27001, SOC 2) as needed to meet partner requirements. Automate where needed and treat compliance as a byproduct of good security practice. - Own IT administration across the organisation. Manage Google Workspace, define access policies, and build secure onboarding and offboarding processes. WHAT WE'RE LOOKING FOR - Engineering mindset. You treat security operations and GRC as engineering problems. You reach for automation and systems solutions over manual processes. - Pragmatism. You understand that security exists to enable Apollo's mission and maintain partner trust, and you tailor your advice to our risk profile. - Leadership. You are capable of building out our security programme from scratch. - Hands-on. In addition to leading the security programme, you are willing and able to drive implementation yourself. - Speed. You make good-enough decisions quickly and execute fast once a decision is made. - Adaptability to new developments. You have a strong base of knowledge that enables you to make decisions under uncertainty as AI tooling and the threat landscape evolve. - Stakeholder credibility. Non-security people trust you internally, and you can credibly represent Apollo to lab partner security teams externally.
About us: Causaly is redefining how humans acquire knowledge and develop insights in biomedicine. Our AI-powered platform enables researchers and decision-makers to discover and interpret evidence from millions of scientific publications, clinical trials, regulatory documents, and other complex data sources in minutes. We are building the world’s most advanced biomedical knowledge platform, powered by a high-precision Knowledge Graph and GenAI capabilities. Our technology is already used by leading biopharmaceutical organizations to accelerate drug discovery, improve safety, and drive better decision-making. Backed by top-tier investors including ICONIQ, Index Ventures, Pentech, and Marathon, we are scaling rapidly and expanding our product suite and market presence. About the Role We are looking for a Senior or Staff Security Engineer to join our security team and own our vulnerability management program, collaborate with several Engineering and Product teams as a Security advisor and support SecOps. You will operate with a high degree of autonomy — defining strategy, building processes, and acting as a trusted security advisor to our engineering organisation. What You'll Do * Own the vulnerability management program end-to-end: strategy, tooling, prioritisation, and remediation tracking across dependencies, containers, and cloud environments. * Define and maintain a dependency security strategy, including policies for third-party library adoption and update cadence. * Integrate and maintain security tooling in CI/CD pipelines (SAST, SCA, secrets detection, container scanning). * Act as a security consultant to product and engineering squads — supporting design reviews, architecture decisions, and secure coding practices. * Define and maintain security standards and guidelines practical for development teams. * Manage and continuously improve the Security Champions program — growing security awareness and capability across engineering teams. * Support SecOps in incident triage and response, contributing security engineering context where needed. Requirements * Strong knowledge of cloud security — IAM, network security, secure configuration best practices. * Hands-on experience with security tooling in CI/CD pipelines (SAST, SCA, secrets scanning, container scanning). * Proven experience in a vulnerability management role, through the entire lifecycle. * Passionate and knowledgeable about using LLMs for building robust security practices, including triage, secure code review, threat analysis and tooling * In-depth knowledge of secure coding practices in Node.js, TypeScript, Python, and/or React. * Familiarity with security frameworks and standards (e.g. OWASP, NIST, CIS Benchmarks). * Strong communication skills, with the ability to translate risk for both technical and non-technical audiences. Nice to Have * Experience with Semgrep for static analysis and custom rule authoring. * Experience with Wiz for cloud security posture management. * Experience running or contributing to a Security Champions program. * Experience with threat modelling (e.g. STRIDE). * Familiarity with SOC 2 and ISO 27001. * Relevant certifications are considered a plus (e.g. CISSP, IaaS specific certifications, etc..). Benefits UK: 💰 Competitive compensation package 🩺 Private medical insurance 🦷 Private dental insurance 📔 Life insurance (4 x salary) 🤓 Personal development budget 🧘 Individual wellbeing budget 🌴 25 days holiday plus bank holidays 🥳 Your birthday off! 🚀 Potential to have real impact and accelerated career growth as a member of an international team that's building a transformative AI product. We are on a mission to accelerate scientific breakthroughs for ALL humankind, and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.
Every day, tens of millions of people come to Roblox to explore, create, play, learn, and connect with friends in 3D immersive digital experiences– all created by our global community of developers and creators. At Roblox, we’re building the tools and platform that empower our community to bring any experience that they can imagine to life. Our vision is to reimagine the way people come together, from anywhere in the world, and on any device. We’re on a mission to connect a billion people with optimism and civility, and looking for amazing talent to help us get there. A career at Roblox means you’ll be working to shape the future of human interaction, solving unique technical challenges at scale, and helping to create safer, more civil shared experiences for everyone. As a founding member of the Security Operations team in EMEA, you will join us at an exciting time in Roblox’s SIRT & SOC program. You will design and build the detections, automation and tooling that let a lean team monitor and protect players, developers, employees and the platform at global scale and serve as security incident commander in the region. This is a highly autonomous role where you will be a primary decision-maker, core to our mission to maintain a highly capable 24/7/365 monitoring and response capability. While you will work in close collaboration with peers at our US West Coast Headquarters, the time difference requires an engineer who can operate independently, making critical decisions without immediate oversight. We favor engineering our way out of toil through automation, orchestration, detections-as-code, and risk-based prioritization, while retaining the deep technical skills required to conduct detailed, hands-on analysis and lead response end-to-end when the situation warrants. Work Environment: This role is based in London, UK. You will be working from a dedicated, private space located within a shared office environment, designed to enable collaboration while remaining secure. YOU WILL: * Build Detection & Response Systems: Design, write, and maintain production-quality detections, automations and integrations (detections-as-code, SOAR playbooks, data and enrichment pipelines) that scale our monitoring capability and reduce manual toil. * Own Tooling & Platform: Develop and improve the tooling the global SIRT/SOC depends on alert quality and enrichment, case-management integrations and automation that powers reliable "follow-the-sun" hand-offs. * Exercise High Autonomy: Act as the primary Incident Commander for the European time zone, making critical, time-sensitive decisions independently before US HQ comes online. You will serve as the senior-most security engineering point of contact in the region. * Drive Strategy & Architecture: Shape the technical direction of the detection & response engineering function, specifically architecting how global hand-offs and "follow-the-sun" models can be optimized and automated. * Command Security Incidents: Ensure serious threats and impacts are understood, mitigated, and learned from with speed and professionalism, often leading responses end-to-end without immediate escalation paths during local hours — and turning what you learn into durable, automated detections. * Conduct Forensic Investigations & Threat Hunt: Dig into complex context to determine whether threats exist, take decisive action and proactively hunt for anomalous activity in our signals, distinguishing outliers from threats. * Lead High-Profile Responses: Collaborate with Security and Engineering to lead responses to major vulnerabilities or platform-wide events. * Collaborate Cross-Functionally: Work with Legal, HR, Executive teams, and external partners (Developers & Customers). You will also travel semi-regularly to the USA to visit HQ, ensuring deep alignment with central engineering and security leadership. YOU HAVE: * Experience: 10+ years across security engineering, Infosec, IT, Infra/SRE, and/or Incident Response. * Specialization: 7+ years specifically in Detection or Response, with a track record of building, writing detections, automation or security tooling, not solely operating. * Engineering Proficiency: Comfortable writing and reviewing production-quality code (Scripting) and building automations, integrations and data pipelines that others depend on. * Autonomous Leadership: Proven ability to work independently in satellite offices or distributed teams. You are comfortable being the "person in charge" during your shift and making calls that impact the business. * Incident Command: Extensive experience operating as an incident commander. You can flex into deep engineering work but also possess the executive presence to coordinate responders and communicate status to leadership. * Investigations: Expert-level capability investigating threats in enterprise and production environments, taking ownership from identification to resolution. * Knowledge/Tools/Techniques: Deep understanding of security tooling (SIEM, EDR, IDS/IPS, NDR, SOAR) and experience extending or building on it. You are proficient in applying Incident Response frameworks (NIST IR Lifecycle, Cyber Kill Chain, MITRE ATT&CK) to real-world scenarios, and you collaborate effectively with engineering colleagues, leveraging extensive expertise across infrastructure and technologies (Public Cloud, OS, Virtualization, Containerization, Networking, Build/Development infrastructure, and Hardware). * Education: Bachelor's degree in Computer Science, Cybersecurity, or a related technical field; advanced degree preferred or equivalent experience. YOU ARE: * A Builder-Operator: You would rather automate a problem out of existence than staff around it and you hold yourself to an engineering bar even under incident pressure. * A Strategic Self-Starter: You don't wait for instructions. You identify gaps in coverage — especially those unique to regional or time-zone-specific challenges — and fix them. * A Detailed Thinker: You enjoy exploring the details and considering the second- and third-order effects of your decisions. * An Eager Problem Solver: You are drawn to complex issues rather than avoidant of them. * Emboldened to Make Change: You instinctively ask what you can do to improve the situation rather than waiting to be prompted. * Compelled by our Mission: You are driven by the opportunity to protect our community and the safe space we've created. * A Calculated Risk Taker: You move fast, navigating reasonable risks to take action and build capabilities as quickly as possible. Roles that are based in an office are onsite Tuesday, Wednesday, and Thursday, with optional presence on Monday and Friday (unless otherwise noted). Roblox provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Roblox also provides reasonable accommodations to candidates with qualifying disabilities or religious beliefs during the recruiting process. For US based roles only, please note the Company may not be able to employ candidates for this role who have United States work authorization related to certain U.S. visa categories, or support future H-1B sponsorship at this time.