Company Mission

Payhawk is the leading global spend management solution for scaling businesses. Headquartered in London and combining company cards, reimbursable expenses and accounts payable into a single product; its future-facing technology enables finance teams to control and automate company spending at scale.

The Payhawk customer base includes fast-growing and mature multinational companies in 32 countries including LuxAir, Gtmhub, and Wagestream. With offices in New York, London, Berlin, Barcelona, Paris, Amsterdam and Sofia; Payhawk is backed by renowned investors such as Lightspeed Venture Partners, Greenoaks, QED Investors, Earlybird Digital East, and Eleven Ventures.

Our values include supporting flat hierarchies, taking ownership and responsibility, seeking and providing feedback, managing constructive critique, and speaking our minds. We understand that the best ideas don’t all come from the same place, so we encourage diversity and inclusion in all areas of our work. 

The future of fintech is about more than money, and we believe in work-life balance, continual learning, and empowered teams. We’re also on a journey to improve our environmental and social impact and become B Corp certified. From virtual cards to digital subscriptions, our software and automation help take paper out of the equation for our customers, too. 

We’re changing the world of payments, and we’re looking for an exceptional team to help us. 

About the Role

We are looking for a seasoned Security Engineer to help with the Security Operation Center and ensure we are ahead of all potential threats and on top of all security alerts and events. As a key member of the IT & Security Team, you’ll be responsible for managing the security incident management life cycle and acting as a first line of support for our information security. You will be involved in proactive activities, DevSecOps, and AppSec practices and will be reporting to the VP of Information Security. The ideal candidate is an experienced and seasoned security professional with a keen interest in advancing their expertise in information security.



Responsibilities

  • Ensure that we are always ahead of potential threats by proactive and reactive monitoring of systems and networks
  • Take a hands-on role in building security monitoring solutions, improving intrusion detection and response capabilities, performing security incident response
  • Handle incidents from a variety of internal systems, monitor and analyze the Security Information and Event Management (SIEM) to identify security issues for remediation and initiate security incident response
  • Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event details and summary information.
  • Support internal employees with access management requests, including performing system onboarding, offboarding, endpoint protection, and system monitoring.
  • Provide support on the implementation of compliance, regulatory, and information security policies within the company to ensure the protection
  • Automate repetitive tasks via development practices, ensuring strong secure development lifecycle process.
  • Perform purple-team activities such as internal security testing, monitoring of honeypots and honeytokens, table-top exercises, and continuous security 

 

Minimal Requirements

  • Minimum of 4 years in information security engineering with hands-on experience in threat detection and mitigation, vulnerability management, penetration testing, and security operations.
  • Proficient in development, scripting, and automation tools (Python, Bash, PowerShell); solid understanding of data structures, REST APIs, system hardening, and automation techniques.
  • Deep knowledge of network protocols, firewall configurations, and network security principles, including an understanding of common attack tactics, techniques, and procedures (TTPs).
  • Experience with various endpoint security solutions (MDM, Firewalls, IDS/IPS, Antimalware, EDR, DLP).
  • Strong familiarity with major Security Software (Endpoint and Network protection solutions, Anti-malware, and Firewalls including NGFW, WAF, IPS, IDS).
  • Understanding of Security Compliance frameworks (ISO, SOC, PCI).
  • Ability to multitask, organize, and prioritize work effectively and independently.
  • Exceptional honesty, integrity, and work ethic.

 

Preferred Qualifications

  • High proficiency in security challenge platforms (Hack The Box, Try Hack Me, Hacker One).
  • Background in System or Software Engineering, Sysadmin, or IT Support.
  • Degree in Computer Science, Cyber Security, or a related field from institutions like Softuni, Telerik, or SANS.
  • Professional certifications in Cyber Security (CISSP, OSCP, or similar).
  • Experience with DevOps, DevSecOps, AppSec, CloudSec, and Secure Software Development Lifecycle (SSDLC).
  • Familiarity with security testing tools (DAST, SAST, IAST, RAST).

Company Benefits

  • Competitive compensation package 
  • 30 days holiday paid leave
  • One week exchange policy to another Payhawk office (London, Berlin, Barcelona, Paris, Amsterdam)
  • Flexible working hours and opportunity to work from home 
  • Regular team-wide events
  • Additional medical care 
  • MultiSport card fully funded by us
  • Company office massages
  • Personal assistant service
  • Opportunity to use the Payhawk product (that is, essentially, built by you).

Payhawk is an Equal Employment Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)


Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.