Security Engineer
London, England, United Kingdom - Remote
We’re on a mission to build the world’s greatest social bank. We believe that banking needs to change for the better. When money is used correctly, it can transform our daily lives and positively impact the planet. We’re searching for a Security Engineer. The Kroo is growing and we’d love to hear from you if you’re interested in joining us on our journey!
About the Team
We are a multi-disciplined team of experienced technology, banking, customer experience, marketing, and legal professionals who share a passion for the company’s mission and believe in a collaborative approach to creating the greatest social bank. We are building a diverse team of inquisitive people who want to understand customer needs and behaviour so we can develop innovative products that change people’s lives for good. We are looking for a Security Engineer to help us design and implement our mobile applications, services and websites to the highest security standards.
Your primary areas of accountability will include:
- Analyse security systems and seek improvements on a continuous basis,
- Identify, assess and remediate security vulnerabilities,
- Automate security processes and procedures,
- Identify, define and document system security requirements and recommend solutions to management,
- Develop best practices and security standards for the organisation,
- Help design robust security for web/ mobile front ends, micro-service architecture,
- Help teams ensure products and services are secure by design, within the risk appetite, and meet compliance requirements, group standards and policies,
- Collaborate with relevant stakeholders to ensure alignment to the cybersecurity strategy and securing the bank’s technology,
- Help teams ensure compliance with internal audit and external regulators.
Requirements
To be successful in this role you should have skills and experience in multiple domains, such as application security, network security or security operations. You need to have programming experience and the ability to proactively seek out efficient and repetitive solutions to security challenges.
At a minimum, you have at least 3 years of experience in system, network or application security.
You should also have a proven experience and knowledge with any combination of the following:
- Threat modelling and risk assessments,
- Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS…),
- Experience with designing and administering identity management (authentication and authorization including policy enforcement points, token services, protocols such as OAuth2),
- Working knowledge of cryptography including encryption, signing and digital certificates,
- Principles of securing mobile applications and web services,
- Docker or kubernetes and infrastructure as code,
- Event driven streaming technologies,
- Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs,
- Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform),
- Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes,
- Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP),
- Security certification such as CISSP, CCP, SANS, GAIC, Ethical Hacker,
- Experience in working in regulated company, preferably with a FinTech/ banking background and experience in DevOps,
- Excellent oral, written communication and presentation skills.
Benefits
What we offer:
At our cutting-edge fintech company, we know that attracting and retaining the best talent means offering top-notch benefits that help our employees thrive both in and outside of work. Check out what we currently offer:
- Generous holiday time: 25 days annual leave, 8 bank holidays, 1 Kroo bank holiday (June 24th), and 1 day off during the week of your birthday.
- Personal days: We know that life can be unpredictable, so we offer 3 personal days to use as needed.
- Employer-sponsored volunteer program: We're passionate about giving back to our community, and we support our employees in doing the same with up to 4 hours per month of employer-sponsored volunteer time.
- Mental health support: We care about the mental health of our team members and offer access to Spill, our mental health support partner.
- Workplace pension: We want you to feel secure about your future, so we offer a workplace pension with a 5% employee contribution and a 3% employer top-up.
- Learning and development: After 1 year of service, you'll have access to £500 from the Kroo Learning Fund to invest in your career development.
- Top-notch equipment: We provide top-of-the-line equipment necessary for smooth hybrid work, including a MacBook laptop. Additionally, we also offer support in establishing your home office by contributing towards your setup if required.
- Modern office: When you're in the office, you'll enjoy access to our modern, bustling workspace in Holborn, Central London, which includes a full gym.
- Cycle to Work scheme: We encourage sustainable transportation with our Cycle to Work scheme.
- Electric Car scheme: We're committed to reducing our carbon footprint, and our Electric Car scheme makes it easy for our employees to do the same.
- Enhanced parental leave: We know that family comes first, and we offer an enhanced parental leave policy to support our employees in starting and growing their families.
- Room for growth: As a fast-paced, high-growth start-up, we're dedicated to providing our employees with room to grow and excel.
- You get full healthcare for you and your nuclear family via Vitality.
Hybrid Working:
At Kroo Bank, we have a hybrid policy that gives both individuals and teams a lot of freedom when it comes to using the office space to boost productivity. Our London office is a great resource when used effectively. So, employees who can occasionally come to the office are a good fit for how we work right now. Keep in mind that this job involves working from Monday to Friday, with a mix of remote and office work, so you won't need to be on-site all the time.
Diversity and Inclusion:
We wholeheartedly uphold our commitment to fostering a diverse and inclusive workplace. Every employee is highly regarded, respected, and supported without any form of judgement or prejudice. We consider Diversity, Equality, and Inclusion as fundamental pillars guiding our path in all aspects of our bank. We also ensure that reasonable adjustments are made available to all candidates throughout the recruitment process.
To all Recruitment Agencies:
At Kroo Bank, agency resumes are strictly prohibited. Do not submit agency resumes or forward them to our job advertisements or Kroo Bank employees. Be aware that Kroo Bank will not assume any responsibility for fees incurred due to unsolicited resumes.
To ensure a fair and efficient application process, all candidates are kindly requested to submit their applications directly through the advertised platform. We kindly ask that you refrain from reaching out to the company or its employees via email, LinkedIn, or any other communication channels for inquiries or updates. Please note that any attempts to contact us through these channels will not receive a response. Thank you for your understanding and cooperation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security AWS Banking CI/CD CISSP Cloud Compliance Cryptography DAST DevOps DevSecOps DNS Docker Encryption FinTech Firewalls GCP IAST Kubernetes Monitoring Network security Nuclear OWASP Risk assessment SANS SAST SDLC Strategy Terraform Vulnerabilities
Perks/benefits: Career development Fitness / gym Gear Health care Home office stipend Parental leave Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cybersecurity Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs