At OakNorth, we're on a mission to empower ambitious businesses and the communities they serve. Since 2015, we've lent over $21 billion across the UK and US, helped create more than 58,000 new homes and 36,000 new jobs, and supported hundreds of thousands of personal savers — all while driving economic growth in the markets we serve.
We are seeking an experienced hands-on Senior Security Engineer who operates across offensive security, secure architecture, and AI application security. You will think like an adversary, architect resilient systems, and help teams ship products that are secure by design. This role demands someone equally comfortable red-teaming a production environment, leading threat modelling efforts, designing secure architectures, and testing the safety of LLM-based systems
Job Responsibilities:
- Plan and execute red team engagements across infrastructure, applications, APIs, and cloud environments using real-world adversary tactics.
- Conduct structured threat modelling for new products and platform changes, translating findings into prioritised, trackable security requirements.
- Serve as the security architecture expert - reviewing system designs, data flows, and trust boundaries, and defining secure architecture patterns for applications build using cloud-native, containerised, and serverless environments.
- Collaborate with engineering teams to define security requirements, review code for vulnerabilities, and ensure security controls are embedded into the development lifecycle.
- Develop and execute security testing strategies for AI applications - covering prompt injection, jailbreaking, data poisoning, excessive agency, insecure output handling, and adversarial robustness of LLMs and agentic systems.
- Contribute to building a strong security culture through secure coding guidelines, training workshops, and knowledge-sharing across security champions and engineering teams
Desired Skills:
- 6-7 years in information security with demonstrated depth across red teaming, penetration testing, security architecture, or security engineering.
- Proven experience with threat modelling and secure design reviews for customer facing financial systems.
- Experience in cloud security (AWS / GCP) including IAM, GuradDuty, WAF, container security, and serverless architectures.
- Experience testing AI/ML applications for security vulnerabilities, including prompt injection, data leakage, and adversarial attacks.
- Strong understanding of common application security vulnerabilities, including OWASP Top 10, OWASP Top 10 for LLM applications and SANS Top 25.
- Excellent written and verbal communication skills, with the ability to clearly articulate risk and influence technical and non-technical stakeholders.
- Ability to work independently while collaborating effectively across multiple teams.
