Were looking for talented security engineers that can continue to build a secure GoCardless in a fast paced environment that invests in a culture of continuous feedback.
You will play a major & leading role in protecting GoCardless through the implementation of security operations programme & have the opportunity to influence & implement cutting-edge measures to prevent, detect & respond to potential cyber security threats.
As a security operations engineer you will play a key role in ensuring GoCardless teams are taking all required steps in operating & building a secure product set including logging infrastructure, security monitoring solutions, anomaly detection, etc.
Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage & lead cross-functionally. You will be working alongside our Product Managers & audit specialists to design & implement measures that will keep GoCardless' products & systems secure.
We work closely with our engineering teams whom are building simple & reliable solutions to complex problems. We keep our development cycles fast, by reviewing & adapting our plans frequently, & by investing in a culture of continuous feedback.
- Providing subject matter expertise on various areas of security, specifically on security operations
- Experience on security use case development, data source on-boarding & different log management & SIEM technologies (i.e Elastic, Splunk, etc.)
- Monitoring of metrics associated with security controls to ensure controls are tuned for peak effectiveness
- Handling of security operations day-to-day activities, troubleshooting & coordinating resolution or restore using the right tools & processes (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
- Professionally manage inbound security-related calls & questions, create tickets, run security-related assessments, security-related user complains, & escalate accordingly
- Providing technical support for on call outside normal business hours (if required)
- Drive the implementation & dissemination of security KPIs
- Liaison with teams for security design, incident handling & education
- Participate in cross-team security initiatives
- Security tooling selection and/or creation
- Perform activities with minimal supervision of routine duties, demonstrate ability to solve practical problems & deal with a variety of concrete variables
- Perform scheduled vulnerability assessments & security testing
- Minimum of five years of security-related experience
- Strong analytical & reasoning skills
- Experience in other security tooling (Endpoint Security, Web/Network Scanners, SIEM & IDS/IPS, etc.) & its integration into the company systems
- A proven & strong depth of expertise in security engineering, system & network security, authentication & security protocols, cryptography & application security, with hands-on experience in web applications for critical 24/7 services
- Must have in depth, hands-on experience with security features & system admin of Linux, UNIX & Windows operating systems
- Must possess excellent communication skills & ability to cooperate with other business functions
- Understanding & exposure of message queue latest technologies such Syslog, Fluentd, GCP PubSub, Logstash, Kafka & SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)
- BSc/MSc in Computer Science or a related field, or equivalent work
- Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
- A comprehensive knowledge of web application security,
- Experience in cloud services (GCP, AWS, etc.)
- Sound knowledge of the OWASP Top 10 & how they can be prevented
- Professional security qualifications are desirable (e.g. CISSP, Offensive Security, GIAC, etc.)
- Awareness & experience of the Data Protection Act, ISO 27001 & PCI-DSS
- Exposure with multiple scripting / programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
- Forensic certifications or experience
Our team come from a variety of backgrounds & we welcome diversity if youre unsure, please apply.