Application Security Engineer

TrueLayer ,
London, Greater London

Overview

Job Description

At TrueLayer, security is at the foundation of our product. By championing the best security practices across the business, our Security Engineers empower both their colleagues and our clients, and ensure the availability, stability and security of our API platforms. Were looking for an ambitious Application Security Engineer to join our Security team. As our Application Security Engineer, you will be our reference for all matters related to application security. Well give our Security Engineers the chance to work with colleagues hailing from leading international tech companies and consultancies. They will quickly be given hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities, and will play a key part in our ambitious international expansion. Who we are: At TrueLayer, were making finance work smarter for everyone by enabling secure, global access to the financial system. Headquartered in London with offices in Milan and Hong Kong, weve raised $47M to date and were trusted by some of the biggest names in fintech, including Monzo, Revolut, and Zopa. Our people are what makes us great - at TrueLayer, you will work alongside some of the brightest minds in fintech and contribute to projects that have global impact. As we enter hyper-growth and expand our open banking platform across Europe and Asia, were looking for talented individuals who share our core principles to join us. Our mission is to grow the open banking economy. Were currently the leading open banking provider in the UK, and were just getting started What you will do: * Be involved in threat modelling our services during the design phase, to ensure security is taken into account as early as possible; * Perform source code reviews of our projects; * Pro-actively test the security posture of our APIs, from an attackers perspective; * Help integrate application security testing into our CI/CD pipeline; * Improve and drive application security monitoring. Requirements Were looking for people who: * Have multiple years of experience in application security; * Are thoroughly proficient with at least one scripting language, and one object-oriented programming language; * Have a clear understanding of modern development environments: we practice CI/CD and host everything in the cloud; * Are experienced working with Kubernetes and Docker * Can show a good understanding of the common vulnerabilities affecting modern environments; * Have good knowledge of applied cryptography; * Can demonstrate exceptional communication skills, with a talent for conveying highly technical security concepts to colleagues of technical and non-technical backgrounds. Nice to have : * A blog, GitHub account and/or bug bounty findings that demonstrate your experience. Benefits What you can expect from us: * Competitive salary and meaningful equity in the company * A lovely, spacious, natural light filled office in Clerkenwell * Team lunches on Friday * Flexible hours and remote working * Flexible holiday policy * Generous parental leave * Pension & Health Insurance * Learning & development allowance * Annual retreat & regular team socials * Choice of hardware * (and yes we have both a ping pong table and pool table ) Be your True(Layer) self at work As we go global, we want our team to reflect the diverse and multicultural world we live in. So, we choose to talk about Inclusion and Diversity [in that specific order] because we believe Diversity wont be successful without Inclusion first. We build teams, cultivate leaders and create a company thats the right fit for every person in it. We look forward to hearing from you! Please note, we don't accept applications from recruitment agencies - thank you!