Senior Product Security Engineer (Fintech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Product Security Engineer (Fintech): Ensuring security is baked into the products from the very start of their lifecycles, all the way to the end with an accent on security assessments and threat models. Focus on working with new AI-based systems, improving security tools, refining a SLSA strategy, and rolling out an upcoming bounty program.
Location: This hybrid role requires you to come to our London office 2-3 days a week. You'll also have the option of working from abroad for up to 120 days a year* Subject to having the right to work in the country of choice
Company
is a bank that listens to what our customers don’t like about finance and does the opposite.
What you will do
- Be an advocate of security for product owners and engineers.
- Perform web, mobile, and backend security assessments directly.
- Weigh in on technical architecture discussions, ensuring security is considered from the very inception of new features.
- Oversee secure engineering training programmes, keeping our engineers aware of secure engineering practices.
- Integrate security tooling to automate security controls and visualise their results.
- Triage incoming reports and findings from bug bounties and automated tools.
Requirements
- You have experience in offensive security, such as performing security assessments via tools like BurpSuite, nmap, Kali Linux, etc.
- Strong experience in at least web or a mobile OS, with a willingness to learn the other too.
- Fundamental networking and OS knowledge.
- Comfortable threat modelling, assessing the balance between features and security.
- Basic scripting knowledge in at least one language such as Python, JavaScript, or Go.
- Secure coding practices and able to provide detailed guidance about how to fix it and prevent it for future queries.
- Basic cloud infrastructure knowledge.
Nice to have
- Having experience in fintech, especially banks with mobile apps!
- Able to read common tech stack languages not commonly used in InfoSec, e.g. Java and C#.
- On top of knowing security skills, knowing fundamental software engineering practices to ensure modifications to our internal tools stay maintainable.
Culture & Benefits
- Flexible ways of working.
- Value face-to-face collaboration and a good work-life balance.
- Option of working from abroad for up to 120 days a year.
- Workplace free from discrimination.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →