Were looking for talented security engineers that love working in a fast paced environment & in a culture of continuous feedback.
You will play a major role in implementing our security operations programmes by using cutting-edge measures to prevent, detect & respond to potential cyber security threats.
You are empowered to engage & lead cross-functional initiatives - whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics. You will be working alongside our Product Managers & audit specialists to design & implement measures that will keep GoCardless' products & systems secure.
We work closely with our engineering teams who are building simple & reliable solutions to complex problems. We keep our development cycles fast, by reviewing & adapting our plans frequently, & by investing in a culture of continuous feedback.
- Provide subject matter expertise on various areas of security, specifically on security operations
- Develop security use cases, onboard data sources, manage logging & SIEM technologies (i.e Elastic, Splunk, etc.)
- Monitor metrics associated with security controls to ensure controls are well tuned
- Handle security operations day-to-day activities, by troubleshooting & coordinating resolution (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
- Professionally manage inbound security-related calls & questions, create tickets, run security-related assessments, security-related user complaints, & escalate accordingly
- Provide technical support for on call outside normal business hours (when required)
- Drive the implementation & dissemination of security KPIs
- Liaise with teams on security design, incident handling & education
- Participate in cross-team security initiatives
- Select & assess capabilities & features of security tooling
- Perform scheduled vulnerability assessments & security testing
- Minimum of five years of security-related experience
- Strong analytical & reasoning skills
- Experience in security tooling (Endpoint Security, DLP, Web/Network Scanners, SIEM, IDS/IPS, etc.) & its integration into the company systems
- A proven in depth expertise in security engineering, system & network security, authentication & security protocols, cryptography & application security
- Hands-on experience in web applications for critical 24/7 services
- In depth, hands-on experience with security features & system administration of Linux, UNIX & Windows operating systems
- Excellent communication skills & ability to cooperate with other business functions
- Understanding of & exposure to the latest message queue technologies such Syslog, Fluentd, GCP PubSub, Logstash & SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)
- Exposure with at least one scripting / programming language (i.e Python, Ruby)
- Professional security qualifications (e.g. CISSP, Offensive Security, GIAC, etc.)
Our team come from a variety of backgrounds & we welcome diversity if youre unsure, please apply.