Job Specifications
Our Mission
We’re not your average benefits platform — we’re the driving force that uplifts people’s lives. Our technology connects the entire benefits ecosystem, creating better outcomes for employers, employees, brokers, and providers.
Our mission is clear: to build a world where everything works at its best, ensuring every employee gets the support they need to thrive—both at work and beyond.
Your Mission
As a Security Engineer at Ben you will shape Infosec across the domains of infrastructure, product, and compliance. You’ll be a key technical contributor in a small, high-impact team - with direct mentorship from our Head of Infosec and the autonomy to take full ownership of key projects.
We value self-starters who are eager to take on ownership, in a supportive environment where you can make a real impact while developing your skills. Our culture emphasises work-life balance, so while we work hard to ship on time, we also take downtime and relaxation seriously.
Things you will be working on…
Take ownership of existing security tooling, and implement new ones (e.g. endpoint protection, MDM, access controls), ensuring they’re effectively configured, maintained, and evolving as the business grows
Embed secure-by-design practices into the development lifecycle across engineering, including secure coding, threat modeling, and design reviews
Monitor systems for irregular behavior and proactively design detection and prevention mechanisms
Ensure infrastructure and applications align with generally accepted industry standards, such as the OWASP Top 10 and the AWS Well-Architected Framework
Conduct and lead risk assessments, including third-party/vendor reviews and internal evaluations
Document and maintain security policies, procedures, and controls as part of our ISO 27001-certified Information Security Management System (ISMS)
You will love this role if you have…
Hands-on experience deploying and managing security tooling - such as EDR, MDM, ZTNA, or vulnerability scanners, and enjoy solving problems at the implementation level
Worked with Microsoft’s security ecosystem, including Entra ID (Azure AD), Intune, and Defender, and feel confident navigating other vendors’ enterprise tooling
Solid foundations in networking, systems, and cloud infrastructure, and understand how to apply industry standards (e.g. OWASP Top 10, AWS Well-Architected) to real-world scenarios
Experience reviewing and improving product and infrastructure security, including secure SDLC practices like threat modelling, secure code review, or CI/CD hardening
Familiarity with compliance frameworks such as ISO 27001 or SOC 2, and the ability to translate technical controls into well-documented policies and audit-ready evidence
Experience automating repetitive security tasks (e.g. with Python, PowerShell, or Bash) or integrating tools via APIs to improve efficiency and reduce manual work
A bias toward proactive risk reduction, not just fixing bugs - you think holistically about controls, people, and processes that improve security posture
A generalist mindset - you’re comfortable working across infrastructure, product, and compliance domains, even if you’re deeper in one
You will not love this role if you….
Want to only do policy work or only implementation - this is a hands-on, full-spectrum security role where you'll work across engineering and compliance
Need a slow pace to feel comfortable - we move fast, and we prioritise action, even when the path isn’t perfectly clear
Are uncomfortable being accountable for outcomes - this role involves owning projects end-to-end and being responsible for making them succeed
Prefer maintaining the status quo - we want to challenge assumptions, rethink how security is done, and push for better ways of working
Prefer a highly structured environment with established processes and clearly defined boundaries - we’re still building, and sometimes that means creating the path as we go
Struggle with ambiguity or expect prescriptive direction - you’ll get support and context, but you’ll need to figure things out and take ownership
Wait for others to step up, or to be told what to do - We are a high-performance and high-reward work place and are looking for people who are proactive
Not sure if you meet 100% of the requirements?
That’s okay - we know that not everyone follows a linear career path, and we value diverse perspectives and growth mindsets. If you have a solid technical foundation and a strong interest in security, we’d still love to hear from you. That said, this role does require hands-on experience, so please only apply if you feel confident you can contribute meaningfully from day one.
Our Compensation & Benefits
It’s important to us to practise what we preach when it comes to our benefits. We know what good looks like and we want to provide the best for our team, with a comprehensive and inclusive benefits package. This means you have a choice over the things that are most important
About the Company
Ben is the world's first intelligent benefits platform, bringing innovation, flexibility, and automation to an industry ready for transformation. Our AI-powered platform simplifies global benefits management for companies like Mondelez, Pleo, Itsu, Trainline and HSBC. Offer benefits that work for every employee, whether desk-based, remote, or on-the-go. Less admin, more impact: Ben is your benefits co-pilot, automating complex tasks and making even the most complex global strategies effortless. Same budget, bigger results: G...
Know more