TrueLayer • London, United Kingdom

Application Security Engineer

Remote-first – We meet both in / out of the London office occasionally

Fully flexible hours

Dog friendly

Job Description

Who we are:

At TrueLayer, we’re building a global open banking platform that’s changing how money moves and so much more. We make payments and refunds instant, account data accessible and verification seamless — all so innovators in every industry can build better financial experiences for their users.

To date, we’ve raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We’ve got offices in London, Milan and Dublin. And we’re trusted by industry leaders like Revolut, Coinbase and Nutmeg… though we’re not stopping here.

Our vision is a financial system that works for everyone. To make that happen, we’re creating original and innovative products that will remove the friction from finance for good. We’re seriously scaling our infrastructure, we’re entering new areas all the time, we’re cornering a whole new category — and we’d like your support to get us there.


Security is a core pillar across all TrueLayer’s products. Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients, and ensure the availability, stability and security of our platform. We’re looking for an Application Security Engineer to join our existing security team to shape and mature our approach to building secure applications. You’ll partner with product and engineering teams building scalable security solutions and embedding security processes from design through to release. We aim to empower our engineers with best-in-class technologies and the opportunity to have meaningful impact. As part of an ambitious team you’ll be given hands on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.

What you will do:

  • Establish security early in the design process, be involved in threat modelling our services during the design phase, to ensure a culture of secure design and execution is in place in engineering teams;
  • Help shape engineering best practice through, common libraries and performing source code reviews of our projects;
  • Pro-actively test the security posture of our APIs, from an attacker’s perspective;
  • Manage our bug bounty program and 3rd party penetration testing projects;
  • Identify and own the tooling and process to integrate application security testing into our CI/CD pipeline;
  • Improve and drive application security monitoring;
  • Work with the security team to educate engineers on emerging technologies trends and threats.

We’re looking for people who

  • Have a strong background within application security;
  • Are experienced working in modern development environments: we practice CI/CD and host everything in the cloud;
  • Can create and improve processes that embed security in the SDLC;
  • Have good knowledge of applied cryptography and authentication;
  • Are proficient with scripting languages, and one object-oriented programming language;
  • Have experience working with SAST or DAST solutions;
  • Have experience performing code reviews and reviewing penetration test findings;
  • Have a talent for conveying highly technical security concepts to colleagues of technical and non-technical backgrounds.

Nice to have:

  • A blog, GitHub account and/or bug bounty findings that demonstrate your experience;
  • Experience with AWS, Kubernetes, Docker from a user and/or security perspective;
  • Experience working in a .Net or Rust environment;
  • Experience working with 3rd party security vendors;
  • An understanding of the technical architecture of open banking.

What you can expect from us:

  • Competitive salary and meaningful equity in the company 💰
  • Flexible hours and hybrid working — work from home 🏡 and our incredible offices in London 🇬🇧 Milan 🇮🇹 and Dublin 🇮🇪
  • A £150 remote-working budget to help you set up your home office 💺
  • Flexible holiday policy, with 24 days as standard ✈️
  • Flexible bank holidays, so you can take those days whenever you like 🌍
  • 2 volunteering days to support causes important to you 🌳
  • Generous parental leave, above and beyond statutory requirements and with no minimum tenure 👩‍👩‍👦
  • Enhanced pension contribution at 4% & 4% 👵🏽 👴🏽
  • Private health insurance from the day you start 🧑🏽‍⚕️
  • 12 fully-paid wellbeing days a year and your birthday off (on top of the holiday allowance) 🕊️
  • Membership of mental wellbeing platform Spill 🧘🏽‍♀️
  • £1,000 to spend on learning & development each year 📚

At TrueLayer, we don’t just do inclusion and diversity. We embrace people that have different opinions, perspectives and personalities. Because we believe that by seeing the world from all sorts of angles, we can make life better for all the people who live in it. So we want you to know that the things that make you, you — like your age, ability, background and identity — are things that we celebrate and support. All we ask is that you believe in what you do (and know what an API is).

Company benefits

Open to part-time employees
Open to compressed hours
Enhanced maternity leave – above and beyond statutory requirements and with no minimum tenure
Enhanced paternity leave
Adoption leave
Work from anywhere scheme – max. 90 days a year as part of our hybrid work policy
24 days annual leave + bank holidays
Work from home allowance
Co-working space allowance
Pregnancy loss leave
Teambuilding days
Membership of mental wellbeing platform
Private health insurance from the day you start
12 fully-paid wellbeing days a year (on top of the holiday allowance)
£1,000 to spend on learning & development each year
Open up allowance - A £500/ quarter budget to visit colleagues and work from our offices in other countries

The FlexScore® is the result of a rigorous 2-step verification of a company’s flexibility

First we assess the flexibility options TrueLayer provides and then we anonymously survey a statistically significant proportion of their employees to make sure TrueLayer is as flexible as they say they are. Our assessment is based on the six key elements of flexibility: location, hours, autonomy, benefits, role modelling and work-life balance.

We ask the hard questions so you don’t have to.

Working at TrueLayer

Company employees


Gender diversity (male:female)


Office locations

UK, Italy, Ireland

Funding levels

What employees are saying

"I love that there is a high level of trust of employees. This fosters a highly productive environment where people really give their all."

Anonymous TrueLayer Employee

Awards & Achievements
Most flexible Finance & Insurance companies

Most flexible Finance & Insurance companies

Industry awards 2022