We’re on a mission to back the UK’s small businesses like no one else 🚀

Small businesses are the backbone of the economy, and we’re here to help them win. We’ve built a platform that uses clever data to get them the funding they need in minutes, not weeks.

At Funding Circle, we have the restless energy of a fintech start-up with the stability of a public company. It’s a unique mix that gives Circlers the autonomy to take ownership and the scale to make an impact that truly counts.

We’re a high-performing team that chooses to lift each other up. We challenge, we champion, and we have each other’s backs - because we know that when we stand together, we move faster and build better.

The impact is real: Last year alone, the businesses on our platform generated £7.2bn for the UK economy 📈 Come and join a mission that matters!

[Read our Impact Report] | [See our Trustpilot]

The role ⚡

📍 London (Hybrid) | 🤝 2 days in the office | 💰 Competitive Salary + Benefits

• Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling.

• Perform threat modelling exercises for cloud-native applications, microservices, and infrastructure components.

• Manage internal and external penetration testing engagements for Funding Circle applications, services, and cloud infrastructure.

• Collaborate closely with Cloud Platform Engineers, DevX and Product Engineering to ensure security requirements are integrated into system designs and technology choices from the outset.

• Act as a subject matter expert on DevSecOps, and application security, cloud security (AWS), providing guidance and mentorship to other engineers.

• Contribute to drive implementation of security automation across cloud infrastructure configuration, vulnerability management, and compliance monitoring.

• Design, implement, and support the adoption of robust security architectures, controls, and best practices within our AWS cloud environment.

What we’re looking for 🌱

We value deep expertise, but a growth mindset and good energy are what really make our team click. We’re a group that chooses to lift each other up and think smart every day.

• Application & Cloud Security Expertise: Over 3 years of information security experience with a deep focus on application/product security, complemented by strong expertise in securing AWS environments and Infrastructure as Code (IaC).

• Champion for Secure Development: Proven track record of defining, implementing,

• and driving the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering teams.

• Security Automation & CI/CD Integration: Hands-on experience architecting and integrating a suite of security tools (SAST, DAST, SCA, IAST, secrets management) and automated controls directly into CI/CD pipelines like GitLab CI, Jenkins, or GitHub Actions.

• Vulnerability Management & Threat Intelligence: Deep understanding of web application vulnerabilities (OWASP Top 10) and experience contributing to vulnerability management programs.

• Container & Orchestration Security: Solid knowledge of container security best practices and securing container orchestration platforms, specifically Kubernetes and AWS EKS.

• Frameworks & Compliance: Strong knowledge of key security frameworks (NIST CSF, MITRE ATT&CK) and standards (CIS Benchmarks, OWASP ASVS), with experience managing external penetration testing and coordinating remediation efforts.

Skills we'd love to see:

• Experience with specific security platforms/tools (e.g., Wiz, Snyk, Checkmarx, Veracode). Relevant advanced security certifications (e.g., AWS Certified Security - Specialty, CISSP, CCSP, OSCP/OSWE).

• Proficiency in security automation using scripting languages (e.g., Python).

• Experience working in FinTech or other highly regulated environments.

• Experience with mobile application security principles and testing.

We’re building a place where everyone truly feels they belong. Even if your past experience doesn't align perfectly with every requirement, we'd still love to hear from you.

Why join us? 💜

We back you to build an incredible career. As a flexible-first employer, we use a "best of both" approach. We’ll see you in our London office to collaborate – with barista coffee and subsidised Just Eat lunches on us!

Our Circler Proposition focuses on five areas:

• Flexibility: We provide a benefit allowance you can tailor to your own life and family.

• Health: This includes private medical and dental, health assessments, and access to a digital GP.

• Wealth: We offer life assurance, share schemes, and financial coaching.

• Development: You get a dedicated annual learning allowance to help you level up.

• Lifestyle: We have electric car and cycle-to-work schemes, plus season ticket loans.

We also have award-winning parental leave policies. We're here to support you through the big life moments, from fertility treatments to new additions to the family.

Ready to join a mission that matters? We’d love to chat!