Senior Security Engineer - Secret Management

About Us

For decades, the clearing of financial transactions remained unchanged and unchallenged. We asked, ‘What if there was a better way? What if we could make those transactions faster, safer, more reliable and accessible to all?’

Our pioneering approach has opened the door to innovation, enabling our partners to thrive. We continue to ask, ‘What if...?’ every day, working with our partners to bring their powerful financial services to everyone from shopkeepers and savers to businesses and institutions.

It’s the skill and enterprise of our own people that make this happen, and it’s ClearBank’s belief in fairness, autonomy and choice that means they have opportunities to learn, grow and contribute to our partners’ success. For more about ClearBank, check out our website here.

About the Role

This role is all about secret management. We are looking for someone to take ownership of developing a complete strategy for secret management at Clear Bank. This will require identifying solutions to improve secret management practises whilst not compromising developer experience. You will need to build a capability that developers want to use. We will also expect this role to build standards on secret strength, storage, rotation and maintenance. Introduce enhanced capability to detect and respond to deviations from policy. This is exciting role that is waiting for someone who wants to take ownership and make their mark on a progressive DevSecOps organisation – show us how it should be done!

The Security engineering hive at ClearBank is all about making security easy for engineering teams. We reduce the risk of software being used as an attacker vector for cybercrime and help engineers protect customer data. We are engineers first, we write code and understand how to build quality products, with an added speciality in security. We are looking for Security Engineers to help us fulfil our ambitious roadmap of building more great security products, advocate security and reduce the cognitive load for engineers.

We are a 100% remote team with members all over the UK. If you are based near a ClearBank office hub (Bristol/London) then you may choose how often or little you wish to be in the office!

Requirements

About You

You write code and understand SDLC so that you have credibility with engineering teams and can understand the business and technical challenges of our internal customers. The best candidates for us are good all-round developers with some cloud infrastructure experience. We need an enthusiasm for security, but no full-time infosec experience is required. This is a perfect gateway role into Infosec for any engineers looking to transition.

Desired experience in secret management. Whether that is performing gap analysis for secret management practises, building policies and standards for secrets or rolling out tools such as HashiCorp Vault. Whilst experience is not required, we are expecting you to have compressive ideas on how to tackle secret management that will be vetted during the interview process.

Core Skills and Experience:

• Must have commercial software experience working in modern quality practises - building, shipping, and supporting great products using C# .NET and cloud native technologies
• Experience of writing great automated tests
• Enthusiasm for software security – whether as a security champion or working with developer security products such as SAST, SCA, DAST, IAST
• Most importantly we are looking for great communicators who can coach and mentor. Our goal is to help all engineers interested in security on their path to mastery and you will be part of journey.
• Vision for secret management in a DevSecOps world

Desired Skills:

• Infrastructure as Code experience using automated deployment pipelines to provision cloud infrastructure using a tool such as Terraform
• Great evidence where you have led the organisation to improve security in the SDLC e.g. threat modelling, OWASP Top 10 coaching and building bridges with Infosec
• Experience developing standards and policies for secret management
• Experience introducing and administering secret management tooling

The Legal Bit

By submitting your CV you confirm that you can demonstrate you have the right to work in the UK.

Regretfully we are not able to sponsor applicants for immigration purposes at the current time. By submitting your CV to ClearBank Limited you are providing your consent for us to use the information you provide for recruitment purposes. For more information on how we manage your data go and check out our Candidate Privacy Notice on the ClearBank® website to see how we process, manage, and look after your data. You are also allowing us to communicate with you by email and telephone for recruitment purposes.

Benefits

What we offer:

• Competitive salary
• ‘Fresh Air Fridays’ - the flexible option to finish early on a Friday where possible
• 27 days annual leave + bank holidays
• 2 days off per year to do something ‘bigger than ClearBank’ (Charity days)
• Competitive employee benefits and perks
• Remote-first working with access to London and Bristol offices
• A supportive, challenging and agile environment
• You’ll also get to work in one of the most exciting Banks in the market right now!