Our portfolio companies are always looking for great people. Apply to the opportunities below or send us your profile.

Security Operations Engineer at GoCardless
London, GB

We're looking for amazing security engineers to join our team and continue to build a secure GoCardless. We're operating in the dynamic environment of FinTech, so Security is something we take very seriously. We take this as an opportunity to create and implement state of the art measures to prevent, detect and respond to potential cyber security threats.

As a Security Operations engineer, you will play a key role in ensuring GoCardless teams are taking all necessary steps in operating and building a secure product. All this by using your knowledge in logging infrastructure, security monitoring solutions, anomaly detection, etc.

Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead multi-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.

You will work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.

Core responsibilities

  • Share your expertise on various areas of Cyber Security, specifically on security operations
  • Monitor metrics associated with security controls to ensure controls are tuned for peak effectiveness
  • Handle security operations day-to-day activities, troubleshooting and coordinating resolution or restore using the right tools and processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
  • Expertly manage inbound security-related calls and questions, create tickets, run security-related assessments, security-related user complains, and escalate accordingly
  • Providing technical support for on call outside normal business hours (if required)
  • Drive the implementation and dissemination of security critical metrics
  • Liaise with teams for security design, incident handling & education
  • Participate in cross-team security initiatives
  • Select and/or craft specific tooling
  • Perform activities with minimal supervision of routine duties, demonstrate ability to tackle practical problems and deal with a variety of concrete variables
  • Perform scheduled vulnerability assessments and security testing


  • BSc/MSc in Computer Science or a related field, or equivalent work experience and a minimum of five years of security-related experience
  • Strong analytical and reasoning skills
  • Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM and IDS/IPS, etc.) and its integration into the company systems
  • A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services
  • You have in depth, hands-on experience with security features and system admin of Linux, UNIX and Windows operating systems
  • You are a superb communicator and able to cooperate with other business functions
  • A good understanding and exposure of message queue newest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka and SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)

Bonus points

  • Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
  • A comprehensive knowledge of web application security,
  • Experience in cloud services (GCP, AWS, etc.)
  • Sound knowledge of the OWASP Top 10 and how they can be prevented
  • Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.)
  • Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
  • Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
  • Forensic certifications or experience

Our team come from a variety of backgrounds and we embrace diversity – if you’re unsure, please apply.

Stay in touch with Balderton

Sign up for our newsletter to stay up to date on news from Balderton, and our portfolio.