Senior Software Engineer (Security SME)

Product Security Engineer

Industry: FinTech / RegTech SaaS

Location: Manchester, Hybrid (1 - 2 days a week in the office)

Salary: £85,000 - £100,000 (potentially some wiggle room for the right person)

We're working with a client we know extremely well, a fast-scaling communications compliance platform processing hundreds of millions of events a month for financial services firms across the UK, US, and beyond. They protect regulated data for thousands of firms worldwide. The threat is real, the surface is interesting, and the engineering bar is high.

We've placed a number of people here and can genuinely vouch for the culture, the team, and the ambition of the business. They're growing fast, and this is a pivotal hire as they scale.

The Role

This is a Product Security Engineer position, and the emphasis is firmly on engineering. If you're coming from a GRC, DevSecOps, or infrastructure security background, this probably isn't the right fit.

Our client is looking for a software engineer whose specialism is security, someone who writes production code, builds real detections, hardens the systems everyone else depends on, and thinks in terms of specific adversaries and specific failure modes rather than abstract control libraries.

You'll be the security subject matter expert across a rapidly scaling business, working closely with the VP of Engineering, Head of Platform, and CTO. You'll embed inside the engineering team, not alongside it, and you'll raise the bar through the tooling and patterns you ship.

What you'll be working on

• Engineering defence into the product: multi-tenant isolation, encryption and key management, IAM as code, application-layer hardening
• Securing the supply chain: provenance, build-pipeline isolation, dependency trust as a real control, third-party risk as runtime telemetry
• Detection and response: runtime detection that catches real attacks, incident response codified as automation, adversary emulation against your actual attack surface
• Securing the agentic development surface: the team ships with AI agents in the loop on every change, which brings its own attack surface. You'll own the security layer of that platform

What they're looking for

Essential:

• Several years writing production software on AWS
• A genuine security specialism with shipped defence systems you can talk to in depth
• Adversarial instincts: you follow supply-chain incidents, read postmortems, think like a threat actor
• Hands-on experience using AI coding agents in production workflows, and a clear model of where the trust boundaries are
• Threat-modelling fluency: you can walk a system design and come out with what's worth defending

Desirable: detection engineering at scale, supply-chain security (SLSA, sigstore, SBOM), cloud-native AWS attack patterns and their defences, incident response end-to-end, cryptography in practice

The package

• £85,000 - £100,000 (some wiggle room for the right person)
• Share options
• 25 days holiday + bank holidays + your birthday off
• Vitality health insurance + cash plan
• Juno wellbeing benefit (£100/month)
• Enhanced pension + life insurance (4x salary)
• Latest MacBook Pro + equipment budget
• Flexible hybrid working from Manchester

What you won't find here

A CVE triage queue. A SOC rota. A compliance function dressed up as engineering. This is a role for someone who wants to defend a real product against real adversaries, in a business that treats security as a first-class engineering discipline.

If that sounds like your kind of challenge, get in touch.

At Inara Talent, we believe everyone deserves a fair chance to shine. We connect great people from all backgrounds with opportunities where they can thrive making sure hiring is fair, inclusive, and genuinely diverse. No matter your background, we focus on what matters: your talent.