Application Security Engineer

What we do at Codat

Our mission is to make life easier for small and medium sized businesses, the backbone of our global economy. 

We do that by working with fintech companies and financial institutions to help them connect into the systems their small business customers use. With this connectivity, our clients are building next generation products to take the friction out of running a small business, from business management software to alternative lending and corporate cards.

Codat is a Series C-funded company, backed by some of the leading investors and most successful tech companies in the world, including J.P. Morgan, Shopify, Plaid, PayPal Ventures, Amex Ventures, Index Ventures and Tiger Global. We have offices in London, New York and Sydney.

We live by our values of being united as a single team, building a product that is useful to our clients and their customers alike, and bringing a focus and urgency to our work that makes us unstoppable.

What you will be doing

• Designing and implementing scalable security solutions for our core infrastructure
• Developing and maintaining software application security policies and procedures
• Participating in and supporting application security reviews and threat modeling, including code review and dynamic testing.
• Owning and performing application security vulnerability management.
• Supporting the bug bounty program.
• Supporting and consulting with product and development teams in the area of application security.
• Assisting in the creation of security training.
• Assisting in the development of automated security testing to validate that secure coding best practices are being used
• Improving the company’s ability to respond to threats through technology selection, internal product development and implementations with an emphasis on automation.
• Developing processes, procedures and playbooks that will be used during an incident response process

What we’re up to right now

We anticipate massive growth in both people and products over the next few years. Where our Product and Engineering organization focus on delivering new product functionality, our application security team needs to ensure that the entire platform is always secure by default, by coordinating/leading the efforts of many and directing them towards a focused outcome.

What excites us

• Familiarity with common security libraries, security controls, and common security flaws.
• Development and scripting experience. C# .NET and/or Python is preferred.
• Experience with OWASP ASVS, static/dynamic analysis, and common security tools.
• Experience working with developers.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Experience identifying security issues through code review.
• CompTIA PenTest+, CASP,+ or similar certifications such as; CISSP, CISM, GCIH.
• You are confident representing your ideas and opinions in a manner that can be challenged and respond to feedback well
• You have built out detection and response programs for a SaaS or cloud-native company

Salary banding

£90,000 - £96,000 / year

If you are excited about applying for this role but aren't certain you meet 100% of the criteria, we'd still love to hear from you.