Running security reviews and threat modelling on features and systems across Primer's product, and turning findings into clear, actionable guidance for the teams shipping them
Independently planning and delivering your own security projects, from initial design through to rollout
Building tooling and automation that makes future reviews faster and cheaper to run
Coordinating penetration testing and tracking remediation through to closure
Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows
Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM
Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for
Working alongside Cloud, Infra, and GRC on the security aspects of their projects

Working experience in product or application security: you've done security reviews or threat modelling and can spot the risks that matter
The ability to read and write code, not just review it. You're comfortable building small tools and automation rather than only filing findings
Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly
The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer
Clear communication with engineers who aren't security specialists, since most of your impact lands through their work
Nice to have: Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them
Nice to have: Background in payments, fintech, or another regulated, high-stakes domain
Nice to have: Interest in areas like supply chain security, detection engineering, or AI security

Security Engineer

Key skills