
Trainline · London
About us We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book th...
About us
We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers
to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website,
and B2B partner channels.
Great journeys start with Trainline 🚄
Now Europe’s number 1 downloaded rail app, with over 135 million monthly visits and £6.3 billion in annual ticket sales, we
collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple,
seamless, eco-friendly and affordable as it should be.
Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across
London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to
join us on this high-speed journey.
Introducing Security Operations @ Trainline 👋
Our Security Operations team plays a vital role in protecting Trainline's people, platforms and data. As a Security Operations
Engineer, you'll primarily working on monitoring, investigating and responding to security events while helping to strengthen our
detection and response capabilities through continuous engineering and automation improvements.
Working closely with Security, Engineering and Technology teams, you'll combine operational analysis with hands-on engineering,
using Splunk, automation and AI to improve threat detection, streamline investigations and enhance our overall security posture.
You'll optimise our security tooling, improve detection capabilities and support incident response across the business through
threat hunting, continuous improvement and meaningful reporting that enables informed security decisions. If you're passionate
about cybersecurity and enjoy solving complex problems in a collaborative environment, we'd love to hear from you.
In this role as the Security Operations Engineer, you will... 🚄
remediate and learn from security incidents.
incident response.
expanding visibility across our technology estate.
team to respond more effectively and efficiently at scale.
detection capabilities and help shape our Security Operations roadmap.
resilient, up to date, cost effective and aligned with industry best practice.
while supporting vulnerability management activities, including the assessment and response to critical and zero-day
vulnerabilities.
stakeholders to make informed security decisions. You'll also contribute to the wider Security function by participating in the
on-call rota (once established in the role) and supporting compliance and certification activities, including GDPR, PCI DSS and
We'd love to hear from you if you have... 🔍
events using Splunk Search Processing Language (SPL).
Security Operations.
investigations or operational efficiency would be highly beneficial.
investigate security events and make informed, risk-based decisions.
SIEM platforms.
internet-facing applications, would be highly beneficial.
zero-day exploits, would be beneficial.
of the unique security challenges associated with customer-facing platforms.
explain technical concepts clearly to both technical and non-technical stakeholders. Experience supporting compliance
frameworks such as GDPR, PCI DSS or ISO 27001 would be helpful but isn't essential.
Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase
plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits.
We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days.
Jump on board and supercharge your career from day one!
We're operating a hybrid model and ask that Trainliners work from the office a minimum of 60% of their time over a 12-week period.
We also have a 28-day Work from Abroad policy.
Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:
We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity,
sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work,
where everyone belongs and differences are valued and celebrated.
Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn, Instagram and
Glassdoor!
About us: Causaly is redefining how humans acquire knowledge and develop insights in biomedicine. Our AI-powered platform enables researchers and decision-makers to discover and interpret evidence from millions of scientific publications, clinical trials, regulatory documents, and other complex data sources in minutes. We are building the world’s most advanced biomedical knowledge platform, powered by a high-precision Knowledge Graph and GenAI capabilities. Our technology is already used by leading biopharmaceutical organizations to accelerate drug discovery, improve safety, and drive better decision-making. Backed by top-tier investors including ICONIQ, Index Ventures, Pentech, and Marathon, we are scaling rapidly and expanding our product suite and market presence. About the Role We are looking for a Senior or Staff Security Engineer to join our security team and own our vulnerability management program, collaborate with several Engineering and Product teams as a Security advisor and support SecOps. You will operate with a high degree of autonomy — defining strategy, building processes, and acting as a trusted security advisor to our engineering organisation. What You'll Do * Own the vulnerability management program end-to-end: strategy, tooling, prioritisation, and remediation tracking across dependencies, containers, and cloud environments. * Define and maintain a dependency security strategy, including policies for third-party library adoption and update cadence. * Integrate and maintain security tooling in CI/CD pipelines (SAST, SCA, secrets detection, container scanning). * Act as a security consultant to product and engineering squads — supporting design reviews, architecture decisions, and secure coding practices. * Define and maintain security standards and guidelines practical for development teams. * Manage and continuously improve the Security Champions program — growing security awareness and capability across engineering teams. * Support SecOps in incident triage and response, contributing security engineering context where needed. Requirements * Strong knowledge of cloud security — IAM, network security, secure configuration best practices. * Hands-on experience with security tooling in CI/CD pipelines (SAST, SCA, secrets scanning, container scanning). * Proven experience in a vulnerability management role, through the entire lifecycle. * Passionate and knowledgeable about using LLMs for building robust security practices, including triage, secure code review, threat analysis and tooling * In-depth knowledge of secure coding practices in Node.js, TypeScript, Python, and/or React. * Familiarity with security frameworks and standards (e.g. OWASP, NIST, CIS Benchmarks). * Strong communication skills, with the ability to translate risk for both technical and non-technical audiences. Nice to Have * Experience with Semgrep for static analysis and custom rule authoring. * Experience with Wiz for cloud security posture management. * Experience running or contributing to a Security Champions program. * Experience with threat modelling (e.g. STRIDE). * Familiarity with SOC 2 and ISO 27001. * Relevant certifications are considered a plus (e.g. CISSP, IaaS specific certifications, etc..). Benefits UK: 💰 Competitive compensation package 🩺 Private medical insurance 🦷 Private dental insurance 📔 Life insurance (4 x salary) 🤓 Personal development budget 🧘 Individual wellbeing budget 🌴 25 days holiday plus bank holidays 🥳 Your birthday off! 🚀 Potential to have real impact and accelerated career growth as a member of an international team that's building a transformative AI product. We are on a mission to accelerate scientific breakthroughs for ALL humankind, and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.
Hello. We’re Teya. Teya was founded on a simple belief: local businesses deserve better. They are the cafés, restaurants, salons, shops and entrepreneurs that bring character to our high streets, create jobs and keep communities moving. Yet for too long, financial services has made life harder for them - with clunky tools, poor support and complexity that gets in the way of running a business. Teya exists to change that. We’re building a financial platform for local businesses across Europe - one built around simple tools, thoughtful design and real human support. Our Members rely on us to help them run their business with confidence, and that responsibility shapes the way we work. We move fast. We care about quality. We stay close to the detail. And we believe great performance and genuine hospitality should go hand in hand. If you want to build meaningful products, solve real problems and make a genuine difference for local businesses, we’d love to hear from you YOUR MISSION As a Senior DevSecOps Engineer (Security Tooling & Enablement), you will be responsible for embedding automated security controls and guardrails into our CI/CD pipelines, cloud platforms, and developer workflows. You’ll build and operate internal security tooling and integrations that enable secure delivery at scale—focusing on automation, low-friction developer experience, and high-quality security feedback loops. You will partner closely with platform, cloud, AppSec, and SecOps teams to deliver scalable, reliable, and friction-reducing security capabilities across the engineering organisation. RESPONSIBILITIES Security in CI/CD & Delivery Workflows * Integrate and maintain security checks (SAST, DAST, SCA, secrets scanning) into CI/CD pipelines. * Provide fast, actionable, low-noise feedback to developers. * Embed infrastructure and application scanning into automated deployments. Security Tooling & Platform Engineering * Design, build, and operate internal security services, APIs, CLIs, and automation workflows. * Apply strong software engineering practices to security tooling (testing, observability, version control). * Treat security tooling as a product with clear documentation and support. Policy-as-Code & Guardrails * Implement and maintain policy-as-code guardrails for IaC, Kubernetes manifests, cloud accounts and identity configurations. * Work with platform teams to define secure defaults and self-service patterns. Platform Security & Detection Pipelines * Support vulnerability scanning platforms and security telemetry pipelines. * Ensure high-quality structured security data flows to SIEM/log platforms. * Enable automated response actions via integrations and runbooks. DevSecOps Culture & Enablement * Champion secure engineering practices and a shared responsibility mindset. * Drive enablement activities (office hours, guides, training) to improve adoption of secure patterns. * Contribute to blameless post-incident reviews and continuous improvement. Automation, AI & Operational Metrics * Leverage automation and AI to reduce manual toil and enrich security findings. * Define and track metrics such as time-to-feedback, signal-to-noise, and tooling adoption. REQUIREMENTS * 5+ years in security engineering, DevSecOps, or platform engineering with significant security integration experience. * Hands-on experience embedding security into CI/CD (SAST/DAST/SCA, container scanning, secrets detection). * Proficiency with CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins) and IaC (e.g., Terraform). * Strong software engineering and automation skills (Python, Go, Bash, or similar). * Deep cloud-native experience (AWS preferred), including IAM, networking, and logging. * Experience designing and implementing policy-as-code and security guardrails. * Ability to collaborate cross-functionally, balancing security with delivery velocity. Nice-to-Haves * Experience in fintech or regulated environments. * Familiarity with WAF/DDoS tools, Zero Trust, and vulnerability management programmes. * Exposure to SOAR or security automation platforms. * Relevant certifications (AWS Security, Kubernetes Security, GIAC, CISSP, etc.). WAYS OF WORKING * Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output * Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk * Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership * Impact-driven: You measure success through outcomes—risk reduction, adoption, and time-to-remediate—not activity * Data-informed: You use metrics and trends to guide priorities and demonstrate impact * High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams * AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes The Perks * We trust you, so we offer flexible working hours, as long it suits both you and your team; * Health Insurance; * Physical and mental health support through our partnership with MyFitness; * 25 days of Annual leave (+ Bank Holidays); * Possibility to visit other Teya offices to meet colleagues in instances when travel is safe and appropriate; * Friday lunch in the office; * Friendly, comfortable and high-end work equipment and informal office environment; * Hybrid work mode policy. Teya is proud to be an equal opportunity employer. We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all. If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.
At Qred, we’re building the bank for small businesses. Since launching 11 years ago, we’ve grown from startup to profitable fintech scale-up, now generating over 1 billion SEK in annual revenue and supporting 50,000+ entrepreneurs across Northern Europe. We combine smart technology, real data, and human judgment to make financing simple, fast, and fair. With bold growth plans and strong momentum across multiple markets, we’re now looking for a SecOps Engineer for the next phase of growth. About the Role As a SecOps Engineer within our Engineering Enablers domain, you will bridge the gap between rigorous security standards and high-velocity product delivery. You will have end-to-end ownership of the security guardrails that protect our platform, moving away from manual gates toward automated, self-service security. Your mission is to empower our engineering teams to ship code confidently by embedding security into the very fabric of our scaling financial systems. Key responsibilities Architect and implement automated security guardrails within our AWS environment to ensure proactive risk mitigation. Support and mentor product teams during the discovery phase to integrate security requirements into the initial design of new features. Define and manage company-wide security policies, translating complex compliance needs into actionable engineering practices. Lead the response to security incidents, driving the process from initial detection and analysis through to containment and long-term resolution. Drive the adoption of security awareness programs across the organization, using data to measure and improve our collective security posture. What we’re looking for We are looking for a professional who thrives in a decentralized environment and values enablement over enforcement. As we are highly invested in AI, you possess a strong understanding of how to enable secure development processes and data integrity within that space. You are motivated by the challenge of building scalable frameworks that reduce cognitive load for other engineers while maintaining the high integrity required of a regulated bank. Qualifications Several years of experience in security engineering or DevSecOps, ideally within Fintech or another highly regulated industry. Deep technical knowledge of AWS security services, IAM frameworks, and cloud infrastructure. Practical experience in incident management and the development of automated security tooling. Strong communication skills with the ability to influence technical roadmaps and drive alignment across distributed teams. Practical experience with EDR/XDR solutions and MDM frameworks is preferred. Why Qred? This is the place to be if you’re looking for a place to grow. Qred is growing fast, and our Qredsters along with it. With a non-bureaucratic organization and delegated responsibilities, we make sure there’s a short path from idea to action. In addition to our great culture, you get to work with the latest cutting-edge techniques, full ownership, and last but not least a bunch of great competent colleagues to learn from! One Last Thing This is a full-time, permanent position based in our headquarters in Stockholm. We believe our culture thrives when we work together, which is why we have an office-first approach. To balance this with some flexibility, we have the option of working remotely one day per week. We review applications on a rolling basis and while the start date is flexible, the right candidate can join us immediately. Qred celebrates diversity and does not discriminate based on ethnicity, religion, national origin, gender, sexual orientation, age, disability status, or any other applicable characteristics protected by law. #LI-LJ1