We are expanding the Security Operations team extensively, and this is an exciting role as part of an advanced detection and response team.  You will have the opportunity to shape and develop engineering-centric approaches and solutions to security problems.  We don't believe the 'traditional SOC' model continues to be effective and efficient, and our vision challenges this with autonomic security operations, to improve our ability to withstand security attacks.


  • 30 days annual leave plus public holidays
  • Remote friendly environment
  • Remote working equipment allowance
  • Health and wellness allowance
  • Flexible working arrangements
  • Learning days, Udemy and educational reimbursements
  • Primary caregiver leave
  • 4 hours of “investment time” per week, to spend working on projects that you are passionate about improving
  • Mental Health support via Spill
  • Perlego subscription 
  • Full details are available on our careers page

Form3 appreciates that we all lead different and often really busy lives. We work remotely 100% of the time and many of us work part time. If you’re interested in hearing what different flexible working arrangements may be available, we’d love to chat.

Very well

  • Identify and maintain awareness of timely and appropriate threat intelligence (supported by Threat Intel Analyst)
  • Plan and co-ordinate data source collection
  • Prioritise detection engineering
  • Develop new and existing supportive orchestration and automation actions
  • Analyse event data to triage severity and priority (supported by our software, platform and IT engineering teams as necessary)
  • Conduct technical investigations and response to threats (supported by Security IR Manager).

Knowledge inside-out of one (or more) of the following technology domains:

  • Containers: Kubernetes, EKS, GKS, AKS and Cilium
  • Platform services: Github, Terraform, CockroachDB, NATS, Postgres and Secrets
  • Networking
  • Cloud Platforms: AWS, GCP and Azure
  • Endpoints (mainly macOS and Linux)
  • IAM


  • Ability to identify threats, onboard data sources, build corresponding detection engineering and develop appropriate enrichment, orchestration and/or automation actions
  • Confident analysing and interpreting data from various sources, including endpoints, network devices, applications, and cloud services
  • Experience analysing events to triage the issue or find root cause through log and data analysis
  • Analytical thinking, attention to detail and curiosity mindsets in interrogating anomalies
  • Interest in self-learning, and desire to continually improve
  • Willingness to be part of the on-call rota (additionally paid)
  • Excitement towards building Autonomic Security Operations


  • Demonstrated experience in common tooling including but not limited to: SIEM, SOAR and EDR.
  • Experience conducting proactive technical investigations and response to threats
  • Ability to develop custom scripting for orchestration and automation actions
  • Experience contributing use cases and detection engineering into a use case database
  • Knowledge of, and experience applying, models of threat actor behaviour such as MITRE ATT&CK framework and Cyber Kill Chain.

Our Story

Form3 was established in 2016 by four banking and technology leaders with a single purpose - to transform outdated, complex and costly payments infrastructure to a modern, cloud-native, real-time Payments-as-a-Service. Since then we have made enormous steps in opening up access to payment schemes for the global financial community, enabling them to scale and optimise their business operations through advanced payment technology.

What we do

We provide Banks and regulated Fintechs across the globe an end-to-end managed payments service that delivers complete payment processing, clearing and settlement to the universe of payment schemes through a single API. Our platform handles everything so you can focus more on serving your customer's needs and less on managing payments infrastructure.