About VFX

VFX Financial is one of the UK’s fastest-growing FinTechs, helping complex organisations move, manage, and protect money across borders. Built for specialist sectors, multi-jurisdiction structures, and high-compliance environments, we support businesses whose needs go beyond standard banking. We’re selective about who we work with because exceptional service requires focus and commitment.

With six international offices, five regulatory licences, and an 83% CAGR over the past three years, we’re scaling rapidly and earning industry recognition along the way — including the Financial Times FT1000: Europe’s Fastest Growing Companies 2026, CNBC UK’s Top Fintech Companies 2025, Wealth & Finance FinTech Awards 2025, and the Business Growth Award from Business Awards UK.

Behind it all is a team of ambitious VFXers united by collective ownership, a focus on growth, and a shared passion for solving complex problems.

About the Role

We are hiring a hands-on Security Engineering Lead to build and own VFX’s detection and incident response capability from the ground up.

This is a builder role, focused on delivering real operational security outcomes rather than policy, audit, or compliance activity. You will be responsible for designing and implementing a practical, engineering-led security capability that can detect genuine threats and respond decisively when incidents occur.

The immediate priority is to implement Microsoft Sentinel (SIEM), establish high-quality detection coverage, and build a functioning incident response capability. While elements of monitoring may be outsourced over time, you will retain accountability for the effectiveness, reliability, and continuous improvement of the overall security capability.

This role can be hybrid at our office in Portimao or fully remote across Portugal.

Key Responsibilities

Detection and Security Stack

• Design, implement, and operate Microsoft Sentinel (SIEM) end-to-end

• Own and operate the Microsoft Defender stack, including Endpoint, Identity, M365, and Cloud

• Define logging requirements and ensure critical data sources are onboarded

• Build and maintain detection coverage aligned to real-world threats using MITRE ATT&CK

• Continuously improve signal quality, reducing noise and false positives

Detection Engineering

• Build, tune, and maintain high-quality detection rules within Microsoft Sentinel

• Leverage and extend Microsoft Defender detections

• Focus on producing high-confidence, actionable alerts

Vulnerability & Attack Surface Management

• Lead the vulnerability management lifecycle, coordinating remediation with Infra/Dev teams.

• Oversee attack surface monitoring, penetration testing, and red team activities.

• Ensure vulnerabilities are prioritized based on business risk.

Incident Response

• Act as the internal lead during security incidents, owning decision-making and response

• Drive triage, containment, and recovery across Engineering and Infrastructure teams

• Make risk-based decisions under pressure, often with incomplete information

• Lead post-incident reviews and ensure corrective actions are implemented

SOC

• Lead onboarding of an outsourced SOC provider once SIEM capability is established

• Define runbooks, escalation paths, and operational expectations

• Own the outcomes of SOC performance, including detection quality and response effectiveness

• Hold external providers accountable for delivery and continuous improvement

Vulnerability Management

• Define and enforce risk-based prioritisation of vulnerabilities

• Drive remediation with Engineering and IT teams

• Escalate where remediation timelines or SLAs are not met

Risk & Security Outcomes

• Own and maintain the IT security risk register

• Define and track key operational metrics, including MTTD, MTTR, and remediation SLAs

• Ensure risks are actively reduced over time, not simply documented

Ownership of Security Outcomes

• Define requirements, validate implementation, and enforce remediation

• Escalate directly to the CTO where required

Candidate Profile

Qualifications & Experience

• Hands-on experience implementing and operating Microsoft Sentinel (SIEM) in a production environment

• Strong experience across the Microsoft Defender suite, including Endpoint, Identity, M365, and Cloud

• Proven experience in incident response, including leading or contributing to real-world security incidents

• Experience building or significantly improving detection and monitoring capabilities

• Comfortable operating in a build-stage or evolving environment, with the ability to take ownership from the ground up

• Strong understanding of detection engineering principles, including building and tuning high-quality alerts

• Experience working with cloud-native environments, ideally within Azure

• Familiarity with logging, monitoring, and security telemetry across distributed systems

• Ability to define and implement practical, effective security controls

Ways of Working

• Takes ownership of outcomes and follows through to resolution

• Able to make sound decisions under pressure, often with incomplete information

• Focuses on delivering practical, effective solutions rather than theoretical approaches

• Comfortable challenging assumptions and improving existing processes

• Works collaboratively across engineering, infrastructure, and IT team

Nice to Have

• Experience building or scaling a SIEM or detection capability from scratch

• Experience working with or onboarding external SOC providers

• Exposure to financial services or regulated environments

• Understanding of threats relevant to payments, fraud, and account security

Benefits at VFX

We offer more than just perks — we offer ownership.

Our benefits include:

• Generous Profit Share Plan (PSP)

• Equity via the Company Share Option Plan (CSOP)

• Competitive salary

• Annual all-expenses paid company incentive trip abroad

• Flexible learning & development budget

PSP & CSOP Details

At VFX, the biggest benefit is the opportunity to act like an owner. Through our Profit Share Scheme (PSP) and Company Share Option Plan (CSOP), every team member has a chance to own a stake in the business and share in the profits.

To show you what that looks like, in 2024, PSP participants received over $1,000,000 USD. From those distributions, more than 80% of eligible VFXers chose to become shareholders — a powerful reflection of the belief and commitment that drives VFX forward.

If you care about building something meaningful, take pride in your work, and are motivated by impact — you’ll thrive here.

Next Steps

If successful, you will be invited to an initial call with the People Ops team, followed by a technical interview and a final interview with the CTO.