Application Security Engineer
London, England, United Kingdom - Remote
Who are Tyk, and what do we do?
The Tyk API Management platform is helping to drive the connected world and power new products and services. We’re changing the way that organisations connect any number of their systems and services. Whether internal, external, public or highly encrypted systems, Tyk helps businesses drive value across the retail, finance, telecoms, healthcare, or media industries (to name just a few!)
If you’ve banked online, used an app to check the news, or perhaps even driven a connected car, API’s, and by extension, Tyk, make that possible. Founded in 2015 with offices in London - UK, London - Ontario, Atlanta and Singapore, we have many thousands of users of our B2B platform across the globe. Brands using Tyk range from Lotte, Bell, Dominos, Starbucks, to RBS and Societe Generale. We have a varied user base hailing from every continent – even Antarctica.
Tyk is on a mission to connect every system in the world. We’ve started by building an API Management platform.
Total flexibility, default remote, radical responsibility
We offer unlimited paid holidays and remote working from anywhere in the world, for everyone, Why? Tyk was founded on the principle of offering flexibility and autonomy to our employees, we believe this allows our employees to achieve their best results. It also means we can build the best possible team, location and working hours are no barrier.
If this sounds like an environment that you believe could work for you then read on to find out more.
The Application Security Engineer has one mission; to shift left everything we do on security. You will be our first member of our Security enabling team and an active member of our Community of Practice, which will support product in ensuring we are following security best practices throughout the software development lifecycle (SDLC).
Here’s what you’ll be getting up to:
- Be our first Security Champion, in our new Security enabling team!
- Collaborate with product in ensuring we are following security best practices through each step of the software development lifecycle (SDLC)
- Be an active member of our Community of Practice, through knowledge sharing, collaboration, shared learning, awareness - driving best practices and knowledge forward across the organisation
- Own and drive our Maturity Model to measure security maturity across product which will help drive improvement
- Define and roll out security design up front practices, e.g. threat modelling
- Own tooling and frameworks for fast and easy adoption across product, e.g. vulnerability, OWASP and licence scanning tools
- Coach and mentor product in secure coding best practices
- Work with Operations teams to provide data and answers to support ongoing compliance initiatives, such as SOC2 and ISO
- Assist the QA team with pen testing, recommending steps for remediation, mitigation and prevention
- Be an active participant in reviewing our Zerocopter issues, recommending steps for remediation, mitigation and prevention.
- Identify learning opportunities for product, e.g. OWASP top 10 training
- Proactively support any security issues in production, advising on the best course of action in a timely manner
- Keep abreast of the latest Security trends, news and tooling to ensure we are ahead of the game
Here’s what we’re looking for:
- Experience as an Application Security Engineer or similar role, activities including threat modelling, secure code reviews, security testing etc.
- Background in software development with advance coding skills, preferable Go
- Deep knowledge of common software security vulnerabilities and how to prevent them, e.g. OWASP, CWE
- Knowledge of security frameworks such as SOC2 and ISO
- Outside-the-box thinking to anticipate possible threats
- Deep working knowledge of responsible disclosure programs
- Deep understanding of penetration testing
- A clear conceptual understanding of the software development lifecycle (SDLC)
- Amazing communication, coaching and mentoring skills - able to knowledge share and up-skill team members in security best practices
- A fast learner - able to learn on the job, picking up new technologies, concepts and tooling with ease
- A good understanding of API management
- Experience with container technology (i.e. Kubernetes, Docker)
- Experience with distributed cloud providers, preferable AWS, GCP
- Experience with deployment tooling (e.g. Terraform, Ansible)
Here’s why you should join us:
- Everyone has unlimited paid holidays.
- We have total flexibility in hours, as we believe creativity flows better when our people are given freedom to decide when they are most productive. Everyone is unique after all.
- Employee share scheme
- Generous maternity and paternity leave
- Company retreats
We all share the same vision - we value authenticity, respect, responsibility, independence, honesty, diversity and inclusion and most importantly treating others how you wish to be treated. We look for like-minded people who bring their personalities to work everyday, strive to achieve their personal goals and who are willing to challenge the way we do things, why? - to make what we do even better!
Our values tell the story of Tyk - here’s how:
- It’s ok to screw up!
We’ve found that it’s often the ‘stupid’ or unexpected ideas that turn out to be the successful ones - so try it, at least we can say we have!
- The only stupid idea, is the untested one!
It’s in our DNA - starting a business with founders 12 hours apart, giving our gateway away for free - sure, we did that, and we’d do it again!
- Trust starts with you - make it count!
Trust is a two-way street - instil it from day one!
- Assume best intent!
We have each other’s back - we’re all on the same team. Think before you speak or act.
- Make things better!
Always try to leave things better than when you found them - change is constant, inevitable and embraced! Be that change we want to see.
What’s it like to work here?! check it out: https://tyk.io/worklife/
Tyk is an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.
You can see more about us here https://tyk.io
* Salary range is an estimate based on our salary survey 💰
Tags: Ansible APIs Application security AWS Cloud Compliance Docker Finance GCP Kubernetes OWASP Pentesting SDLC SOC 2 Terraform Vulnerabilities
Perks/benefits: Career development Parental leave Team events
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Security Architect jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior SOC Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Head of Information Security jobs
- Open IT Security Analyst jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Application Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Manager Pentest H/F jobs
- Open Lead Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Vulnerability management-related jobs
- Open DevSecOps-related jobs
- Open IAM-related jobs
- Open Java-related jobs
- Open SaaS-related jobs
- Open CISM-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Analytics-related jobs
- Open CI/CD-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open OWASP-related jobs