Application Security Engineer

Who are Tyk, and what do we do?

The Tyk API Management platform is helping to drive the connected world and power new products and services. We’re changing the way that organisations connect any number of their systems and services. Whether internal, external, public or highly encrypted systems, Tyk helps businesses drive value across the retail, finance, telecoms, healthcare, or media industries (to name just a few!)

If you’ve banked online, used an app to check the news, or perhaps even driven a connected car, API’s, and by extension, Tyk, make that possible. Founded in 2015 with offices in London - UK, London - Ontario, Atlanta and Singapore, we have many thousands of users of our B2B platform across the globe. Brands using Tyk range from Lotte, Bell, Dominos, Starbucks, to RBS and Societe Generale. We have a varied user base hailing from every continent – even Antarctica.

Our Mission

Tyk is on a mission to connect every system in the world. We’ve started by building an API Management platform.

Total flexibility, default remote, radical responsibility

We offer unlimited paid holidays and remote working from anywhere in the world, for everyone, Why? Tyk was founded on the principle of offering flexibility and autonomy to our employees, we believe this allows our employees to achieve their best results. It also means we can build the best possible team, location and working hours are no barrier.

If this sounds like an environment that you believe could work for you then read on to find out more.

Requirements

The role:

The Application Security Engineer has one mission; to shift left everything we do on security. You will be our first member of our Security enabling team and an active member of our Community of Practice, which will support product in ensuring we are following security best practices throughout the software development lifecycle (SDLC).

Here’s what you’ll be getting up to:

• Be our first Security Champion, in our new Security enabling team!
• Collaborate with product in ensuring we are following security best practices through each step of the software development lifecycle (SDLC)
• Be an active member of our Community of Practice, through knowledge sharing, collaboration, shared learning, awareness - driving best practices and knowledge forward across the organisation
• Own and drive our Maturity Model to measure security maturity across product which will help drive improvement
• Define and roll out security design up front practices, e.g. threat modelling
• Own tooling and frameworks for fast and easy adoption across product, e.g. vulnerability, OWASP and licence scanning tools
• Coach and mentor product in secure coding best practices
• Work with Operations teams to provide data and answers to support ongoing compliance initiatives, such as SOC2 and ISO
• Assist the QA team with pen testing, recommending steps for remediation, mitigation and prevention
• Be an active participant in reviewing our Zerocopter issues, recommending steps for remediation, mitigation and prevention.
• Identify learning opportunities for product, e.g. OWASP top 10 training
• Proactively support any security issues in production, advising on the best course of action in a timely manner
• Keep abreast of the latest Security trends, news and tooling to ensure we are ahead of the game

Here’s what we’re looking for:

The role:

• Experience as an Application Security Engineer or similar role, activities including threat modelling, secure code reviews, security testing etc.
• Background in software development with advance coding skills, preferable Go
• Deep knowledge of common software security vulnerabilities and how to prevent them, e.g. OWASP, CWE
• Knowledge of security frameworks such as SOC2 and ISO
• Outside-the-box thinking to anticipate possible threats
• Deep working knowledge of responsible disclosure programs
• Deep understanding of penetration testing
• A clear conceptual understanding of the software development lifecycle (SDLC)
• Amazing communication, coaching and mentoring skills - able to knowledge share and up-skill team members in security best practices
• A fast learner - able to learn on the job, picking up new technologies, concepts and tooling with ease

Our stack:

• A good understanding of API management
• Experience with container technology (i.e. Kubernetes, Docker)
• Experience with distributed cloud providers, preferable AWS, GCP
• Experience with deployment tooling (e.g. Terraform, Ansible)

Benefits

Here’s why you should join us:

• Everyone has unlimited paid holidays.
• We have total flexibility in hours, as we believe creativity flows better when our people are given freedom to decide when they are most productive. Everyone is unique after all.
• Employee share scheme
• Generous maternity and paternity leave
• Company retreats

We all share the same vision - we value authenticity, respect, responsibility, independence, honesty, diversity and inclusion and most importantly treating others how you wish to be treated. We look for like-minded people who bring their personalities to work everyday, strive to achieve their personal goals and who are willing to challenge the way we do things, why? - to make what we do even better!

Our values tell the story of Tyk - here’s how:

• It’s ok to screw up!

We’ve found that it’s often the ‘stupid’ or unexpected ideas that turn out to be the successful ones - so try it, at least we can say we have!

• The only stupid idea, is the untested one!

It’s in our DNA - starting a business with founders 12 hours apart, giving our gateway away for free - sure, we did that, and we’d do it again!

• Trust starts with you - make it count!

Trust is a two-way street - instil it from day one!

• Assume best intent!

We have each other’s back - we’re all on the same team. Think before you speak or act.

• Make things better!

Always try to leave things better than when you found them - change is constant, inevitable and embraced! Be that change we want to see.

What’s it like to work here?! check it out: https://tyk.io/worklife/

Tyk is an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.

You can see more about us here https://tyk.io