(Senior) Product Security Engineer
London, United Kingdom
SumUp
4 million small businesses use SumUp to run their business. Explore our affordable payment solutions and easy to use point-of-sale solutions.(Senior) Security Engineer - Product Security
As a Security Engineer, you’ll help us ensure that we’re taking all the required steps to build a secure product set and protect our production environments from ever-evolving cyber threats. You'll play a key role in our product engineering ecosystem and partner with engineers from various tribes and squads to oversee the security of our products and features. You’ll be influencing implementation of cutting-edge measures to minimise exposures and vulnerabilities while actively training and educating the engineers on security best practices and latest developments. We will look toward your unique skills to approach and solve problems in your own way while ensuring alignment with our global strategic directions. Whether engineering a system to address a technical security hurdle, protecting the customers' data, or consulting on a wide range of security topics, you are fully empowered to autonomously drive the engagement and promote security best practices cross-functionally.
What you’ll do
- Own and drive engagement with our engineering tribes while ensuring continuous security posture improvements across the product landscape
- Proactively detect security deficiencies and flaws in our products and features across software development stages, drive the remediation and improvements and ensure knowledge sharing
- Perform architectural design reviews and threat modelling exercises of SumUp web/API/mobile solutions and advise on security best practices
- Perform vulnerability assessments and security testing
- Provide subject matter expertise on all areas of security and privacy throughout the software development lifecycle
- Liaise with software development teams for design, code reviews and education and be a security go-to person
- Implement and review controls to protect data and systems
- Assist in company-wide security initiatives
You’ll be great for this role if
- You have a proven and strong depth of expertise in cyber and information security. ideally with hands-on experience in web and mobile security for critical 24/7 applications
- You’re experienced with security in a DevOps environment and have knowledge of agile methodologies (e.g. sprints, Kanban).
- You have a comprehensive knowledge of Web/API application security, and cloud and containers technology (Kubernetes, AWS).
- Experience of using AWS is essential for this position.
- You have experience in penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.).
- You’ve performed security design reviews, threat modelling and risk assessments.
- You carry good analytical and reasoning skills with a passion for technology, the internet economy and mobile applications.
- You have extensive knowledge of Internet security issues, cloud architectures, and threat landscape.
Why you should join SumUp
- We’re a truly global team of 3000+ people from 60+ countries, spread across 3 continents.
- You'll have the opportunity to make an impact as we work in flat hierarchies.
- You'll attend global offsites and regular team events.
- You’ll receive a budget for attending conferences and external training.
About SumUp
We believe in the everyday hero.
Small business owners are at the heart of all we do, so we're creating tools that help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America and the United States work together to ensure that the small business owners we partner with can be successful doing what they love.
#LI-PD1
Job Application Tip
We recognise that candidates (especially female candidates) feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security AWS Cloud DevOps Kanban Kubernetes Mobile security Pentesting Privacy Product security Vulnerabilities
Perks/benefits: Career development Conferences Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs