Senior Security Engineer
London, England, United Kingdom
We’re on a mission to build the world’s greatest social bank. We believe that banking needs to change for the better. When money is used correctly, it can transform our daily lives and positively impact the planet. We’re searching for an Assistant Company Secretary. The Kroo is growing and we’d love to hear from you if you’re interested in joining us on our journey!
About the Team
We are a multi-disciplined team of experienced technology, banking, customer experience, marketing, and legal professionals who share a passion for the company’s mission and believe in a collaborative approach to creating the greatest social bank. We are building a diverse team of inquisitive people who want to understand customer needs and behaviour so we can develop innovative products that change people’s lives for good. We are looking for a Senior Security Engineer to help us design and implement our mobile applications, services and websites to the highest security standards.
Requirements
Your primary areas of accountability will include:
- Analyse security systems and seek improvements on a continuous basis,
- Identify, assess and remediate security vulnerabilities,
- Automate security processes and procedures,
- Identify, define and document system security requirements and recommend solutions to management,
- Develop best practices and security standards for the organisation,
- Help design robust security for web/ mobile front ends, micro-service architecture,
- Help teams ensure products and services are secure by design, within the risk appetite, and meet compliance requirements, group standards and policies,
- Collaborate with relevant stakeholders to ensure alignment to the cybersecurity strategy and securing the bank’s technology,
- Help teams ensure compliance with internal audit and external regulators.
To be successful in this role you should have skills and experience in multiple domains, such as application security, network security or security operations. You need to have programming experience and the ability to proactively seek out efficient and repetitive solutions to security challenges.
At a minimum, you have at least 3 years of experience in system, network or application security.
You should also have a proven experience and knowledge with any combination of the following:
- Threat modelling and risk assessments,
- Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS…),
- Experience with designing and administering identity management (authentication and authorization including policy enforcement points, token services, protocols such as OAuth2),
- Working knowledge of cryptography including encryption, signing and digital certificates,
- Principles of securing mobile applications and web services,
- Docker or kubernetes and infrastructure as code,
- Event driven streaming technologies,
- Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs,
- Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform),
- Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes,
- Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP),
- Security certification such as CISSP, CCP, SANS, GAIC, Ethical Hacker,
- Experience in working in regulated company, preferably with a FinTech/ banking background and experience in DevOps,
- Excellent oral, written communication and presentation skills.
Benefits
What we offer:
- 25 days holidays + UK Bank holidays + Kroo Bank holiday (24th June) + you’ll also get your birthday on us.
- 3 x personal health days
- All new starters are granted options in our company share options scheme so you can benefit from growing Kroo
- Access to our workplace pension with a 3% employer contribution
- All the equipment you need to work effectively, usually a Macbook Pro as standard.
- Access to a modern, bustling office in Holborn, Central London with a free gym.
- Cycle to work scheme
- Salary Sacrifice Electric Vehicle scheme through Octpus EV
- Access to a leading UK mental health support through Spill.chat
- Extended parental leave
- 4 hours per month to support charities you believe in
- High degree of autonomy with support from an experienced and supportive team
- Room to grow and excel within a fast paced, high grow growing start-up
- An ethically conscious company that is truly trying to change what’s most broken about the industry
Office/remote working
We operate under a hybrid policy allowing individuals and teams a high degree of autonomy to use the office as and when it will be most productive. We have a beautiful office in Holborn, which, when used for the right things, can be a useful and powerful tool. Currently we see a blended model of working 1-2 days a week in the office, so candidates that are able to travel in occasionally are the best fit for our current working practices.
Diversity
We are firmly committed to creating and maintaining a diverse and inclusive workplace in which all employees are valued, respected, safe, supported, and listened to without judgement or prejudice. These principles apply to all, regardless of race or ethnicity, age, gender, gender identity or expression, national origin, sexual orientation, mental or physical ability, religion, appearance, political beliefs, educational background, class, and position or tenure within the company. Diversity, Equity, and Inclusion are central to the direction we take at Kroo, and are considered across all aspects of our business.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security AWS Banking CI/CD CISSP Cloud Compliance Cryptography DAST DevOps DevSecOps DNS Docker Encryption FinTech Firewalls GCP IAST Kubernetes Monitoring Network security OWASP Risk assessment SANS SAST SDLC Strategy Terraform Vulnerabilities
Perks/benefits: Career development Equity Gear Health care Parental leave Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs