• Locations
  • Paris, France
  • London
  • Barcelona, Spain
  • Last Published
  • Jul. 3, 2026
  • Sector
  • Business Applications
  • Function
  • Software Engineering

At Spendesk, we're building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do: our customers trust us to safeguard their financial data, and we're committed to raising the bar for security in fintech.

We're creating a dedicated Security Engineering function. You'll be the first senior hire in this space, shaping how we protect our platform, how we respond to threats, and how we build a security-aware engineering culture from the inside.

Your Mission

You'll be the security conscience for engineering: building tooling, training developers, and partnering with Infrastructure on secure-by-default solutions. You own the technical security roadmap: partnering with the compliance team to identify risks, translating findings into actionable engineering-native tools and processes, driving remediation, and raising the bar across the organisation.

This is a pure engineering role, not governance or compliance: a separate team owns policy and risk frameworks. It's an individual contributor track with high influence, focused on technical depth, not people management. You'll mentor an Associate Security Engineer, shape practices across squads, and be the go-to person when engineering teams need security guidance.

You'll be hands-on across the full security surface from day one. As the team grows, you'll move from day-to-day operations toward architecture, strategy, and mentoring, acting as the escalation point for the Associate Security Engineer.


Key Responsibilities

Vulnerability & incident management

  • Own and operate our bug bounty program: manage the platform, set escalation thresholds, and drive strategic improvements.

  • Act as escalation point for vulnerability triage, taking the lead on complex or high-severity findings.

  • Lead security incident response: qualification, forensics (including fraud investigations), fix coordination, post-mortem, and resolution tracking.

Detection & SIEM

  • Own our SIEM platform (ElasticSearch, multi-node Linux): architecture, detection rules, and indicators of compromise.

  • Build and evolve detection coverage, focusing on signal quality over manual toil.

  • Build and maintain security runbooks and operational documentation.

Identity & access management

  • Own IAM implementation and operations for product and infrastructure systems, downstream of corporate IT: SSO/MFA configuration, role and access-rights implementation, periodic permission reviews, and secrets rotation.

  • Work within the authentication standards set by the security governance team.

Secure development & audits

  • Embed security into the development lifecycle: threat modelling, secure code patterns, CI/CD hardening.

  • Conduct technical security reviews of code (TypeScript, Node.js, Python), infrastructure-as-code (Terraform), and multi-tenant AWS environments.

  • Define and implement security analysis and testing procedures integrated into deployment pipelines.

  • Coordinate and execute penetration tests and security audits: prepare environments, manage auditor relationships, drive post-audit action plans.

  • Drive remediation within the qualification rules and timeframes set by the security governance team.

Education & influence

  • Coach engineers on secure development through workshops, secure-code guidance, and design reviews.

  • Surface security risks and recommendations to engineering leadership; own the security backlog and roadmap.

  • Partner with Infrastructure on secure-by-default solutions.


What We're Looking For

Must-haves:

  • A track record of owning security outcomes end to end, with hands-on experience across at least three of: code auditing, infrastructure security (AWS/Linux), penetration testing, SIEM operations, incident response.

  • Ability to own a roadmap: identify priorities, build a plan, execute autonomously, and communicate progress to non-specialists.

  • Deep understanding of modern web architectures (microservices, cloud-native, PaaS/SaaS) and where they break.

  • Strong scripting and automation ability (Python, Bash, or similar).

  • Experience mentoring other engineers or security practitioners.

  • Excellent communication: you can explain a CVSS 9.8 to a PM and get them to prioritise it.

Nice-to-haves:

  • Experience with ElasticSearch / ELK stack in production.

  • Familiarity with AWS, GCP, Snowflake, Datadog, Okta.

  • Knowledge of security standards and frameworks (ISO 27001, OWASP, SOC 2, PCI-DSS).

  • Experience in a regulated fintech or payments environment.

  • Reverse engineering and analysis of minified/obfuscated code.

Not ticking every box? We’d still love to hear from you. At Spendesk, we value skills, potential and diverse experiences. If this role excites you and you believe you could contribute, we encourage you to apply."


As we are an international team, please submit your application and CV in English.

About Spendesk

Spendesk is the AI-powered spend management and procurement platform that transforms company spending. By simplifying procurement, payment cards, expense management, invoice processing, and accounting automation, Spendesk sets the new standard for spending at work. Its single, intelligent solution makes efficient spending easy for employees and gives finance leaders the full visibility and control they need across all company spend, even in multi-entity structures. Trusted by thousands of companies, Spendesk supports over 200,000 users across brands such as Payfit, Accor, Welcome to the Jungle, Swile, Big Mamma, Malt and Yousign. With offices in the United Kingdom, France, Spain and Germany, Spendesk also puts community at the heart of its mission.

For more information: www.spendesk.com/press

About our people & culture

We believe that people do their best work when they're given the freedom to thrive and grow. That's why liberation is at the core of everything we do. We empower Spendeskers to take ownership of their work, to navigate ambiguity, and seize every opportunity. Spendeskers come from all over the world (35+ countries and counting!) but we have plenty in common: we're bold, ever-curious, committed to kindness, and tackle every challenge with a positive mindset.

About our benefits

Our culture is built on trust, empowerment, and growth — with benefits to match!

Flexible on-site and remote policy

Latest Apple equipment — the tools you need to excel

Access to Moka.care — for emotional and mental health wellbeing

Great office snacks — to fuel your day

A positive team to work with daily!

We also offer location-specific benefits tailored to each market, including health insurance, wellness allowances, commuter support, meal vouchers, and gym memberships — ensuring you're well supported wherever you're based.

Diversity & Inclusion

At Spendesk, we're committed to fostering an environment where all differences are encouraged, supported and celebrated. We're building our culture for everyone, with everyone. Our goal is to attract and build a diverse, equal and inclusive team, where everyone feels welcome and we truly embrace and encourage people from all backgrounds to apply.