Principal Engineer (Threat & Vulnerability Management)

TL;DR

Principal Engineer (Cybersecurity): Overseeing threat intelligence, vulnerability management, and penetration testing within a regulated financial environment with an accent on risk oversight and control effectiveness. Focus on challenging 1st line security operations, performing deep-dive penetration tests, and ensuring alignment with regulatory standards like FCA and GDPR.

Location: Hybrid (London - 3 days per week onsite)

Salary: £100,000 – £115,000

Company

hirify.global is a professional recruitment consultancy specializing in high-level search and placement.

What you will do

• Monitor and challenge the effectiveness of 1st line threat intelligence activities, ensuring adequate gathering and analysis.
• Oversee vulnerability management processes, including reviewing scan results, remediation timelines, and risk assessments.
• Plan and perform independent 2nd line-led or external penetration tests on critical controls and technology assets.
• Assess 1st line controls for cyber and technology risks and challenge business/IT risk decisions.
• Review and refine incident response plans and test scenarios based on emerging threat landscapes.
• Contribute to the development of cyber risk policies and frameworks to ensure alignment with FCA and GDPR.

Requirements

• Advanced degree in Cybersecurity, Information Security, Computer Science, or a related field.
• 10+ years of experience in cybersecurity, preferably within regulated financial services or fintech.
• Strong understanding of external threats, vulnerability/patch management, and penetration testing methodologies.
• Familiarity with frameworks such as NIST, ISO 27001, MITRE ATT&CK, and CIS.
• Must be based in or able to work hybrid in London (3 days per week onsite).

Nice to have

• Certifications such as CISSP, CISM, CEH, OSCP, or GIAC.

Culture & Benefits

• Competitive salary range.
• Comprehensive benefits package.
• High-impact role within a regulated fintech environment.