Senior Application Security Engineer

London, England, United Kingdom

Applications have closed

Zoopla

Search for property with the UK's leading resource. Browse houses and flats for sale and to rent, and find estate agents in your area.

View company page

Join Zoopla, and help us re-imagine the property industry!

We have a bold vision to digitize the entire home owning and buying experience.
We’ve doubled our team in a year, and our new suite of products are delivering fantastic initial results for our customers.

You’ll work in a truly cross-functional, agile engineering team, alongside a quality engineer, data analyst, a product owner, designer, and delivery manager. With this skill set and support, your team is empowered to work autonomously to define ambitious goals, and deliver them.

We’re on a journey to re-define Zoopla class engineering. On the front-end you’ll likely work with React and TypeScript. On the backend it’s mainly Node.js, GraphQL, and Python, with occasional Go, C#. Our data stores include SQL and NoSQL, and you’ll be guided by our data and SRE teams. You’ll work in AWS, GitHub/GitLab, CI, and increasingly with serverless technologies. We also have occasional support work for our classic Perl/Mason app.

Our salaries and bonuses are competitive, and our exceptional employee benefits are rated 4.4/5 on review sites.

Requirements

What we’re looking for in Zoopla Engineers:

  • You’ve honed your engineering craft, and practice writing maintainable code, code review, pair programming, automated testing.
  • You’ll have worked with cloud tech, preferably AWS, and when called for, you’ll be willing to flex across the whole stack.
  • For more senior roles, you will have achieved the above while teaching others, influencing your team and organisation.
  • To join the team you must exhibit the Zoopla behaviours - such as ‘own it,’ ‘build together’, and ‘set the standard.’
  • We take diversity and inclusion seriously, and to succeed here, you must too.


And specifically as a Security Engineer:

  • You have experience driving application security into the software development lifecycle by performing security threat modelling, risk assessments, and using vulnerability management to help prioritise risks.
  • You are able to work with individuals at all levels in a wide array of business functions to implement mitigations and resolutions using industry standard approaches.
  • You will be able to educate software engineers on application security best practices and secure coding techniques, helping to shift security left in the development lifecycle.
  • Application security at Zoopla sits within SRE, so the ability to collaborate and work with SRE’s to help develop tools to monitor and troubleshoot/resolve security or compliance related issues.
  • Familiarity with security best practices associated with containers, serverless and distributed systems.
  • You will be knowledgeable and comfortable with Agile development practices, and have strong programming ability in any modern language. The application security team uses Python, Perl and Git.
  • You have experience working with software engineering teams and providing insight during security events, including communication findings to stakeholders at all levels of seniority.
  • Passionate about cloud technologies, and remains up to date with the latest security trends. Ability to design, develop and maintain the security of cloud environments.
  • Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR
  • Familiar with internet security issues, OWASP top 10, threat landscape especially on cloud providers
  • Familiar with application security initiatives such as Mitre/OWASP etc.
  • You will have experience of implementing a security model using Terraform deployed with a pipeline, and experience implementing security testing into the deployment pipeline.
  • Knowledge of working with and developing tools like prowler, cloud custodian and image hardening according to CIS benchmarks

We especially want to hear from you if you have in depth experience in one of the following:

  • Experience implementing and rolling out a SIEM, and/or SOC
  • Experience rolling out distributed policy reviews
  • Experience as an architect exclusively in AWS

All qualified applicants will be considered, without regard to race, colour, nationality, religion, sexual orientation, gender, gender identity, age, disability, health, or time unemployed.

Benefits

  • 25 days holiday + Bank Holidays
  • Private health and dental
  • Gym on site in London – or membership in regional offices
  • Up to 7.5% pension contribution by the company
  • Free breakfast and afternoon snacks
  • Discretionary annual bonus up to 10% of base salary
  • Birthday day off, move house day off
  • Training and development
  • Referral bonus up to £5K

Check out a full list of our benefits and perks here

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Application security AWS C Cloud Compliance GDPR GitHub NIST Node.js NoSQL OWASP Perl Python SIEM SQL Terraform TypeScript Vulnerability management

Perks/benefits: Competitive pay Fitness / gym Health care Salary bonus Team events

Region: Europe
Country: United Kingdom
Job stats:  22  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.