Application Security Engineer

Zoopla ,
London, Greater London

Overview

Job Description

At Zoopla we want to help everyone make intelligent home buying decisions. We are building a team that will have the once in a career opportunity to re-imagine our industry. The interesting stuff... * You will have spent lots of quality time with your IDE of choice, deeply learning the powerful idioms and important idiosyncrasies of multiple programming languages and their ecosystems. We like to code mostly in Golang, Python, Node.js / JavaScript, .NET Core and Perl here, but we're open to all. * You will ideally know AWS as well as you know your best friend, although it's great if you're good friends with other cloud services, too. * You will have diligently practiced your engineering craft, mastering your skills in techniques such as TDD, refactoring, clean code and pair programming. * You will have implemented CI pipelines and automation, championed the quality and deployment benefits of both to others. * The product(s) you've built will have delighted users (perhaps millions of them!) while being stable, performant, observable and supportable. * If you've played a role in designing and implementing new architectures and technical strategies, while also looking after existing technology real estate, you'll fit in great. * Importantly, if you're looking for a senior role with us, you will have achieved many of the things above while also teaching others, influencing your team and organisation, and maybe even sharing your journey and knowledge publicly. Why Zoopla... * We're serious about tech but we don't take ourselves too seriously. * We are spiritually agile, not religiously agile. * We strongly believe in the value of good design. We believe it is a primary differentiator in an increasingly crowded marketplace. * We believe in the value of data. We run a team that is data informed. We think being data-driven is soulless and dangerous. Clean, confident, clear data combined with the insights of the team is what drives our decisions. * We want to build small, collaborative, cross-functional teams that push each other to create elegant, simple solutions to difficult customer problems. * No matter what the role we want everyone to be obsessed with getting inside the minds of our customers. How do you know we're the best place for you? * You strive to set the standard and are always looking to raise the bar and want to be surrounded by others who do so as well * You enjoy knowing your customer * You want to build things together, collaboratively with your team * You want to own it; to have ownership and accountability for the outcomes of your effort * You value sharing and committing to discussions and debates with your teammates * And if you want to come help us re-imagine an industry Requirements * You will drive security into the software development lifecycle by performing security threat modelling, risk assessment, and vulnerability management and working with software engineering teams to implement mitigations and resolutions. * You will have experience of implementing a security model using Terraform deployed with a pipeline, and experience implementing security testing into the deployment pipeline. * Passionate about cloud technologies, and remains up to date with the latest security trends. Ability to design, develop and maintain the security of cloud environments * You will be able to educate software engineers on application security best practices and secure coding techniques, helping to shift security left in the development lifecycle. * Collaborate and work with SRE's to help develop tools to monitor and troubleshoot/resolve security or compliance related issues. * Familiarity with security best practices associated with containers, kubernetes and distributed systems * You will be knowledgeable and comfortable with Agile development practices, and have strong Python, Golang, Javascript/Typescript or Perl skills and experience with source control (ideally Git). * You will be comfortable working with cloud provider APIs like Boto3 * Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR * You should have experience of implementing vulnerability management and SIEM as well as routinely pen testing environments and remediating security issues as they are found * Familiar with internet security issues, OWASP top 10,threat landscape especially on cloud providers * Knowledge of working with and developing tools like prowler, cloud custodian and image hardening according to CIS benchmarks