Thought Machine's mission is bold – to properly and permanently rid the world's banks of legacy technology. To achieve this, we have developed the foundations of modern banking through core and payments technology which run natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology.
We have grown rapidly in the past few years – growing our team to more than 550 individuals across offices in London, New York, Singapore, Sydney and our newly established Engineering Hub in Lisbon. We have raised more than £500m in funding and our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase Strategic Investments, Standard Chartered Ventures, and more.
We have created a culture that enables our team to produce the best work in the industry while ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the industry's most generous employee share package. Named one of the world's most innovative fintechs by Global Finance Magazine, we were also recognised by the Financial Times as one of Europe's fastest-growing companies for two consecutive years—and a UK Best Employer for 2026.
This is a full-time, permanent position based in our Lisbon office, requiring four days a week onsite.
Thought Machine is in search of a Security Control Engineer with experience in evaluating threats and risks in an organisation, evaluating control requirements, and using that information to design and implement technical and operational solutions to address them.
Thought Machine prides itself in being an engineering-led company and as such, the candidate should have a strong technical background; they should be able to reason about complex security problems in distributed cloud-based and on-premise computing environments. They should be able to communicate and collaborate on trade-offs between differing approaches to security controls - both internally and to our client base, where necessary.
Thought Machine’s Security Control Engineering team uses Thought Machine’s standards and risk assessments along with client and regulatory requirements to define the security control needs and develops those controls - inclusive of engineering the solution, documenting it, and presenting it to clients and auditors. This focus is to ensure Thought Machine is able to meet its contractual requirements, security and business continuity certifications, and maintaining a program of continuous improvement that puts us at the forefront of industry good practices.
This focus is driven by four principles:
Continuous Improvement: Monitoring and nurturing the evolution and operation of our ISMS and BCMS so that we remain at the forefront of industry best practices, evolve as threats evolve, and build world-class technologies.
DUTIES:
Control Design and Implementation: Actively participate in the technical and operational design and implementation of capabilities, tools, and procedures to mitigate security and business continuity risks to acceptable levels. Provide both process and technical domain expertise in Thought Machine’s approach to its product and operational security as well as business continuity and disaster recovery plans.
Continuous Control Assurance: Developing and implementing highly effective ways (tools, processes) of performing continuous audits, and also obtaining the evidence necessary for the renewal of Thought Machine's certifications, including ISO27001, ISO22301, PCI-DSS, and SOC 2 Type 2. This also includes the design of capabilities, tools, and procedures that satisfy the requirements of these regimens.
Client Support: Respond directly to client queries regarding our technical approach to security in our products by communicating the technical details necessary to instil confidence in our security posture. Develop materials for distribution and presentation to clients that communicate our approach to security ensuring the materials used are technically accurate, sufficiently detailed, and up-to-date.
ISMS and BCMS: Actively ensuring that our approach to security and business continuity is kept up to date; that new threats, technical advances, and new standards are incorporated in a timely manner; our standards, controls, and plans up to date with Thought Machine and client needs, as well as changes to Thought Machine’s processes and technology stack.
REQUIREMENTS
Essential:
Experience designing and implementing technical solutions to deliver security controls and capabilities in cloud-based infrastructure (e.g. AWS, GCP).
Experience in working directly with software engineering teams in designing new technical solutions to meet security requirements in products.
Experience with control automation via code (e.g. Python, Go)
Strong technical background, with experience in distributed systems, cloud security, and related technologies, and a passion for finding creative solutions to difficult problems.
Knowledge of threat modelling for the purposes of understanding threat probabilities and frequency.
Excellent communication skills with an ability to translate technical and security jargon into business-relevant insights.
Ability to collaborate effectively with other departments and external stakeholders.
Desirable:
Experience in a fast-paced tech environment or fintech sector.
Knowledge of container security, Kubernetes, Kafka, and other emergent technologies.
Experience with obtaining and maintaining a security certification such as SOC 2, ISO 27001, PCI-DSS.
Proficiency in leading security risk assessments, preferably with knowledge of the FAIR framework
Benefits
Highly competitive salary
Voluntary Pension Plan (match up to 5%)
Private Healthcare Insurance
Comprehensive Life Insurance
25 days holiday plus public holidays
Two charity days a year
Daily Meal Allowance
Access to outstanding learning materials and courses
Sports and hobby clubs, subsidised by Thought Machine
All the latest tech you need
Huge range of healthy (and not-so-healthy) snacks, smoothies and drinks
A talented and experienced team as your colleagues
An environment where we encourage learning and progress
We actively hire candidates who demonstrate technical excellence in their field and welcome people of all ages and backgrounds, providing everyone with equal access to professional development. You are encouraged to apply even if your experience doesn't accurately match the job description. We also encourage applications from those with different abilities, including candidates with ADHD, autism, dyslexia or dyspraxia.
Compensation Range: €50K - €75K