Principal Security Engineer

Location: Remote UK/Euro
Reporting line: Chief Risk Officer

About Auros

Auros is a global digital asset liquidity provider operating 24/7 across centralised and decentralised markets. We run high-availability, low-latency systems where resilience and risk discipline matter. Security is treated as a core engineering and risk function, with direct engagement from senior leadership.

The Role

We're hiring a hands-on principal security engineer to implement and operate security controls across our infrastructure. This is a technical execution role where you'll be writing code, configuring systems, and shipping security improvements, not writing policies or managing people.

You'll work closely with Infrastructure and Engineering teams to harden our cloud environments, secure our CI/CD pipelines, and protect both corporate and production systems. The scope is broad, the environment is fast-paced, and you'll be expected to own problems end-to-end.

We believe security should enable the business, not obstruct it. You'll design controls that are effective but unobtrusive, security that works in the background without creating friction for engineers or traders.

What You'll Do

• Implement and maintain security controls across multi-cloud environments (primarily AWS and Azure, with some GCP and AliCloud) and on-prem infrastructure
• Own IAM strategy and implementation: design and enforce identity, access, and permissions models that are secure, scalable, and practical
• Design and operate key management and custody security controls such as HSMs, secrets management, and secure key handling for trading operations
• Harden CI/CD pipelines (GitLab) and secure the software delivery process
• Configure and operate corporate security tooling (endpoint protection, MDM/Jamf, DLP, identity management)
• Respond to security incidents: triage, investigate, contain, remediate
• Conduct security assessments of infrastructure and applications
• Automate security operations: detection, alerting, and response
• Work with Infrastructure to embed security into cloud provisioning and system configuration

What We're Looking For

• 8+ years' hands-on experience in security engineering or security operations
• Strong, opinionated views on IAM (you've designed and implemented identity and access management across cloud environments and have a clear philosophy on how it should work)
• Strong working knowledge of cloud security controls across multiple providers (AWS and Azure preferred)
• Experience securing CI/CD platforms, GitLab preferred
• Familiarity with corporate IT security tooling (Jamf, endpoint protection, DLP, SSO/IdP)
• Comfortable in Linux environments and scripting (Python, Bash, or similar)
• Experience with infrastructure-as-code (Terraform, Pulumi etc.) is a plus
• Exposure to financial services, crypto, or other regulated environments is a plus but not required

We value demonstrated skills and practical experience over certifications.

What You Get

• Direct ownership of security implementation
• A small, technical team where your work has immediate impact
• Exposure to low-latency trading infrastructure and the digital asset space