Senior Application Security Engineer

Last updated 1 hours ago
Location:Greater London
Job Type:Full Time

About Us

GoCardless is on a mission to take the pain out of getting paid, so our customers can focus on what they do best. With the world shifting to a Subscription Economy, GoCardless is powering recurring payments across the globe via our world-first payments network. We’ve cut out the intermediaries by linking together direct debit schemes from around the world to create a simple way of pulling payments directly from customers’ bank accounts.

We process more than $15bn a year, for over 50,000 businesses in more than 30 countries, and we’re growing fast. Our API powers recurring payments for companies like Survey Monkey, Bulb and the Financial Times. It also enables partners including Xero, Quickbooks and Sage to help small businesses to save countless hours spent chasing customers for payments.

We're primarily built in Ruby on Rails, JavaScript and Golang, and we rely on Postgres, ElasticSearch and Kubernetes running on Google Cloud Platform.

Our Security and Privacy Engineering team is here to make sure that we remain a secure and trusted partner for all of these businesses as we grow. We believe security and privacy works best when it is part of the product, so we focus on inspiring autonomous teams to take shared responsibility for security and privacy.

The role

As a Senior Security Engineer you will enable teams to take ownership of the security & privacy of their service by; collaborating to set standards, providing advice on specific projects and performing hands-on security testing. You will also work closely with the Director of Security & Privacy Engineering to ensure the continued evolution of our security and privacy strategy.

You will be someone who has experience securing a cloud native environment, and in particular in embedding standards in engineering functions so that product teams can take the lead in building security and privacy into what they do.

Your background should include either developing application security programmes in a devops environment, or application security testing. In either case, you will be comfortable writing scripts to automate tasks and conducting security related testing.

We want you to be part of explaining security to our merchants and partners, so you will need to be comfortable communicating security and privacy to a broad audience.

In this role you will:

  • Work with internal stakeholders to agree security and privacy standards based on industry best practices and develop roadmap which balances our risk appetite with engineering realities.
  • Perform design reviews and threat modelling of GoCardless services and products
  • Perform vulnerability assessments and security testing (we’ll expect you to already know the type of security vulnerabilities a company like ours faces)
  • Provide subject matter expertise on areas of security throughout the software development lifecycle
  • Help and incentivise development teams to work with a security mindset
  • Lead cross-function security initiatives
  • Automate and continually improve our approaches through development of tooling and procedures
  • Work closely with our sales teams to respond to Requests for Proposals

What we have to offer:

Among other things:

  • Focus on your growth and development: regular discussions with your manager about your personal goals, feedback, coaching, learning and conference budget.
  • A clear career progression: opportunities for growth and leadership aligned to our competencies framework.
  • Ownership and autonomy: we give people problems to solve rather than specifications to implement, end to end ownership (deciding on the solution, implementing it, releasing it, maintaining it)
  • Good work-life balance

About us

GoCardless embraces diversity and is proud to be an equal opportunity employer. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.

We offer a varied package of flexible working and benefits policies. From flexible working hours and working from home arrangements, through to enhanced parental leave, pension packages and equity. GoCardless has a very family and work-life balance orientated environment. Our team comes from a variety of backgrounds and we embrace diversity – if you’re unsure, please apply.

In response to the COVID-19 pandemic, everyone at GoCardless has shifted to remote working since mid-March and will continue to work remotely until the end of the year. We are committed to support all employees during this time and continue to monitor the situation closely. Some of the actions we’ve taken to support the wellbeing of our employees as we transitioned to and continue working in a remote set-up are: subsidised home office equipment, remote workstation assessments, and remote wellbeing and social activities to stay in touch.