Security Control Engineer
Thought Machine's mission is bold – to properly and permanently rid the world's banks of legacy technology. To achieve this, we have developed the foundations of modern banking through core and payments technology which run natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology.
We have grown rapidly in the past few years – growing our team to more than 550 individuals across offices in London, New York, Singapore, Sydney and our newly established Engineering Hub in Lisbon. We have raised more than £500m in funding and our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase Strategic Investments, Standard Chartered Ventures, and more.
We have created a culture that enables our team to produce the best work in the industry while ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the industry's most generous employee share package. Named one of the world's most innovative fintechs by Global Finance Magazine, we were also recognised by the Financial Times as one of Europe's fastest-growing companies for two consecutive years—and a UK Best Employer for 2026.
This is a full-time, permanent position based in our Lisbon office, requiring four days a week onsite.
Thought Machine is in search of a Security Engineer with experience in evaluating threats and risks in an organisation, evaluating control requirements, and collaborating on technical and operational solutions to address them.
Thought Machine prides itself in being an engineering-led company and as such, the candidate should have a technical security background; they should be able to reason about complex security problems in distributed computing environments and be able to effectively communicate trade-offs from one security approach to the next - both internally and to our client base, where necessary.
Thought Machine’s Security Control Engineering team focuses on building the company’s security and business continuity risk assessments, collaborating on the technical design of controls and capabilities to mitigate risks to acceptable levels, managing our security and business continuity certifications, and maintaining a program of continuous improvement that puts us at the forefront of industry good practices. This focus is driven by four principles:
Creativity: we are a company filled with unique thinkers, who design and engineer solutions to hard problems in ways that are unique and challenge convention.
Collaborative: we believe in collaboration with every team across the company to mitigate identified risks in ways that support Thought Machine’s ways of working and solving hard problems.
Quantification: we believe that quantification and measurement is critical to being able to provide evidence-based recommendations for risk mitigation and prioritisation to the company.
Continuous Improvement: Monitoring and nurturing the evolution and operation of our ISMS and BCMS so that we remain at the forefront of industry best practices, evolve as threats evolve, and build world-class technologies.
DUTIES:
Control Architecture & Design: Actively participate in the technical and operational design of capabilities, tools, and procedures to mitigate security and business continuity risks to acceptable levels. Provide domain expertise in Thought Machine’s approach to its product and cloud security.
Certifications Management: Assist the process of obtaining, renewing, and maintaining Thought Machine's certifications, including ISO27001, ISO22301, PCI-DSS, and SOC 2 Type 2. This also includes the design of capabilities, tools, and procedures that satisfy the requirements of these regimens.
Security Risk Assessments: Spearhead security risk assessments with a focus on risk quantification and FAIR, ensuring that potential threats are identified, quantified, and addressed promptly.
Policy, Standards, and Procedures: Oversee the creation, maintenance, and updating of all security-related policies and documentation, ensuring that they are current and reflect industry best practices.
Client Relations Support: Assist the Commercial team by providing expert insights and answers to security-related queries from clients and prospects, instilling confidence in our security posture.
REQUIREMENTS
Essential:
Technical experience with designing and applying security controls and capabilities to cloud-based infrastructure (e.g. AWS, GCP) and applications in creative ways that bring efficiency to operations.
Experience in working directly with software engineering teams in designing new capabilities, controls, and procedures that results in collaborative designs that are effective and highly efficient.
Strong technical background, with experience in distributed systems, cloud security, and related technologies, and a passion for finding creative solutions to difficult problems.
Knowledge of threat modelling for the purposes of understanding threat probabilities and frequency.
Excellent communication skills with an ability to translate technical and security jargon into business-relevant insights.
Ability to liaise effectively with other departments and external stakeholders.
Desirable:
Experience in a fast-paced tech environment or fintech sector.
Knowledge of container security, Kubernetes, Kafka, and other emergent technologies.
Experience with control automation via code (e.g. Python, Go)
Hands-on experience with obtaining and maintaining a security certification such as SOC 2, ISO 27001, PCI-DSS.
Proficiency in leading security risk assessments, preferably with knowledge of the FAIR framework.
Benefits
Highly competitive salary
Voluntary Pension Plan (match up to 5%)
Private Healthcare Insurance
Comprehensive Life Insurance
25 days holiday plus public holidays
Two charity days a year
Daily Meal Allowance
Access to outstanding learning materials and courses
Sports and hobby clubs, subsidised by Thought Machine
All the latest tech you need
Huge range of healthy (and not-so-healthy) snacks, smoothies and drinks
A talented and experienced team as your colleagues
An environment where we encourage learning and progress
We actively hire candidates who demonstrate technical excellence in their field and welcome people of all ages and backgrounds, providing everyone with equal access to professional development. You are encouraged to apply even if your experience doesn't accurately match the job description. We also encourage applications from those with different abilities, including candidates with ADHD, autism, dyslexia or dyspraxia.