An Introduction to Primer
Primer is the unified infrastructure for global payments. We give finance and payments teams the visibility and control to reduce complexity, improve performance, and capture more revenue - all from a single platform.
Backed by Sofina, Peak XV Partners, ICONIQ, Tencent, Accel, and Balderton, we're building the payments layer the world's best companies rely on.
Learn more about our culture >
Youβll help build the entire product security surface for a company processing payments at scale: threat modelling, security review, compliance, incident escalation, and the multi-year AppSec roadmap. You'd be the second hire, and the person that function finally gets to share the work with.
This is a hands-on delivery role, and a genuinely formative one. Youβll help set the security strategy and architecture; you take real ownership of the work that turns it into reality, reviews, research, automation, and the day-to-day partnership with engineering teams. You'll have a clear direction to work within and someone senior to learn from, while still owning your projects end to end.
Security at Primer sits close to the engineering teams it protects rather than off to one side, so you'll spend real time embedded with the people building Cloud, Infra, and product. For someone who wants to go deep in product security with room to grow, there are few better seats than being the second engineer in a function that's only now scaling.
Running security reviews and threat modelling on features and systems across Primer's product, and turning findings into clear, actionable guidance for the teams shipping them
Independently planning and delivering your own security projects, from initial design through to rollout
Building tooling and automation that makes future reviews faster and cheaper to run
Coordinating penetration testing and tracking remediation through to closure
Supporting the recurring compliance work (SOC2, PCI), including evidence collection and remediation tracking against fixed audit windows
Contributing to AppSec roadmap initiatives across areas like application threats, AI security, supply chain security, and ASPM
Picking up proactive security work, threat research and hands-on investigation, that a one-person function has never had the capacity for
Working alongside Cloud, Infra, and GRC on the security aspects of their projects
Working experience in product or application security: you've done security reviews or threat modelling and can spot the risks that matter
The ability to read and write code, not just review it. You're comfortable building small tools and automation rather than only filing findings
Sound judgement about risk. You can weigh a real threat against a theoretical one and explain your reasoning clearly
The ability to plan and deliver your own work independently once you understand the direction, while knowing when to pull in the senior engineer
Clear communication with engineers who aren't security specialists, since most of your impact lands through their work
Nice to have:
Exposure to compliance frameworks like SOC2 or PCI, or genuine appetite to learn them
Background in payments, fintech, or another regulated, high-stakes domain
Interest in areas like supply chain security, detection engineering, or AI security
It's remote-first and high autonomy. You'll get direction, but nobody checks your progress daily. If you need close structure, this will be uncomfortable
You'll move between proactive project work and reactive BAU, and priorities will shift as audits and incidents land. Tolerating that change is part of the role.
An initial intro call with a Talent Partner
An interview with the Hiring Manager
Challenge Stage - Contextualised to the role
A final, values-alignment interview
We're building a culture where people can do their best work and be proud of the impact they have. You'll be working with people who are mission-driven, smart, and reflective, and who are genuinely invested in building exceptional products and delivering success for our merchants.
We work remotely, and have done since day one. We believe that building a successful, profitable company goes beyond proximity. We invest in our relationships through great remote working practices and thoughtfully designed face-to-face time, including workations, our annual company retreat, and co-working space access worldwide.
The work is challenging. Scaleups are a challenge, and building category-defining products is a challenge. But there's a meaningful difference between a challenge and a struggle. At Primer, the right challenge comes with the right support: strong onboarding, a collaborative environment, and a team that is genuinely invested in your success. It's never something you face alone.
π We are fully remote and globally distributed; and have been since day one
π° Competitive share options
π΄ Uncapped holiday, with 25 days minimum to be taken
π£οΈ Co-working space access
π
Workations & Company Retreat
π» The best equipment for your role
π Β£500 towards your home office setup
π Generous learning budget
π₯ Private Medical Insurance
π A broad set of additional perks and benefits (depending on location)
At Primer, we're dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification listed, we encourage you to apply. You may be the right candidate for this or other roles.
Primer is committed to the equal treatment of all current and prospective employees and adopts a zero-tolerance approach to discrimination, regardless of age, disability, sex, sexual orientation, pregnancy and maternity, race or ethnicity, religion or belief, gender identity, marriage and civil partnership, or any other background or belief.
GuidePoint Security
DigitalOcean
Virtru
vivenu
Apollo.io
Primer
Primer
Primer
