Security Engineer | GoCardless Global Negotiation Guide
Negotiation DNA: Private VRP Fintech Open Banking Bank-to-Bank Payments Options Equity Secondary Liquidity InfoSec Payment Security Compliance
| Region | Base Salary | Stock (Options/4yr) | Bonus | Total Comp |
|---|---|---|---|---|
| London | £80,000-£115,000 / $100,000-$144,000 | £25,000-£55,000 / $31,000-$69,000 | £8,000-£15,000 / $10,000-$19,000 | £113,000-£185,000 / $141,000-$232,000 |
| San Francisco | $160,000-$215,000 | $40,000-$80,000 | $15,000-$28,000 | $215,000-$323,000 |
| Melbourne | A$130,000-A$175,000 / $84,000-$114,000 | A$30,000-A$60,000 / $20,000-$39,000 | A$12,000-A$20,000 / $8,000-$13,000 | A$172,000-A$255,000 / $112,000-$166,000 |
Negotiation DNA
Security Engineers at GoCardless protect the integrity of a bank-to-bank payment network that processes billions in transaction volume for 85,000+ businesses. This is not application-level security for a SaaS product — it is financial infrastructure security where breaches have regulatory, financial, and reputational consequences orders of magnitude larger than typical tech companies. GoCardless is privately held at ~$2.1B, backed by Bain Capital, Accel, and Google Ventures, and the security function is foundational to maintaining the trust relationships with banks and payment schemes that underpin the entire business.
The $200M secondary sale completed in February 2026 is relevant to security engineers because it signals the company's path toward public markets, where security standards and audit expectations increase dramatically. The Nuapay acquisition introduced an entirely new attack surface — open banking APIs, payment initiation endpoints, and account information services — that must be secured to the same standard as the core direct debit platform. VRP (Variable Recurring Payment) security is particularly critical, as VRP introduces real-time, variable-amount payment flows that require robust authentication, consent management, and fraud prevention. Security Engineers working on VRP infrastructure are building security patterns for a payment type that is still being standardized, making this one of the most consequential security engineering roles in fintech.
Level Mapping:
| GoCardless | Meta | Stripe | Wise | Adyen | |
|---|---|---|---|---|---|
| Security Engineer | L4-L5 Security Engineer | IC4-IC5 Security Engineer | Security Engineer (L2) | Security Engineer | Security Engineer |
Negotiating a Security Engineer offer at GoCardless?
Get a personalized playbook with your exact counter-offer numbers, word-for-word scripts, and a day-by-day negotiation plan.
Get My Playbook — $39 →Secondary — The VRP Leadership Premium
Lever 1 — Secondary Sale Security Premium: "GoCardless's $200M secondary sale in February 2026 signals movement toward public markets, where security audit requirements, SOC 2 expectations, and regulatory scrutiny all increase significantly. I'll be building the security posture that supports this trajectory. My option grant should reflect this strategic role — I'm asking for 1.5x the standard grant, because security incidents don't just impact operations, they impact valuation."
Lever 2 — Nuapay Attack Surface Expansion: "The Nuapay acquisition doubled GoCardless's attack surface overnight. I now need to secure open banking APIs, payment initiation endpoints, and account information services alongside the existing direct debit infrastructure. This expanded security domain requires expertise across multiple regulatory frameworks (PSD2, SCA, Open Banking UK standards). I'm requesting a 15% base increase to reflect the expanded scope and specialized compliance knowledge required."
Lever 3 — VRP Security Architecture: "Variable Recurring Payment security is a greenfield challenge. VRP introduces variable-amount, real-time payment authorizations that require new approaches to consent management, transaction monitoring, and fraud detection. I'll be defining the security architecture for a payment type that doesn't have established security patterns yet. This is security design work, not just security operations, and it commands a premium."
Lever 4 — Payment Network Trust at Scale: "Security engineers at GoCardless are responsible for the trust relationship between the company and the banking partners who provide access to 85,000+ merchant accounts. A single security incident could result in a bank partner suspending access, which would cascade across thousands of businesses. The blast radius and the trust stakes are equivalent to security roles at the largest payment processors, and my compensation should reflect that."
Negotiate Up Strategy: Push for top-of-band base (£105,000-£115,000 London / $200,000-$215,000 SF / A$160,000-A$175,000 Melbourne) and negotiate 1.5x the standard option grant. Security engineers in fintech command a scarcity premium — use Stripe, Wise, and Adyen security engineering comp as your benchmarks. Total comp target: £160,000+ / $280,000+ / A$220,000+. Accept-at floor: £90,000 / $175,000 / A$145,000 base with at minimum the standard option grant. Use the $200M secondary sale and the Nuapay attack surface expansion as your primary negotiation anchors.
Evidence & Sources:
- GoCardless careers page — Security Engineer listings and information security team structure (2025-2026)
- Levels.fyi — Security Engineer compensation at fintech companies (Stripe, Wise, Adyen)
- Glassdoor — GoCardless security and compliance salary reports (2024-2026)
- GoCardless blog — $200M secondary sale announcement, February 2026
- Nuapay acquisition security implications and open banking compliance requirements (PSD2, SCA)
Ready to negotiate your GoCardless offer?
Get a personalized playbook with exact counter-offer numbers and word-for-word scripts.
Get My Playbook — $39 →