Position: Security Engineer

Line Manager/Reports to: CISO

Education Level: Graduate or relevant work experience

Location: +/- 2 hours UK

About MillTech

MillTech is a FinTech company specialising in FX and cash management automation solutions. We build the technology that powers mission-critical currency operations in the worlds largest financial market. Our platform and security teams work at the intersection of cloud infrastructure, security, and software delivery to keep those systems resilient, compliant, and fast.

Your mission

We’re looking for a Security Engineer to join our Platform & Security team. This is a hands-on, mid-level position for someone who is equally comfortable hardening cloud environments and rolling up their sleeves to fix vulnerabilities in application code. You’ll work across our AWS and Azure estates, embed security into our CI/CD pipelines, and contribute directly to development projects when CVEs need resolving quickly.

Your responsibilities in this role will include:

• Improve cloud security controls across AWS and Azure, including IAM policies, network segmentation, encryption standards, and logging.
• Integrate security tooling (SAST, DAST, dependency scanning) into CI/CD pipelines to shift security left in the development lifecycle.
• Triage, prioritise, and assisting remediation of CVEs — contributing code fixes directly to development projects when needed, not just raising tickets.
• Collaborate with platform and backend engineers on infrastructure-as-code reviews, container security, and secrets management.
• Support cloud hardening initiatives, including CIS benchmark compliance and ongoing posture monitoring.
• Participate in security reviews of new features, architecture proposals, and third-party integrations.
• Contribute to incident response processes, including root cause analysis and post-incident improvements.

Required skills:

• 3–5 years’ experience in a security engineering, DevSecOps, or cloud security role.
• Solid working knowledge of AWS security services (GuardDuty, Security Hub, Config, IAM) and familiarity with Azure security controls.
• Practical experience with CI/CD tooling (e.g. GitHub Actions, Jenkins, GitLab CI) and embedding security checks into pipelines.
• Strong understanding of code management practices: branching strategies, pull request workflows, and dependency management.
• Ability to read, understand, and contribute to application code (Python, Java, TypeScript, or similar) to remediate vulnerabilities.
• Familiarity with container security (Docker, Kubernetes) and infrastructure-as-code
• Knowledge of common vulnerability frameworks (CVE, CVSS, OWASP Top 10) and secure coding principles.
• Good communication skills — you can explain a risk to a developer and help them fix it, not just flag it.

Additional skills you may have:

• Experience in financial services or a regulated environment.
• AWS or Azure security certifications (e.g. AWS Security Specialty, AZ-500).
• Familiarity with identity platforms such as Keycloak or AWS Cognito.
• Experience with security observability and SIEM tooling.

Working Arrangements

• This is a remote first role but you will be expected to visit our London office from time to time.

What we offer in return?

Our commitment is to help you flourish in this role, through support with your professional development, opportunities to be involved in key projects, and exposure to challenges that you may not be offered in a larger organisation. We will provide:

• A competitive salary with annual reviews;
• 25 days’ paid annual leave plus an additional day per year of service;
• Excellent staff development and training opportunities;
• Flexible working arrangements including remote working;
• Medical insurance;
• Life insurance, for UK based employees;
• Dental insurance;
• EV Scheme and Cycle to work scheme;
• Enhanced maternity and paternity leave;
• 1 day off for charity work per quarter and many other benefits!

How to apply?

We would love to hear from you if you think that you’re a good fit for this role. To apply you should complete the online application form and upload your cv before the date the offer for this role closes. If you have a public GitHub account, please include a link in your application. One of the team will then be in touch with you to discuss the next steps.