Senior Information Security Engineer

What is Flagstone?

Flagstone is many things. An online savings platform, reinventing how individuals, businesses, and charities manage, protect, and grow their cash. A diverse group of people, bound by a collaborative spirit, and shared purpose. And lastly, a thriving, profitable business – where smart people do their best work.

Each definition shares a common thread: our unique culture. It’s our pride and joy. And our competitive advantage.

A feel for our culture:

To revolutionise the savings market, we need to be at our best. But high performance takes more than talent – it takes a culture of kindness, respect, and growth.

That’s why we’re building a diverse, inclusive community, where your voice is heard and valued. Where, with close support and room to develop, you can surpass even your own expectations. And be rewarded for it.

We may not change the world, but we can change the world of financial technology. And all it takes is a winning mix of drive, talent, and empathy. Our culture celebrates all three.

But enough about us. Let’s talk about you.

Does this sound like you? 

You're a forward-thinking Security Engineer with a passion for building secure, scalable systems who’s excited to forge a new way to save! You enjoy shaping the security posture of modern digital environments and bring deep hands-on expertise in cloud and Saas security within the Microsoft ecosystem. You enjoy working collaboratively across teams, influencing secure-by-design thinking, and embedding security into everyday ways of working. 

What you’ll do: 

• Lead the design, implementation, and ongoing improvement of our security controls and practices, aligned to ISO/IEC 27001:2022 and ISO/IEC 42001. 
• Proactively identify and mitigate risks across SaaS, cloud, and on-prem environments. 
• Act as a key subject matter expert for security engineering and governance across Microsoft Azure, Microsoft 365, and other third-party platforms. 
• Partner with compliance, legal, IT, and operational teams to embed secure-by-design principles throughout product and service delivery. 
• Strengthen detection and response capabilities through Microsoft Sentinel and related threat intelligence tools. 
• Support audit readiness, compliance automation, and third-party risk management through tools like Vanta, Risk Ledger, and Microsoft Compliance Manager. 
• Contribute to a strong security culture by driving awareness initiatives and influencing behaviour at scale. 

What you’ll bring: 

• Deep experience with Microsoft Azure security tooling, including Azure Security Center, Azure Policy, and Microsoft Secure Score. 
• Expertise in identity and cloud-native security using Microsoft Defender for Cloud, Defender XDR, and Entra ID Protection. 
• Hands-on knowledge of security controls in Microsoft 365, AAD, and Purview for data protection and insider risk management. 
• Strong background in threat detection and response using SIEM/SOAR platforms (Microsoft Sentinel desirable), and familiarity with frameworks like MITRE ATT&CK. 
• Solid grasp of ISO/IEC 27001:2022 controls, with exposure to AI security frameworks (e.g., ISO/IEC 42001) a plus. 
• Experience supporting or leading audits and compliance workflows using platforms like Vanta, Ivanti, or Microsoft Compliance Manager. 
• Knowledge of secure endpoint and network management for hybrid/remote environments. 
• Understanding of physical security principles aligned to ISO Annex A.7 and A.11. 
• Ability to influence culture and behaviour, with experience in using tools like CultureAI or equivalent to embed awareness at scale. 
• Proven expertise in applying threat modelling frameworks (e.g. STRIDE, PASTA), and tools (e.g. OpenCTI), identifying attack surfaces and trust boundaries, and integrating threat modelling into secure system design and development processes.

Bonus points for: 

• Familiarity with Microsoft Purview’s DLP, eDiscovery, and Data Lifecycle Management features. 
• Experience conducting internal audits or ISO/NIST gap assessments. 
• Understanding of privacy regulations such as UK GDPR, DPA 2018, or international equivalents. 

How we reward you:

At Flagstone, the benefits extend beyond false gifts like “fruit and snacks”. Instead, we invest in your health, wealth, and professional development. Here’s a selection of our benefits:

• Competitive bonus scheme - designed to reward and recognise high performance
• Flexible benefits budget - a pot to fund meaningful benefits for you, whether it's hormone or fertility testing, cancer screening, neuro-diversity coaching or something that matters for you.
• A range of salary sacrifice options to help you make tax efficient savings on electric cars, nursery schemes, home and tech goods.
• Around the World scheme - 3 months work from anywhere scheme
• Mental wellbeing support – Access therapy and mental health sessions through Spill
• Learning and development – £1,000 personal development budget to help you grow in your role.
• Private health care - Enjoy all the benefits AXA has to offer, including reduced gym memberships and medical history disregarded
• Medical cash plan - To help you with the costs of dental and optical expenses
• Life insurance and Income Protection- four times your annual salary for peace of mind
• Matched pension contributions up to 5%
• 25 days holiday - plus bank holidays, well-being days and volunteering days
• Enhanced Parental Leave – enhanced maternity, paternity and adoption pay

All are welcome.

At Flagstone, we’re assembling a diverse team that defies our industry’s norms. Think this role could suit you? We encourage you to apply, no matter your background.

#LI-Hybrid