Security Engineer

Description

🤩 Security Engineer

Security Issues, API, Web, Mobile Infrastructure Security, Working with external security vendors and contributing to internal strategy.

🤔 Who are we and why do we do what we do?

We are a data and payments company on a mission! We’re a group of developers, financial experts, and optimists who share a vision for improving the financial wellness of people, their businesses, and their communities.

We started this company with the aim of changing how the industry used and viewed data. As architects of Open Banking, Open Finance, and Open Data, we strive to be a force for good — changing the status quo of how businesses interact with people.We strive to serve the whole population through every change in their finances.

We do this by powering businesses through our APIs and white label solutions as well as our own personal financial management app for consumers.

We can only do that by being an inclusive and diverse organisation. We invest in our people, and enjoy an environment focused on innovation, collaboration and openness.

💰 What do we offer?

We champion flexibility, and we trust and respect our employees to deliver results in a way that best suits them, working around their own lives and commitments. As well as a truly flexible approach, we also offer a fantastic range of benefits, including:

• Fully remote working
• 10% contribution towards your Pension from your very first day with us;
• 25 days of holiday (plus bank hols), rising to 30 days after two years;
• Choose to take your entitlement to UK bank holidays at other times based on your own days of significance;
• Private medical insurance, including cover for pre-existing conditions, plus dental and optical benefit;
• Six week Moneyhubber Family Pay when you become a new parent;
• Permanent health insurance and life cover (death in service);
• Employee assistance programme;
• Professional development support;
• Life event leave;
• Holiday purchase and more.

👀 Sounds great right? What will you be doing?

Requirements

We are seeking a Security Engineer to join our DevOps and Platform Team. As a Security Engineer, you will be responsible for working with our dev teams to ensure that our system is secure and that we follow best current practices with regards to API, Mobile, Web and Infrastructure security. You will work closely with the DevOps and Platform team to identify and address security issues, and implement appropriate measures to protect our systems and data.

Responsibilities:

• Work with dev teams to ensure the security of our system and compliance with best current practices
• Identify and address security issues within the system
• Implement appropriate measures to protect our systems and data
• Arrange and liaise with external security vendors, for example pentesters
• Collaborate with the DevOps and Platform team to identify and address security issues
• Contribute to the development and maintenance of security documentation
• Collaborate with the wider DevOps and SRE team to help with operations, especially from a security perspective

Requirements:

• Experience as a JavaScript developer
• Good experience with Node.JS and Docker
• Experience with OAuth 2.0 token-based authentication
• Strong problem-solving and communication skills, including very strong documentation skills.
• Ability to work independently and as part of a team

Nice to have:

• Knowledge and experience of the OWASP Top 10
• Experience with key based authentication - mutual TLS and JWT
• Experience with modern security tooling, including SAST and DAST products
• Experience with AWS