Security Engineer

IT Operations Full Time London

About us

We’re a bunch of techies, creatives and friendly finance folk, who’ve run our own businesses and side gigs – and helped others do the same. So we’ve come together, with Santander’s backing, to shake things up.

What if doing expenses from paper receipts was as simple as snapping a selfie? And you could get a clear view of your finances with a simple heads-up?

We’re here to save you time. Cut headaches. Smooth hassles. To make repetitive admin, endless paperwork, and tedious typing into spreadsheets, a thing of the past.

So we’ve created a place – for quick answers and inspiration. Business owner to business owner. A growing resource from people who go through the same as you.

And we’re making an app – your pocket business helper. Always on hand to make working life simpler.

The Role

The Purpose of this role is to work with the Development team to design and develop a greenfield digital product, with a keen eye for scalability. You will shape the information security landscape and implement the application IT controls, providing design review and approval for new products and services.

Key Responsibilities

Specifically this role will focus and responsibility will be the following themes:

  • Act as the subject matter expert for securing application development across a range of platforms (iOS, Android, Cloud Infrastructure)
  • Conduct rapid risk assessments as part of the development lifecycle to consider control implementation during development
  • Ensure the confidentiality, integrity and availability of a DevOps Pipeline (including technologies such as Code Repositories, CI, Containers, Orchestration platforms)
  • Develop the protection mechanisms inherent in native cloud environments, particularly AWS (e.g. CloudTrail, GuardDuty, IAM rules, virtual network setup)
  • Ensure that API integration is conducted in a secure manner
  • Develop Security test cases to implement into CI tooling
  • Monitor and test the development and production environment through a range of static, dynamic and semi-automated vulnerability or penetration testing
  • Ensure security stories are fed into the backlog and developed as part of sprints
  • Apply OWASP ASVS standards
  • Remain at the forefront of technology and strive to remain current

Experience

  • Significant experience in IT security threats and control strategies, particularly within a mobile and cloud-based environment.
  • Demonstrable experience of working effectively in an agile DevSecOps environment
  • Experience within FinTech or start-up environments are beneficial but not a must.

Personal Skills

  • Passionate about working as part of a team to develop a product from scratch
  • Ability to make pragmatic decisions surrounding security controls and can defend logic when tested”

Qualifications

The following certifications may assist you in role:

  • AWS Certifications (Developer, Architect)
  • OSCP/OSCE
  • Java/Swift development experience