(Senior) Product Security Engineer

(Senior) Security Engineer - Product Security

As a Security Engineer, you’ll  help us ensure that we’re taking all the required steps to build a secure product set and protect our production environments from ever-evolving cyber threats. You'll play a key role in our product engineering ecosystem and partner with engineers from various tribes and squads to oversee the security of our products and features. You’ll be influencing implementation of cutting-edge measures to minimise exposures and vulnerabilities while actively training and educating the engineers on security best practices and latest developments. We will look toward your unique skills to approach and solve problems in your own way while ensuring alignment with our global strategic directions. Whether engineering a system to address a technical security hurdle, protecting the customers' data, or consulting on a wide range of security topics, you are fully empowered to autonomously drive the engagement and promote security best practices cross-functionally.

What you’ll do

• Own and drive engagement with our engineering tribes while ensuring continuous security posture improvements across the product landscape
• Proactively detect security deficiencies and flaws in our products and features across software development stages, drive the remediation and improvements and ensure knowledge sharing
• Perform architectural design reviews and threat modelling exercises of SumUp web/API/mobile solutions and advise on security best practices
• Perform vulnerability assessments and security testing
• Provide subject matter expertise on all areas of security and privacy throughout the software development lifecycle
• Liaise with software development teams for design, code reviews and education and be a security go-to person
• Implement and review controls to protect data and systems
• Assist in company-wide security initiatives

You’ll be great for this role if

• You have a proven and strong depth of expertise in cyber and information security. ideally with hands-on experience in web and mobile security for critical 24/7 applications
• You’re experienced with security in a DevOps environment and have knowledge of agile methodologies (e.g. sprints, Kanban).
• You have a comprehensive knowledge of Web/API application security, and cloud and containers technology (Kubernetes, AWS).
• Experience of using AWS is essential for this position.
• You have experience in penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.).
• You’ve performed security design reviews, threat modelling and risk assessments.
• You carry good analytical and reasoning skills with a  passion for technology, the internet economy and mobile applications.
• You have extensive knowledge of Internet security issues, cloud architectures, and threat landscape.

Why you should join SumUp

• We’re a truly global team of 3000+ people from 60+ countries, spread across 3 continents.
• You'll have the opportunity to make an impact as we work in flat hierarchies.
• You'll attend global offsites and regular team events.
• You’ll receive a budget for attending conferences and external training. 

About SumUp

We believe in the everyday hero.

Small business owners are at the heart of all we do, so we're creating tools that help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America and the United States work together to ensure that the small business owners we partner with can be successful doing what they love. 

#LI-PD1

Job Application Tip

We recognise that candidates (especially female candidates) feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.