Moonpig Group
,
London, Greater London
Senior Product Security Engineer
Overview
Job Description
Senior Product Security Engineer Our Covid-19 Statement: We understand that the current environment is one that causes concern and worry. We want our applicants to know that we are committed to the recruitment and onboarding process for this role and so the experience will be reflective of our culture of embracing change, agility in our processes and putting our people first. This means the hiring (and potentially onboarding) of this role will be done completely remotely. We will work with our candidates to make this process as smooth and accessible as possible. How does innovating secure development practices for our products at Moonpig and Greetz sound? Following Moonpig and Greetz recently splitting from Photobox Group to form Moonpig Group, a genuinely exciting opportunity has been created as we build out our product security capabilities in our fast-growing, fast-moving technology company. With millions of customers trusting Moonpig and Greetz to help them celebrate their special occasions, you will be one of the most important parts in ensuring we protect that trust. Reporting to our Heads of Security you will work directly with teams, in all stages of the development lifecycle. Key Responsibilities * Contribute to the development of the product security roadmap and strategy. * Boost, build and innovate our security tools in our DevOps pipeline / processes. * Educate and empower those around you on security topics to increase understanding of vulnerabilities and how to prioritise and remediate. * Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment. * Drive security testing (both individually and adoption within engineering) of our products using both structured and explorative approaches to identify vulnerabilities early on in our product lifecycle . * Support during incidents and crisis management meetings by providing SME support About you * A positive, collaborative and pragmatic attitude * Strong knowledge of application security and initiatives such as OWASP * Understanding of cloud infrastructure eg. AWS, Azure, Google Cloud, etc. * Strong grasp of infrastructure-as-a-code and configuration tools, e.g.: Ansible/Chef, Terraform/ Cloudformation for the purpose of deploying security tooling * Knowledge of extracting metrics and events from security tooling * Experience working with and securing microservices in multiple languages * Advanced understanding of secure coding principles and and how to apply them * Development experience such as building websites, REST APIs, microservices * Experience implementing SAST and/or DAST within a CI/CD environment * Understanding of application security tools such as WAFs * Understanding of cryptography, authentication, authorization We are also keen to speak to candidates currently in software engineering roles looking to move into Cyber Security. If this is you, please apply! Benefits Want to hear more about Moonpig and our benefits? Take a look at our dedicated hiring site We are an equal opportunity employer and value diversity at our company. We will not discriminate on the basis of sex, race, marital status, disability, age, sexual orientation or religion