Associate Application Security Engineer

Our Story Hello there. We’re Zopa. We started our journey back in 2005, building the first ever peer-to-peer lending company. Fast forward to 2020 and we launched Zopa Bank. A bank that listens to what our customers don’t like about finance and does the opposite. We’re redefining what it feels like to work in finance. Our vision for a new era of banking puts people front and centre — we’ve built a business that empowers everyone to aim high, every day, to move finance forward. Find out more about our fantastic offerings at Zopa.com! 
We’re incredibly proud of our achievements and none of it would be possible without the amazing team here. It’s not just industry awards we’re winning, we’ve also been named in the top three UK’s Most Loved Workplaces. 
If you embrace unconventional challenges, are unafraid to think differently and are driven to make an outsized impact, you’ll thrive here at Zopa, so join us, and make it count. Want to see us in action? Follow us on Instagram @zopalife
We are looking for an Associate Application Security Engineer to join our growing AppSec team. The teams key function is to help engineers to design and build securely. This team spend a lot of time working directly with product and engineering to understand what we want to build, why and how. They do everything from trying to understand how to break something theoretically when it’s just in design phase (threat modelling), all the way through giving advice on how to build securely and then finally, trying to break the thing that’s been built before it’s released (penetration testing).   This team also help build and deploy some of our own security automation tooling and are always thinking of ways to make engineers lives as easy as possible by automating security controls and testing. They also partner with third parties for more detailed security testing.   This role will sit within the wider AppSec team (3 others) and our Associate AppSec Engineer will get the chance to shadow team members and engineers to really help develop their skills. 

The role:

• Engage with key stakeholders which will be mainly be within engineering
• Partner with a specific product area. Example areas include: Mobile App, Current Accounts, Data Engineering and Analytics, Platform + Site Reliability
• Provide support to teams who need help understanding how to build something securely
• Review designs for new services, performing testing. Training on all areas will be given
• A lot of shadowing/pairing with existing team members with plenty of space for autonomous working/skill development

About you:

• A good communicator 
• Can communicate to non-technical stakeholders 
• Some tech experience but doesn’t have to be security specific – this could be engineering 
• Enjoy reading/learning about security trends
• Spends time to understand the wider industry/security news (podcasts/articles/conferences/social media etc) 
• A willingness to learn

Added bonus:

• Security specific experience
• Software engineering experience

#LI-JH1
Flexible working? Yes please! At Zopa we value flexible ways of working. We understand the benefits of face-to-face collaboration and the importance of a good work-life balance. Our teams work in a hybrid manner, from our vibrant UK offices and the comfort of their own homes, at a frequency that suits the team and the work they do. Not only that – you'll also have the option of working from abroad for up to 120 days a year!* But no matter where you are, we’ll make sure you’ve got everything you need to thrive, both in your work and home life, from day one.
*Subject to having the right to work in the country of choice
Diversity Statement
Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture for our people. We are made up of nearly 50 nationalities, have a DE&I forum made up of Zopians wanting to make a difference and we are proud of our culture where everyone can bring their full self to work. Our approach to DE&I is reflected in our hiring process so please let us know if you require any reasonable adjustments.