Events  Classes  Deals  Spaces  Jobs 
    Sign in  
GoCardless // online payment processing services
Engineering, Full Time    London, UK    Posted: Thursday, June 06, 2019
Apply To Job

Were looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that invests in a culture of continuous feedback.

You will play a major & leading role in protecting GoCardless through the implementation of security operations programme & have the opportunity to influence & implement cutting-edge measures to prevent, detect & respond to potential cyber security threats.

As a security operations engineer you will play a key role in ensuring GoCardless teams are taking all required steps in operating & building a secure product set including logging infrastructure, security monitoring solutions, anomaly detection, etc.

Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage & lead cross-functionally. You will be working alongside our Product Managers & audit specialists to design & implement measures that will keep GoCardless' products & systems secure.

We work closely with our engineering teams whom are building simple & reliable solutions to complex problems. We keep our development cycles fast, by reviewing & adapting our plans frequently, & by investing in a culture of continuous feedback.

Core responsibilities

  • Providing subject matter expertise on various areas of security, specifically on security operations
  • Experience on security use case development, data source on-boarding & different log management & SIEM technologies (i.e Elastic, Splunk, etc.)
  • Monitoring of metrics associated with security controls to ensure controls are tuned for peak effectiveness
  • Handling of security operations day-to-day activities, troubleshooting & coordinating resolution or restore using the right tools & processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
  • Professionally manage inbound security-related calls & questions, create tickets, run security-related assessments, security-related user complains, & escalate accordingly
  • Providing technical support for on call outside normal business hours (if required)
  • Drive the implementation & dissemination of security KPIs
  • Liaison with teams for security design, incident handling & education
  • Participate in cross-team security initiatives
  • Security tooling selection and/or creation
  • Perform activities with minimal supervision of routine duties, demonstrate ability to solve practical problems & deal with a variety of concrete variables
  • Perform scheduled vulnerability assessments & security testing


  • Minimum of five years of security-related experience
  • Strong analytical & reasoning skills
  • Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM & IDS/IPS, etc.) & its integration into the company systems
  • A proven & strong depth of expertise in security engineering, system & network security, authentication & security protocols, cryptography & application security, with hands-on experience in web applications for critical 24/7 services
  • Must have in depth, hands-on experience with security features & system admin of Linux, UNIX & Windows operating systems
  • Must possess excellent communication skills & ability to cooperate with other business functions
  • Understanding & exposure of message queue latest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka & SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)

Bonus points

  • BSc/MSc in Computer Science or a related field, or equivalent work
  • Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
  • A comprehensive knowledge of web application security,
  • Experience in cloud services (GCP, AWS, etc.)
  • Sound knowledge of the OWASP Top 10 & how they can be prevented
  • Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.)
  • Awareness & experience of the Data Protection Act, ISO 27001 & PCI-DSS
  • Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
  • Forensic certifications or experience

Our team come from a variety of backgrounds & we welcome diversity if youre unsure, please apply.

Apply To Job
© 2019 GarysGuide      About    Feedback    Press    Terms
Sponsor Gary's (World Famous) Red Tie