Security Engineer

An Introduction to Primer

Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.

Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we're building the payments layer the world's best companies rely on.

Watch our showcase > https://primer.io/the-primer-showcase

Read up on our $100m Series C https://www.primer.io/blog/series-c

Learn more about our culture > https://primer.io/careers

WHICH TEAM WILL YOU BE JOINING?

You’ll help build the entire product security surface for a company processing payments at scale: threat modelling, security review, compliance, incident escalation, and the multi-year AppSec roadmap. You'd be the second hire, and the person that function finally gets to share the work with.

This is a hands-on delivery role, and a genuinely formative one. You’ll help set the security strategy and architecture; you take real ownership of the work that turns it into reality, reviews, research, automation, and the day-to-day partnership with engineering teams. You'll have a clear direction to work within and someone senior to learn from, while still owning your projects end to end.

Security at Primer sits close to the engineering teams it protects rather than off to one side, so you'll spend real time embedded with the people building Cloud, Infra, and product. For someone who wants to go deep in product security with room to grow, there are few better seats than being the second engineer in a function that's only now scaling.

WHAT WILL YOU BE DOING?

• Running security reviews and threat modelling on features and systems across Primer's product, and turning findings into clear, actionable guidance for the teams shipping them
• Independently planning and delivering your own security projects, from initial design through to rollout
• Building tooling and automation that makes future reviews faster and cheaper to run
• Coordinating penetration testing and tracking remediation through to closure
• Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows
• Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM
• Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for
• Working alongside Cloud, Infra, and GRC on the security aspects of their projects

WHAT WE'RE LOOKING FOR

• Working experience in product or application security: you've done security reviews or threat modelling and can spot the risks that matter
• The ability to read and write code, not just review it. You're comfortable building small tools and automation rather than only filing findings
• Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly
• The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer
• Clear communication with engineers who aren't security specialists, since most of your impact lands through their work

Nice to have

• Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them
• Background in payments, fintech, or another regulated, high-stakes domain
• Interest in areas like supply chain security, detection engineering, or AI security

YOU MAY NOT LIKE IT HERE

• It's remote-first and high autonomy. You'll get direction, but nobody checks your progress daily. If you need close structure, this will be uncomfortable
• You'll move between proactive project work and reactive BAU, and priorities will shift as audits and incidents land. Tolerating that change is part of the role.

✅ A TYPICAL INTERVIEW PROCESS

• An initial intro call with a Talent Partner
• An interview with the Hiring Manager
• Challenge Stage - Contextualised to the role
• A final, values-alignment interview

WHAT'S THE CULTURE LIKE AT PRIMER?

We're building a culture where people can do their best work and be proud of the impact they have. You'll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.

We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.

The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there's a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It's never something you face alone.

OUR BENEFITS

🌍 We are fully remote and globally distributed; and have been since day one

💰 Competitive share options

🌴 Uncapped holiday, with 25 days minimum to be taken

🗣️ Co-working space access

📅 Workations & Company Retreat

💻 The best equipment for your role

🏠 £500 towards your home office setup

🔎 Generous learning budget

🏥 Private Medical Insurance

📈 A broad set of additional perks and benefits (depending on location)

DON’T MEET EVERY SINGLE REQUIREMENT?

At Primer, we're dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.

Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.