Application Security Engineer - London
Python expereince is essential.
As an Application Security Engineer, you'll join a team and play a key role in contributing to our wider goals and helping our members by securing key systems.
You could be diagnosing vulnerabilities in our code and developing key technology processes and internal development tooling to help ensure all engineers are developing secure code. You'll help us grow quickly by leveraging your knowledge and technology, sharing that across our engineering teams and imparting your web application security knowledge across the guild. We value empathetic, collaborative people who are always looking to improve our products and processes.
We like to act quickly and improve our products by using data and insights gained from our members' experience using our services.
What you'll do
* Lead the cross-technology security champions network to improve security practices across our products and services
* Lead the threat modelling process for new products.
* Pair with developers on security code reviews, imparting secure development practices while you find and help remediate vulnerabilities
* Track the security of third-party libraries and managing the integration of urgent vulnerability mitigations
* Work on our internal development frameworks to build systemic solutions for vulnerability types and to shield developers from places where third-party code wasn't designed with safe defaults
* Manage external code reviews for high-exposure projects
* Integrate security analysis (SAST, DAST) into our continuous integration process and help developers work with it
* Build security-critical product infrastructure like key management for column-level control of data access by microservices
Who you are
* 3-5 years work experience in application security
* Hands-on experience with:
- Professional development in Typescript Node.js and Python 3
- Web and service level security vulnerabilities and bug-class-killing mitigations
- Building effective controls into a Continuous Integration pipeline
- Auditing code for security and communicating vulnerabilities and mitigations
- Technologies such as GraphQL, Koa, React, JWT, GCP, Kubernetes, Docker
- Library design, particularly in seeing libraries as a designed user interface for developers
- Deploying and tuning Static Application Security testing (SAST) eg. ShiftLeft, Veracode
- Deploying and tuning Dynamic Application Security testing (DAST) eg. Veracode, Netsparker
- Artifact repository managers and dependency management eg. Artifactory, renovate
- Ability to thrive and succeed in a dynamic, fast growing, startup environment
- Experience with training and coaching development teams
- Able to act as a cheerleader and champion for security
- Strong written and verbal communication skills
On top of being part of a friendly and dynamic environment, you'll get:
* 12 weeks of full pay for maternity, paternity or adoption leave
* Competitive salary, discretionary share options and bonus
* 33 days holiday a year (including bank holidays) and the option to buy up to 5 more
* Healthcare with Vitality after passing probation, life insurance, and a pension plan with employer contributions
* One month sabbatical leave after your first year
* Visa sponsorship and relocation allowance
We're currently working remotely to protect our team during the coronavirus pandemic. This role is based in our London office and we'll return on an ad-hoc basis once lockdown restrictions have eased