Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
CMG (Capital Markets Gateway)

Senior Security Engineer

CMG (Capital Markets Gateway)

. Lead threat modeling across products, infrastructure, and new initiatives, identifying and prioritizing risks, attack surfaces, and vulnerabilities.

Posted 7/15/2026full-timeLondon • 🇬🇧 United KingdomSeniorWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in security risk management, including threat modeling, risk assessments, and security design reviews, while effectively communicating complex security concepts to diverse audiences. Proficient in cloud security, vulnerability management, and governance frameworks, with a strong ability to lead initiatives in fast-paced environments.

Highest-signal resume keywords
Threat ModelingSecurity Risk ManagementCloud Security (Azure)Governance, Risk, and Compliance (SOC 2)Vulnerability Management

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Security Design ReviewRisk AssessmentCI/CDScripting (Python, Bash, PowerShell)Vulnerability TriageSecurity Policy DevelopmentEndpoint SecurityIdentity ManagementDetection and ResponseSupply-Chain Risk Management
Soft Skills
EmpathyInfluenceCommunicationProblem-SolvingAdaptability
Tools & Technologies
AzureMFALogging and Detection ToolsSecurity WorkflowsRisk Management Frameworks
Industry Keywords
Security ComplianceAudit SupportCustomer Due-DiligenceProactive Security PostureRemote Work

Tech Stack

Tools & technologies
AzureCloudPython

About the role

Key responsibilities & impact
  • Lead threat modeling across products, infrastructure, and new initiatives, identifying and prioritizing risks, attack surfaces, and vulnerabilities.
  • Conduct security risk assessments and translate findings into pragmatic, risk-based remediation prioritized by impact and blast radius.
  • Run security design and architecture reviews, partnering with Engineering and DevOps to reduce risk through secure design and simplicity, not just added controls.
  • Partner on customer due-diligence (DDQ) and SOC 2 Type II evidence gathering, keeping compliance sustainable rather than fire-drilled.
  • Build repeatable security workflows that embed controls into existing engineering processes instead of creating parallel ones.
  • Develop and maintain clear, role-relevant security policies, standards, and procedures, and drive consensus without direct authority.
  • Understand and implement controls for supply-chain risk and vulnerability management, including CI/CD enforcement and dependency hygiene, and build vulnerability triage workflows that score real risk by exploitability, reachability, and compensating controls rather than raw CVSS.
  • Harden and secure our cloud environment (Azure), partnering with platform engineering on secure configuration, reviewing and remediating vulnerabilities, identity and network controls, posture management, and logging and detection.
  • Strengthen endpoint and identity controls across a global, remote workforce: least privilege, phishing-resistant MFA, and privileged access controls.
  • Support detection and response, partnering with our DFIR and MDR relationships and helping mature toward a proactive posture.
  • Address AI security risks (prompt injection, data poisoning, model and agent governance) and help keep AI controls ahead of adoption.
  • Take ownership of large, loosely defined initiatives and drive them from problem framing to operationalized program.
  • Work closely with senior leadership across the firm, bringing structure to ambiguity and sequencing work against risk.
  • Surface risk early, challenge assumptions, and communicate clearly to both technical teams and senior stakeholders.

Requirements

What you’ll need
  • Have 6+ years of hands-on security experience, with real depth in security risk management: threat modeling, risk assessments, and security design and architecture review.
  • Have run governance, risk, and compliance work in practice, including audit and customer due-diligence support (SOC 2 or similar), and made it operational rather than just documented.
  • Have thrived in a startup or other small, fast-paced environment, owning large, ambiguous initiatives end-to-end with little scaffolding and shipping them.
  • Have working breadth across the control landscape: cloud security, supply-chain and vulnerability management, endpoint and identity, and detection and response.
  • Are genuinely technical: comfortable in cloud environments (Azure preferred), CI/CD, and at least one scripting language (e.g. Python, Bash, PowerShell), so your controls hold up in engineering reality.
  • Lead with empathy and influence, and distill complex security concepts into clear, actionable guidance for technical and non-technical audiences alike.
  • Thrive navigating ambiguity and make sound, risk-based calls with incomplete information.
  • Work effectively in a remote-first setup: most of the team is remote, with a small London in-office presence, so you communicate crisply and operate well asynchronously.
  • Navigate an organization to get things done you know who to pull in for information or alignment, and you drive that alignment without formal authority.

Benefits

Comp & perks
  • Equity
  • Unlimited PTO (28 days including bank holidays + unlimited additional paid leave)
  • Comprehensive benefits program managed by Globalization Partners
  • Premium life and income protection
  • Top private medical and dental insurance
  • Employee Assistance Program (EAP)
  • Pension contributions
  • Hybrid work environment (initially remote until office setup is complete)
  • Education reimbursement
  • Continuous learning opportunities
  • Employee referral bonus
  • Parental leave