Senior Security Engineer

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Our Mission

We're fixing the most broken process in business. Whether it's SaaS, hardware, or contractors, a typical B2B purchase drags on for 3+ months, spawns 50+ emails, and pulls in multiple stakeholders across Finance, Legal, Security, and IT. Nobody likes it, and it slows businesses down.

Omnea exists to change that. Our AI-native platform connects the people, steps, and systems so buying just works. Employees have one place to make requests, the right approvals run automatically, renewals and supplier risk checks are handled on time, and leaders get clear visibility into how, when, and why money is being spent.

This matters more now than ever: volatile markets demand capital efficiency, businesses who adopt AI quickly have a competitive advantage, and evolving regulation demands evidenceable controls-so buying has to be fast and compliant by default.

Founded in 2022, we're trusted by global enterprises including Spotify, Adecco Group, Albertsons, Wise, MongoDB, and Monzo. Our team previously built Tessian (backed by Sequoia; acquired by Proofpoint) and we've raised $75M from Khosla Ventures, Insight Partners, Accel, Point Nine, and First Round.

What we're looking for

We're hiring at both Level 3 (Senior) and Level 4 (Lead). For calibration, candidates typically bring 5+ years of deep security engineering experience in high-growth, cloud-native SaaS environments - but we care more about impact than years.

You'll be the first dedicated security specialist on the team, partnering with product engineers, GTM, and leadership to make Omnea the industry benchmark for security and trust.

You'll be joining us at a pivotal time. We've just raised $50M in Series B funding from Khosla Ventures, Insight Partners, Accel, Point Nine, and First Round Capital. In the past year we've grown revenue 5x, tripled our customer base, and maintained >99% retention with enterprises like Spotify, Wise, Albertsons, Adecco, and McAfee. Our team is small but high-calibre -- it took over 10,000 interviews to hire our first 50 Omneans.

Now we're scaling fast and building the category of AI Supplier Relationship Management. And we are looking for YOU to help turn procurement into a true competitive advantage!

What You'll Do

• Make our security posture airtight. Design and implement security controls across architecture, infrastructure and code (AWS Serverless, CDK/SST, React/TypeScript).
• Shift security left. Embed SAST/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline.
• Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and coordinate third-party pen tests, evidence gathering and policy reviews.
• Enable revenue. Partner with Sales & Customer Success to answer security questionnaires, lead RFP security sections, and join prospect calls to remove friction and build trust.
• Code and build. Contribute production-ready TypeScript, Terraform/CDK and automation scripts; raise the security bar through secure patterns, libraries and reviews.
• Drive security culture. Run incident-response playbooks, tabletop exercises, and brown-bag sessions so every Omnea engineer becomes a security champion.

What Can You Expect in our Tech team?

• Massive Ownership. You'll set the north-star security roadmap and see it through - from brainstorming to shipping dashboards, policies and guard-rails in prod.
• Modern, Cloud-Native Stack. Everything serverless and IaC-driven; you'll secure every layer.
• Continuous Delivery, Securely. We deploy multiple times/day; your guard-rails make that safe.
• Customer-Facing Impact. Your work unlocks deals, reduces time-to-close, and keeps renewal risk near zero - security as a growth lever, not a blocker.
• Collaboration & Autonomy. Plenty of heads-down coding, but also daily pairing with product engineers, GTM, and leadership on high-stakes opportunities.
• Scalability Challenges. As we 10× revenue, you'll evolve our security architecture for multi-region HA, fine-grained data residency, and tight least-privilege controls.

About You

• Security expert & builder. You design secure architectures and write elegant code (TypeScript or similar). You've rolled out tooling like Vanta, Snyk, Semgrep, Wiz or Orca.
• Commercial mindset. You enjoy turning security wins into faster sales cycles and stronger renewals. You've partnered with GTM or directly handled customer audits/RFPs.
• Cloud-first. Deep knowledge of AWS IAM, networking, KMS, serverless hardening, and infrastructure-as-code review.
• Bias for action. You iterate quickly, ship pragmatically, and automate everything.
• Culture carrier. You coach teammates, document best practices, and keep calm during incidents.
• Comfort with ambiguity. First dedicated security hire? Perfect-you'll set the bar.

Nice-to-haves

• Prior lead-level ownership of SOC 2 Type II or ISO 27001 certifications.
• Demonstrated open-source security contributions, CTF wins, or conference talks.
• Experience with procurement or fintech data-flows, third-party risk, or PCI.

At Omnea, we embrace diversity. To build a product that's loved by everyone, we're best served by a team with all sorts of backgrounds, experiences, and perspectives. We encourage you to apply even if your experience doesn't quite match the full job spec! And regardless of your race, religion, colour, gender, or anything else! If you think you could be a good fit for Omnea, please reach out.

A few things to note:

• We work Tuesdays, Wednesdays & Thursdays in-person at our offices. At this early stage of our company life-cycle it's important to us that we get this together-time, and you can read more about why we believe this is a winning move here
• We're commercial, ambitious and we don't pretend otherwise! We're actively seeking folks looking to make the most of a career-defining opportunity, with the hunger to be part of building something really impressive. You can see our values here
• We sometimes use AI note-takers to help us transcribe interview notes, so we can be more present in your interview. If you'd like to opt out of us using automatic transcribers, please note this in the free text field in your application, otherwise we'll take your application as confirmation that you're happy for us to use notetakers (whether added to video calls or in the background).

  We are proud to be recognised for both our culture and product, and we are just getting started. Join us as we grow!