Application Security Engineer

Join Zoopla, and help us re-imagine the property industry!

We have a bold vision to digitize the entire home owning and buying experience.
We’ve doubled our team in a year, and our new suite of products are delivering fantastic initial results for our customers.

You’ll work in a truly cross-functional, agile engineering team, alongside a quality engineer, data analyst, a product owner, designer, and delivery manager. With this skill set and support, your team is empowered to work autonomously to define ambitious goals, and deliver them.

We’re on a journey to re-define Zoopla class engineering. On the front-end you’ll likely work with React and TypeScript. On the backend it’s mainly Node.js, GraphQL, and Python, with occasional Go, C#. Our data stores include SQL and NoSQL, and you’ll be guided by our data and SRE teams. You’ll work in AWS, GitHub/GitLab, CI, and increasingly with serverless technologies. We also have occasional support work for our classic Perl/Mason app.

Our salaries and bonuses are competitive, and our exceptional employee benefits are rated 4.4/5 on review sites.

Requirements

What we’re looking for in Zoopla Engineers:

• You’ve honed your engineering craft, and practice writing maintainable code, code review, pair programming, automated testing.

• You’ll have worked with cloud tech, preferably AWS, and when called for, you’ll be willing to flex across the whole stack.
• For more senior roles, you will have achieved the above while teaching others, influencing your team and organisation.
• To join the team you must exhibit the Zoopla behaviours - such as ‘own it,’ ‘build together’, and ‘set the standard.’
• We take diversity and inclusion seriously, and to succeed here, you must too.

And specifically as a Security Engineer:

• You have experience driving application security into the software development lifecycle by performing security threat modelling, risk assessments, and using vulnerability management to help prioritise risks.
• You are able to work with individuals at all levels in a wide array of business functions to implement mitigations and resolutions using industry standard approaches.
• You will be able to educate software engineers on application security best practices and secure coding techniques, helping to shift security left in the development lifecycle.
• Application security at Zoopla sits within SRE, so the ability to collaborate and work with SRE’s to help develop tools to monitor and troubleshoot/resolve security or compliance related issues.
• Familiarity with security best practices associated with containers, serverless and distributed systems.
• You will be knowledgeable and comfortable with Agile development practices, and have strong programming ability in any modern language. The application security team uses Python, Perl and Git.
• You have experience working with software engineering teams and providing insight during security events, including communication findings to stakeholders at all levels of seniority.
• Passionate about cloud technologies, and remains up to date with the latest security trends. Ability to design, develop and maintain the security of cloud environments.
• Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR
• Familiar with internet security issues, OWASP top 10, threat landscape especially on cloud providers
• Familiar with application security initiatives such as Mitre/OWASP etc.
• You will have experience of implementing a security model using Terraform deployed with a pipeline, and experience implementing security testing into the deployment pipeline.
• Knowledge of working with and developing tools like prowler, cloud custodian and image hardening according to CIS benchmarks

All qualified applicants will be considered, without regard to race, colour, nationality, religion, sexual orientation, gender, gender identity, age, disability, health, or time unemployed.

Benefits

• Everyday Flex - greater flexibility over where and when you work
• 25 days annual leave + extra days for years of service
• Day off for your birthday, house move, good deed day, and digital detox day
• Cycle to work and electric car schemes
• Free Calm App membership
• Enhanced Paternity Leave
• Fertility Treatment Financial Support
• Group Income Protection and private medical insurance
• Gym on-site in London – or membership in regional offices
• 7.5% pension contribution by the company
• Discretionary annual bonus up to 10% of base salary
• Talent referral bonus up to £5K