Product Security Engineer

Fully remote or office based in White City, West London if preferred

Bupa medical & dental, pension, health & life insurance, flexible hours

£50,000 to £80,000 plus equity/shares

Full-time

,

Permanent

Reference:

JD1112

· Negotiable salary of 50k to 80k

· Generous equity/share options, Bupa medical & dental, company pension, health & life insurance, flexible hours, refreshments, onsite parking, regular company holidays/events

· Fully remote or office based in White City, West London if preferred

· Product Security / Cloud Security / Software Security / PSIRT

· Cyber security platform, deployed across the cloud, machine learning, big data

· R&D environment working on the latest technologies

· Visa sponsorship available


This position can be fully remote, hybrid remote or office based depending on your preference. However, applicants need to be living in the UK (or willing to relocate to the UK) and ideally within 3 hours of White City, West London as occasional visits to the office will be required.


Are you looking for a challenging role, working on the latest technologies and where you can make an immediate impact on product development? This innovative company uses the latest advancements in machine learning and artificial intelligence to create cloud-based cyber security solutions which offer immediate end to end protection, preventing data loss and protecting reputation. This is an excellent opportunity to join a talented and highly experienced team working on bleeding edge software design.


The role

Joining the Product Security Incident Response Team, you will assist with security aspects, tools and processes for the products during design, implementation and delivery, including:


· Helping to improve the Secure Software Development Lifecycle and meet ISO27001 goals

· Consulting with vendors of third-party security tools or building your own if needed

· Working with the development team, helping guide threat modelling of new features, running internal red team activities and improve security focused testing

· Raising new security related feature requests and implementing new ideas

· Work closely with external, internal, customer and third-party security teams/penetration testers to help ensure the security the products

· Drive the pre-existing Incident Response process when problems are found and implement fixes in line with response targets

· Find and fix issues, working with members of the PSIRT team or using your own initiative

· Where patterns emerge, suggest new approaches and tools to avoid similar failures


Experience/skills required (some or all of the following)

· A good understanding of security and software development, working within PSIRT

· Knowledge and use of security scanners, concepts of threat modelling and Confidentiality, Integrity and Availability

· Understanding of web security fundamentals

· Cloud environments and their security implications

· Familiarity with common problems found in software development (OWASP Top Ten)

· Understanding of the software build process, static analysis and Continuous Integration

· Practical understanding of how data is protected at rest and in transit, including the particulars of TLS, PKI, encryption, key management, identity management or RBAC

· Writing threat models (STRIDE)

· Dealing with vulnerabilities when they have been found and suggesting fixes

· Experience with Golang, Linux, Docker, Kubernetes, Google Cloud or GKE

· CompTIA Security+ or equivalent

· Knowledge of trusted computing