Security Engineering Lead

About VFXVFX Financial is one of the UK’s fastest-growing FinTechs, helping complex organisations move, manage, and protect money across borders. Built for specialist sectors, multi-jurisdiction structures, and high-compliance environments, we support businesses whose needs go beyond standard banking. We’re selective about who we work with because exceptional service requires focus and commitment.With six international offices, five regulatory licences, and an 83% CAGR over the past three years, we’re scaling rapidly and earning industry recognition along the way — including the Financial Times FT1000: Europe’s Fastest Growing Companies 2026, CNBC UK’s Top Fintech Companies 2025, Wealth & Finance FinTech Awards 2025, and the Business Growth Award from Business Awards UK.Behind it all is a team of ambitious VFXers united by collective ownership, a focus on growth, and a shared passion for solving complex problems.About the RoleWe are hiring a hands-on Security Engineering Lead to build and own VFX’s detection and incident response capability from the ground up.This is a builder role, focused on delivering real operational security outcomes rather than policy, audit, or compliance activity. You will be responsible for designing and implementing a practical, engineering-led security capability that can detect genuine threats and respond decisively when incidents occur.The immediate priority is to implement Microsoft Sentinel (SIEM), establish high-quality detection coverage, and build a functioning incident response capability. While elements of monitoring may be outsourced over time, you will retain accountability for the effectiveness, reliability, and continuous improvement of the overall security capability.This role can be hybrid at our office in Portimao or fully remote across Portugal.Key ResponsibilitiesDetection and Security StackDesign, implement, and operate Microsoft Sentinel (SIEM) end-to-endOwn and operate the Microsoft Defender stack, including Endpoint, Identity, M365, and CloudDefine logging requirements and ensure critical data sources are onboardedBuild and maintain detection coverage aligned to real-world threats using MITRE ATT&CKContinuously improve signal quality, reducing noise and false positivesDetection EngineeringBuild, tune, and maintain high-quality detection rules within Microsoft SentinelLeverage and extend Microsoft Defender detectionsFocus on producing high-confidence, actionable alertsVulnerability & Attack Surface ManagementLead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.Oversee attack surface monitoring, penetration testing, and red team activities.Ensure vulnerabilities are prioritized based on business risk.Incident ResponseAct as the internal lead during security incidents, owning decision-making and responseDrive triage, containment, and recovery across Engineering and Infrastructure teamsMake risk-based decisions under pressure, often with incomplete informationLead post-incident reviews and ensure corrective actions are implementedSOCLead onboarding of an outsourced SOC provider once SIEM capability is establishedDefine runbooks, escalation paths, and operational expectationsOwn the outcomes of SOC performance, including detection quality and response effectivenessHold external providers accountable for delivery and continuous improvementVulnerability ManagementDefine and enforce risk-based prioritisation of vulnerabilitiesDrive remediation with Engineering and IT teamsEscalate where remediation timelines or SLAs are not metRisk & Security OutcomesOwn and maintain the IT security risk registerDefine and track key operational metrics, including MTTD, MTTR, and remediation SLAsEnsure risks are actively reduced over time, not simply documentedOwnership of Security OutcomesDefine requirements, validate implementation, and enforce remediationEscalate directly to the CTO where requiredCandidate ProfileQualifications & ExperienceHands-on experience implementing and operating Microsoft Sentinel (SIEM) in a production environmentStrong experience across the Microsoft Defender suite, including Endpoint, Identity, M365, and CloudProven experience in incident response, including leading or contributing to real-world security incidentsExperience building or significantly improving detection and monitoring capabilitiesComfortable operating in a build-stage or evolving environment, with the ability to take ownership from the ground upStrong understanding of detection engineering principles, including building and tuning high-quality alertsExperience working with cloud-native environments, ideally within AzureFamiliarity with logging, monitoring, and security telemetry across distributed systemsAbility to define and implement practical, effective security controlsWays of WorkingTakes ownership of outcomes and follows through to resolutionAble to make sound decisions under pressure, often with incomplete informationFocuses on delivering pract