GoCardless
,
London, Greater London
Application Security Engineer
Overview
Job Description
We're looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that thrives on regular feedback and automation. You will play a major role in protecting GoCardless through the implementation of application security programme and have the opportunity to influence and drive the implementation of cutting-edge measures to minimise exposures and vulnerabilities. As a security engineer you will play a key role in ensuring GoCardless teams are taking all required steps in building a secure product set including application penetration testing, threat modelling, design reviews, developing our internal tooling and procedures. You are empowered to engage and lead cross-functional initiatives - whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure. We work closely with our engineering teams whom are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback. We're primarily built in Ruby and JavaScript using Rails, and we rely on Postgres, ElasticSearch and GCP. Requirements * Hands on experience with vulnerability testing and auditing techniques * Hands on experience with scripting and proficiency in programming * Strong analytical and reasoning skills * Solid understanding of web application security and security architecture to apply a defence in depth approach * Able to use and interpret the results from security testing tooling such as NMap, Nessus, dig, MITM proxies, wireshark. * Can conduct security testing on networks, applications within both traditional environments and cloud services, vulnerability assessment, web application testing for OWASP top 10 vulnerabilities. * Implement measures to secure and protect the GoCardless products and systems. Core responsibilities * Perform design reviews and Threat modelling of GoCardless services and products * Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces) * Provide subject matter expertise on areas of security throughout the Software Development lifecycle * Help and incentivise development teams to work with a security mindset * Participate in cross-team security initiatives * Automate and continually improve our approaches through development of tooling and procedures You should apply if: * You're passionate about security and technology * You care deeply about building reliable, well-tested and secure systems * You enjoy solving problems and automating responses for recurrent issues * You thrive in a culture of code review * You enjoy working in a diverse company that welcomes innovative and reasoned ways of thinking Our team come from a variety of backgrounds and we welcome diversity - if you're unsure, please apply