Hello. We’re Teya.
Teya was founded on a simple belief: local businesses deserve better.
They are the cafés, restaurants, salons, shops and entrepreneurs that bring character to our high streets, create jobs and keep communities moving. Yet for too long, financial services has made life harder for them - with clunky tools, poor support and complexity that gets in the way of running a business.
Teya exists to change that.
We’re building a financial platform for local businesses across Europe - one built around simple tools, thoughtful design and real human support. Our Members rely on us to help them run their business with confidence, and that responsibility shapes the way we work.
We move fast. We care about quality. We stay close to the detail. And we believe great performance and genuine hospitality should go hand in hand.
If you want to build meaningful products, solve real problems and make a genuine difference for local businesses, we’d love to hear from you
Your missionWe're a regulated payments fintech operating across multiple European markets, scaling into banking-licence territory. Security Engineering is being rebuilt around a joint operating model with our platform and infrastructure teams. We're hiring a Senior Security Engineer who can pick up specific gaps in our current coverage: payment cryptography operations on cloud-hosted HSM services, application security at scale, and pipeline-embedded controls that let the rest of the company move fast without security sitting in the critical path.
This is not a review-queue role. We're not looking for another pair of hands doing manual pen tests, PR reviews, or spreadsheet audits. We want an engineer who builds, someone who writes production-quality Go, ships services, and turns manual security work into platforms other teams operate against.
ResponsibilitiesDesign, implement, and continuously improve a Secure SDLC integrated from design through production
Embed security into planning and delivery via threat modelling, security requirements, and automated controls
Lead application security reviews for new systems, major features, and high-risk changes across web, API, mobile, and backend services
Define and maintain secure architecture patterns for authentication, authorisation, APIs, data protection, and multi-tenant isolation
Own the application security tooling stack (SAST, DAST, SCA), integrating it into CI/CD with high-signal, low-noise outputs
Partner with engineers to triage and remediate vulnerabilities based on exploitability, impact, and regulatory risk
Work with Security Operations to improve application-level logging, telemetry, and incident response readiness
Act as a trusted advisor to engineering teams, raising the bar through practical guidance, documentation, and targeted training
5+ years in security engineering. With a demonstrable track record of shipping platforms, not just performing reviews or writing policy.
Production Go experience. You should be comfortable designing, writing, testing, and shipping production Go services. Our platform is Go-native and we build our security tooling in the same stack. Applications without production Go will not progress.
Software engineering fundamentals. Version control, code review, testing, CI/CD, observability, on-call for services you've built. You are an engineer who does security, not a security person who occasionally scripts.
Payment cryptography operations. Hands-on experience with payment HSM services (cloud- hosted such as VirtuCrypt, AWS CloudHSM, Google Cloud HSM; or on-prem operated as a service). Payment key management including PIN keys, DUKPT, master/session key hierarchies, and TR-31 or TR-34 key exchange.
Experience with key lifecycle management, PCI PIN and PCI-DSS scope experience is required.
Application security at scale. SAST/DAST/SCA toolchain design and rollout. Threat modelling as a routine practice, not an event. Familiarity with modern AppSec tooling (Snyk, Wiz, Veracode, Checkmarx, Semgrep, GitHub Advanced Security or equivalents).
Cloud security depth on AWS. IAM design, workload identity, network isolation, and integration patterns between application workloads and HSM-backed key services.
Written communication. You will publish runbooks, standards, ADRs, and reporting dashboards. If it isn't documented, it didn't happen.
Comfort with a small team carrying real regulatory scope. PCI-DSS, PCI PIN, DORA and GDPR are constraints on the work, not optional context.
Nice to have:
Open source contributions or side projects, we would like to see how you write code before the technical interview.
Payments industry experience (card acquiring, issuing, PIN, EMV, terminal fleet operations).
Regulated fintech environment (FCA, ECB, or equivalent supervisory scope).
Out-of-band, non-blocking. We embed in the pipeline, we do not sit in the critical path.
Skin in the game is shared. Application owners own their app's security posture. We provide the patterns, tooling, and verification.
Automation first. If you're doing something manually more than twice, you automate or you hand it back to the owning team.
Public requests, not DMs. All work in the open. Backlog visible. Decisions logged.
Ways of working matter. Defined split between roadmap, keep-the-lights-on, and unplanned work. We push back on unplanned demand with reasons
The Perks
We trust you, so we offer flexible working hours, as long it suits both you and your team;
Health Insurance;
Physical and mental health support through our partnership with MyFitness;
25 days of Annual leave (+ Bank Holidays);
Possibility to visit other Teya offices to meet colleagues in instances when travel is safe and appropriate;
Friday lunch in the office;
Friendly, comfortable and high-end work equipment and informal office environment;
Hybrid work mode policy.
Teya is proud to be an equal opportunity employer.
We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all.
If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.
Skills Required
- 6+ years' experience in application security, security engineering, or software engineering with a strong AppSec focus
- Hands-on expertise in web and API security
- Experience with modern backend and frontend or mobile stacks
- Proven experience integrating SAST, DAST, and SCA into CI/CD pipelines
Teya Compensation & Benefits Highlights
-
Equity Value & Accessibility — All employees join a stock option plan (USSOP) from day one, making ownership broadly accessible. Feedback suggests this equity component is a standout element of the package.
-
Healthcare Strength — Private medical insurance and supportive sick pay are included in core locations, with named coverage such as Bupa in the UK. Coverage is consistently highlighted in UK and European locations.
-
Leave & Time Off Breadth — Employees receive 25 days of annual leave plus bank holidays, described as ample time for rest and recreation. This breadth is positioned as a standout component in UK and European locations.
Teya Insights
What We Do
At Teya, we believe small, local businesses are the heartbeat of every community. Teya was founded to help small, local businesses thrive. We exist to make business smoother, simpler, and more rewarding for the people who keep our communities alive. That means exceptional support, intuitive solutions, and a team truly invested in our Members’ success. To us, they’re more than customers – they’re part of a community built on trust and shared ambition. That’s why we proudly say: “Member since.” It’s our way of honouring every relationship and building a stronger, more connected future together.
Why Work With Us
We’re a fast-growing European fintech helping small, local businesses thrive. We value simplicity, teamwork, and impact. At Teya, you’ll join a diverse, passionate team where ideas matter, growth is encouraged, and every action helps real people and communities succeed, every single day.
Teya Offices
OnSite Workspace
We believe great ideas happen when people come together. Our hybrid approach gives you the flexibility to work from home, but we encourage spending at least three days a week in the office to collaborate, connect, and keep our culture strong.