Bondsmith is a fast growing digital cash savings platform focused on helping customers make the most of their money by offering access to a wide range of savings products.
We work with financial institutions like wealth managers, fintechs, banks, and advisors, providing them with tools to get better returns on cash, engage more effectively with clients, and simplify their operations. Our goal is to help savers get the most out of their cash.
At Bondsmith, our core values are rapid and continuous improvement, delivering good customer outcomes, and taking end to end ownership. Our team is made up of experienced professionals who are passionate about delivering excellent service and finding new ways to solve challenges in financial services. Joining us means working in a fast-paced environment where you will be making an impact on the financial lives of thousands of savers.
We’re regulated by the Financial Conduct Authority in the UK.
We are looking for a skilled and proactive DevSecOps Engineer to take ownership of our security frameworks, testing, and hands on implementation of secure systems. You will join our Engineering team to play a pivotal role in integrating security practices into the development lifecycle, ensuring that our software development processes are secure by design.
This is a hands-on role that requires expertise in security testing, framework design, and automation, as well as a commitment to building a secure, scalable infrastructure.
This is a hybrid role - you will be required to work from the London or Leeds office at least 3 days a week.
Key Responsibilities:
● Design, build and maintain secure CI/CD pipelines by embedding security tools and practices into the development workflow.
● Integrate and manage security tools for code analysis, vulnerability scanning, container security, and dependency management.
● Manage and implement security controls in cloud infrastructure, leveraging IaC tools like Terraform with a security first approach.
● Perform regular automated security assessments, including vulnerability scans, assist penetration testing, and remediation planning.
● Automate security testing processes, including SAST, DAST, and IAST tools, to identify and remediate vulnerabilities earlier in the SDLC.
● Work closely with development teams to promote a DevSecOps culture and ensure security best practices are followed.
● Establish and maintain monitoring systems for detecting threats and anomalies. Provide actionable insights to mitigate risks.
● Build security monitoring and alerting capabilities using SIEM tools or cloud-native monitoring solutions like Elastic Cloud.
What we expect of you:
Technical Expertise:
● Strong hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, CircleCI).
● Hands-on experience with IaC tools like Terraform or CloudFormation.
● Expertise in securing cloud platforms (AWS preferred) and containerisation technologies (Docker, Kubernetes) with a focus on security.
● Knowledge in scripting and automation using Bash, Python, or similar programming languages.
● Understanding of secure coding practices, application security principles, and compliance frameworks.
● Expertise in implementing security tools (e.g., SAST, DAST, vulnerability scanners, OWASP ZAP, SonarQube, Snyk, Elastic Security, tfsec AWS Inspector or Trivy).
● Experience with monitoring and logging tools like ELK or cloud-native solutions like Elastic Cloud, Datadog.
- Strong communication skills and a collaborative mindset – you know security is a team sport
- A pragmatic approach to problem-solving – you design secure systems that are still usable
- Deep knowledge of cloud platforms and security hardening techniques, particularly AWS and Kubernetes
- Experience automating security checks in CI/CD pipelines
- A strong foundation in Terraform
- A passion for complex systems and applying creative thinking to technical challenges
- A growth mindset – you enjoy learning and tackling new domains
- Securing JVM-based applications (e.g. Java)
- Familiarity with ISO 27001, SOC 2 or related technical compliance areas
- Confident & Motivated: You take initiative and are eager to tackle new challenges.
- Independent: You’re comfortable working on tasks autonomously but enjoy collaborating with a team.
- Quick to Learn: You’re excited to dive into new technologies and constantly improve your skills.
- Team-Oriented: You value working with a high-performance team and contributing to a positive culture.
- Dedicated & Resourceful: You bring a strong work ethic and a solutions-oriented mindset.
- Customer-Focused: You’re driven by the chance to create solutions that make a difference for our customers.
- Bondsmith is a fintech success story in the making. We’re a small, focused team delivering real value to major enterprise clients, and the demand for what we’re building continues to grow. As an early joiner, you’ll have the rare opportunity to make a meaningful impact, shape the future of our products, and grow alongside the company. If you're excited by high-growth environments and want your work to matter, Bondsmith is the place to be.
- Competitive salary 💸
- Hybrid working (average of 3 days a week expected in office)
- Healthcare 🏥
- Pension scheme 💰
- Share scheme participation 📈
- All the right equipment to make sure you’re working at your best 💻
- Deliveroo for working late in the office 🍔
Top Skills
Bondsmith London, England Office
124-128 City Road, St Luke's, London, United Kingdom, EC1V 2NJ
