Hello! We're Teya.
Teya is a payment and software service provider, headquartered in London serving small, local businesses across Europe. Founded in 2019, we build easy to use, integrated tools that enable our members to accept payments and boost business performance.
At Teya we believe small, local businesses are the lifeblood of our communities.
We’re here because we don’t believe there’s a level playing field that gives small businesses with a fighting chance against the giants of the high street.
We’re here because we see banks and legacy service providers making things harder for them. We don’t think the best technology or the best service should be reserved for those with the biggest headquarters.
We’re here to fight for a future where small, local businesses can thrive, and to commit the same dedication they offer all of us.
Become a part of our story.
We’re looking for exceptional talent to join our mission. We offer a chance to create impact in a high-energy and connected culture, while benefiting from continuous learning opportunities, a supportive community which is proud to serve our mission, and comprehensive benefits.
Your missionAt Teya, security is an enabler of fast, reliable product delivery. As a Senior Application Security Engineer, you’ll own and evolve how application security is designed, built, and operated across our products—ensuring banking-grade security without slowing teams down.
You’ll lead the development of a pragmatic Secure SDLC for a high-velocity fintech environment, embedding security into everyday engineering workflows. Working closely with product, platform, and security partners, you’ll help shift AppSec from reactive controls to proactive, developer-first security that scales with the business.
ResponsibilitiesDesign, implement, and continuously improve a Secure SDLC integrated from design through production
Embed security into planning and delivery via threat modelling, security requirements, and automated controls
Lead application security reviews for new systems, major features, and high-risk changes across web, API, mobile, and backend services
Define and maintain secure architecture patterns for authentication, authorisation, APIs, data protection, and multi-tenant isolation
Own the application security tooling stack (SAST, DAST, SCA), integrating it into CI/CD with high-signal, low-noise outputs
Partner with engineers to triage and remediate vulnerabilities based on exploitability, impact, and regulatory risk
Work with Security Operations to improve application-level logging, telemetry, and incident response readiness
Act as a trusted advisor to engineering teams, raising the bar through practical guidance, documentation, and targeted training
6+ years’ experience in application security, security engineering, or software engineering with a strong AppSec focus
Demonstrated experience designing or operating Secure SDLC practices in fast-moving product teams
Hands-on expertise in web and API security, including authentication, authorisation, data flows, and common vulnerability classes
Proven experience integrating SAST, DAST, and SCA into CI/CD pipelines
Strong threat modelling and secure design skills for complex, cloud-native systems
Experience with modern backend and frontend or mobile stacks (e.g. JVM, Node.js, Go, TypeScript)
Familiarity with AWS and cloud-native architectures (IAM, KMS, containers, microservices)
Clear, pragmatic communication skills and the ability to influence through partnership rather than mandate
Nice to have:
Experience in fintech, payments, or other regulated environments
Familiarity with OWASP ASVS, OWASP Top 10, PCI DSS, DORA, or ISO 27001
Exposure to mobile security, API gateways, WAFs, or infrastructure-as-code
Security or cloud certifications (e.g. OSWE, OSCP, CSSLP, CISSP, AWS Security)
Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output
Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk
Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership
Impact-driven: You measure success through outcomes—risk reduction, adoption, and time-to-remediate—not activity
Data-informed: You use metrics and trends to guide priorities and demonstrate impact
High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams
AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes
Teya is proud to be an equal opportunity employer.
We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all.
If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.
