Security Engineer - Application Security

Peakon ,
London, Greater London

Overview

Job Description

Were a team driven by the belief that we can change the world of work. We believe and hear from our customers every day that when an organisation understands itself better it can create more fulfilling jobs, and grow in ways never before imagined. Enterprises big and small trust our products to provide visibility and clarity in areas once characterised by hearsay and uncertainty. With the insights delivered by Peakon, these organisations become more agile, responsive, and able to make the changes and investments that their employees care about most. Were in the business of creating great places to work, so it should be no surprise that this is our highest priority at Peakon. With ambitions as big as ours, we see individual growth and development as the key strategy for growing our business. Trust and transparency guide everything we do. At Peakon youll find an open salary model, unlimited vacation, and autonomy to execute your own ideas. Our style of collaboration is based on honesty and friendship, and we always love making new friends. Responsibilities As the Peakon engineering team grows, we are looking for a Senior Security Engineer to take on the responsibility of defining, implementing and overseeing the technical implementation of internal and external security processes, both during application development and in the daily operations of Peakon. You will be supporting the engineering team with security guidance and help provide training to make sure security is top of mind in every aspect of the daily work. You will ensure that our systems meet the security and privacy expectations of our customers and are compliant with existing legislation. Our customers trust us to keep their data safe, and as Peakon grows, their trust will continue to be a top priority for the business and this role. Additionally, you will be in charge of our external efforts to detect vulnerabilities and deter threats, including managing our bug bounty program, monitoring & alerting, intrusion detection and more. You will spend significant time supporting the rest of the business on security-related matters, and work closely with our legal and sales teams in making sure our customers trust us at every point of their journey with Peakon. The tech We make it a priority to stay on the cutting edge of tech. We are highly motivated by learning and growing in our roles, and constantly evolving is a key part of that. The tech stack of Peakon centers around Javascript, with Node on the server and React/Angular on the frontend. We believe there is great value in a shared toolchain across the stack, enabling engineers to work on all parts of the system. Some tasks are better solved with different tools, and thus we use f.ex. Python for the data science parts of the system. We are big fans of new JavaScript language features like async/await, and have made it a priority to stay up to date with the latest versions of Node. We are primarily hosted on Heroku and AWS, with an increasing number of our services moving to the latter. We use PostgreSQL (through RDS), Redis and ElasticSearch for storage. We rely heavily on automated testing on all levels of the application, with thousands of tests checking every commit to our code base. We use CircleCI for hosted continuous integration to make sure our most recent changes are always available to test, and we deploy code to our production environment on a daily basis. Requirements You are an engineer at heart, with a deep technical understanding of operating systems and web applications. You stay up to date on the latest news and technology trends and keep yourself informed about current security best practices. You have a mix of engineering and security experience, perhaps working as a security engineer at a medium- or large-size company. You are looking to join a smaller team where you can drive the security roadmap and have a big impact on the company and its customers. You are self-organizing, process-oriented and able to work independently to complete tasks and projects. You are a great communicator, used to interacting with many different parts of a business. Our ideal candidate has * At least 5 years experience with application security and experience assessing the security impact of new products, features, systems and tooling * Experience in at least 1 programming language, preferably JavaScript * Experience in operating security tooling and scripting * Experience implementing systems for monitoring and threat detection/mitigation * Experience with incident and response management * Experience with pentesting and/or bug bounty programs * Experience with external security audits and certification procedures * A great communicator; comfortable interacting with many different parts of a business * Experience working with product engineers and management in an agile environment * An interest in DevSecOps We welcome your application even if you do not meet all of the criteria listed above, but ar