Platform Security Engineer

Bondsmith
London
1 month ago
Applications closed

Related Jobs

View all jobs

Contract Observability Software Engineer

Senior Teradata Engineer

Staff Machine Learning Engineer (NLP, LLMs) - new PurpleAI product

Lead Data Engineer

Data Engineer

Data Engineer

About us

Bondsmith is a fast growing platform focused on helping customers make the most of their savings by offering access to a wide range of deposit products.

We work with financial institutions like wealth managers, fintechs, banks, and advisors, providing them with tools to get better returns on cash, engage more effectively with clients, and simplify their operations. Our goal is to help savers get the most out of their cash.

At Bondsmith, our core values are rapid and continuous improvement, delivering good customer outcomes, and taking end to end ownership. Our team is made up of experienced professionals who are passionate about delivering excellent service and finding new ways to solve challenges in financial services. Joining us means working in a fast-paced environment where you will be making an impact on the financial lives of thousands of savers.

We're regulated by the Financial Conduct Authority in the UK.

We are looking for a skilled and proactive DevSecOps Engineer to take ownership of our security frameworks, testing, and hands-on implementation of secure systems. You will join our Engineering team to play a pivotal role in integrating security practices into the development lifecycle, ensuring that our software development processes are secure by design.

You will work closely with Development and Platform teams to embed robust security practices across the software development lifecycle (SDLC). This is a hands-on role that requires expertise in security testing, framework design, and automation, as well as a commitment to building a secure, scalable infrastructure.

This is a hybrid role - you will be required to work from the London office at least 3 days a week.

Key Responsibilities:

  • Design, build and maintain secure CI/CD pipelines by embedding security tools and practices into the development workflow.
  • Integrate and manage security tools for code analysis, vulnerability scanning, container security, and dependency management.
  • Manage and implement security controls in cloud infrastructure (AWS/Azure), leveraging IaC tools like Terraform with a security first approach.
  • Perform regular automated security assessments, including vulnerability scans, assist penetration testing, and remediation planning.
  • Automate security testing processes, including SAST, DAST, and IAST tools, to identify and remediate vulnerabilities earlier in the SDLC.
  • Work closely with Development and Platform teams to promote a DevSecOps culture and ensure security best practices are followed.
  • Establish and maintain monitoring systems for detecting threats and anomalies. Provide actionable insights to mitigate risks.
  • Build security monitoring and alerting capabilities using SIEM tools or cloud-native monitoring solutions like Elastic Cloud.
  • Ensure adherence to compliance frameworks and standards (e.g., GDPR, ISO 27001).
  • Participate in incident response efforts, including root cause analysis and post mortem reviews.

Requirements:

  • Strong hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, CircleCI).
  • Hands-on experience with IaC tools like Terraform, CloudFormation.
  • Expertise in securing cloud platforms (AWS, Azure) and containerisation technologies (Docker, Kubernetes) with a focus on security.
  • Knowledge in scripting and automation using Bash, Python, or similar programming languages.
  • Understanding of secure coding practices, application security principles, and compliance frameworks.
  • Expertise in implementing security tools (e.g., SAST, DAST, vulnerability scanners, OWASP ZAP, SonarQube, Snyk, Elastic Security, tfsec AWS Inspector or Trivy).
  • Experience with monitoring and logging tools like ELK or cloud-native solutions like Elastic Cloud, Datadog.
  • Hands-on experience with SIEM systems and threat detection.
  • Strong problem-solving skills and attention to detail.
  • Excellent communication and collaboration skills.
  • Ability to work in a fast-paced, agile environment.
  • Proficient in English.

Education and Certifications:

  • 3+ years of experience in DevSecOps or Security Engineering roles.
  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
  • Proven experience in Security, with a strong understanding of Security and processes.
  • Preferred certifications: AWS/Azure/GCP Security certifications, Certified Kubernetes Security Specialist (CKS), Certified Information Systems Security Professional (CISSP).
  • (Desirable) Exposure to machine learning or AI-driven security solutions.
  • (Desirable) Experience working in fintech.

About You:

We're looking for someone who is:

  • Confident & Motivated:You take initiative and are eager to tackle new challenges.
  • Independent:You're comfortable working on tasks autonomously but enjoy collaborating with a team.
  • Quick to Learn:You're excited to dive into new technologies and constantly improve your skills.
  • Team-Oriented:You value working with a high-performance team and contributing to a positive culture.
  • Dedicated & Resourceful:You bring a strong work ethic and a solutions-oriented mindset.
  • Customer-Focused:You're driven by the chance to create solutions that make a difference for our customers.

What makes Bondsmith unique:

  • Early-stage startup:You will join an early-stage startup with less than 50 members. This means you'll have an opportunity to make a real impact and shape the future of Bondsmith.
  • Customer demand:Unlike other startups who are still finding their way and pivoting on products, we have strong demand from our enterprise clients for our products, we just need to keep building them.
  • Next fintech growth story:We are doubling in headcount year on year and hiring across a range of positions.

Company Benefits:

  • Competitive salary.
  • Healthcare.
  • Pension scheme.
  • Share scheme participation.
  • All the right equipment to make sure you're working at your best.
  • Fun and social office in Shoreditch.
  • Deliveroo for working late in the office.

#J-18808-Ljbffr

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Machine Learning Jobs in the Public Sector: Opportunities Across GDS, NHS, MOD, and More

Machine learning (ML) has rapidly moved from academic research labs to the heart of industrial and governmental operations. Its ability to uncover patterns, predict outcomes, and automate complex tasks has revolutionised industries ranging from finance to retail. Now, the public sector—encompassing government departments, healthcare systems, and defence agencies—has become an increasingly fertile ground for machine learning jobs. Why? Because government bodies oversee vast datasets, manage critical services for millions of citizens, and must operate efficiently under tight resource constraints. From using ML algorithms to improve patient outcomes in the NHS, to enhancing cybersecurity within the Ministry of Defence (MOD), there’s a growing demand for skilled ML professionals in UK public sector roles. If you’re passionate about harnessing data-driven insights to solve large-scale problems and contribute to societal well-being, machine learning jobs in the public sector offer an unparalleled blend of challenge and impact. In this article, we’ll explore the key reasons behind the public sector’s investment in ML, highlight the leading organisations, outline common job roles, and provide practical guidance on securing a machine learning position that helps shape the future of government services.

Jobs

Contract vs Permanent Machine Learning Jobs: Which Pays Better in 2025?

Machine learning (ML) has swiftly become one of the most transformative forces in the UK technology landscape. From conversational AI and autonomous vehicles to fraud detection and personalised recommendations, ML algorithms are reshaping how organisations operate and how consumers experience products and services. In response, job opportunities in machine learning—including roles in data science, MLOps, natural language processing (NLP), computer vision, and more—have risen dramatically. Yet, as the demand for ML expertise booms, professionals face a pivotal choice about how they want to work. Some choose day‑rate contracting, leveraging short-term projects for potentially higher immediate pay. Others embrace fixed-term contract (FTC) roles for mid-range stability, or permanent positions for comprehensive benefits and a well-defined career path. In this article, we will explore these different employment models, highlighting the pros and cons of each, offering sample take‑home pay scenarios, and providing insights into which path might pay better in 2025. Whether you’re a new graduate with a machine learning degree or an experienced practitioner pivoting into an ML-heavy role, understanding these options is key to making informed career decisions.

Jobs

Machine‑Learning Jobs for Non‑Technical Professionals: Where Do You Fit In?

The Model Needs More Than Math When ChatGPT went viral and London start‑ups raised seed rounds around “foundation models,” many professionals asked, “Do I need to learn PyTorch to work in machine learning?” The answer is no. According to the Turing Institute’s UK ML Industry Survey 2024, 39 % of advertised ML roles focus on strategy, compliance, product or operations rather than writing code. As models move from proof‑of‑concept to production, demand surges for specialists who translate algorithms into business value, manage risk and drive adoption. This guide reveals the fastest‑growing non‑coding ML roles, the transferable skills you may already have, real transition stories and a 90‑day action plan—no gradient descent necessary.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.