- London, England, Großbritannien
- Festanstellung, Vollzeit
- 21 Mär 19
We're looking for talented security engineers to help us reimagine how payments software looks and works.
This position plays a key role in ensuring GoCardless teams are taking all required steps in building a secure product set.
You'll play a major and leading role in protecting GoCardless against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities.
Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.
About GoCardless engineering
At GoCardless we find creative ways to deliver simple solutions to complex problems. We do this by keeping our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.
We are looking for people who share our desire to build high quality products that put customers at the forefront of our development. As a member of our engineering team you will build and improve our products, add new features, and work closely with other teams across the company to define our engineering roadmap and to understand what is most important to the customer.
We value learning and feedback and are committed to encouraging and supporting each other's professional growth. Moreover, we believe in sharing our knowledge with and contributing to the wide tech community. We frequently host meetups, hackathons, and we open source projects we are proud of.
- Implement measures to secure and protect the GoCardless products and systems.
- Perform design reviews and Threat modelling of GoCardless services and products
- Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
- Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
- Liaison with development teams for design, code reviews & education
- Participate in cross-team security initiatives
- Contribute in the formulation of our security strategy
- Drive the implementation and dissemination of security KPIs.
- Security tooling selection and/or creation.
- BSc/MSc in Computer Science or related field, or equivalent work experience.
- Experience with vulnerability testing and auditing techniques
- Experience with multiple programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
- Strong analytical and reasoning skills
- A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services.
- Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
- A comprehensive knowledge of Web application security,
- Experience in Penetration testing
- Experience in security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.) and its integration into the company systems.
- Experience in cloud services
- Sound knowledge of the OWASP Top 10 and how they can be prevented
- Knowledge of the latest industry threats
- Experience of performing security design reviews, threat modelling and risk assessments
- Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
- Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS