DevSecOps Specialist

About the team: 

The Cloud Security team at Luno is responsible for identifying security threats and improvement areas within our Cloud-hosted resources, and ensuring that we both strive to implement best practices everywhere and detect any deviations. This team works closely with Engineering and IT Operations to ensure the best security practices are followed in both areas of the business.

The Cloud Security team is looking for a DevSecOps Specialist to contribute to the establishment and development of its function. We’re entering our next phase of growth on our mission to bring Crypto to the global mass consumer market.

The main focus of this role will be to shift left with security and to aid in the empowerment of engineers in becoming application security champions. This includes using a specialised skill set to design and automate continuous security testing at all pre-deployment stages (where applicable), enable the measurement (and performance) of threat reduction at said stages and work closely with the Agile Delivery team, Backend and Mobile engineers, SREs and other Security resources to achieve our joint vision of making Luno the safest and most trusted cryptocurrency company in the world.

Your mission will be:

• Support and consult with product and engineering teams in the area of application security, including threat modelling and AppSec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support and assist in managing our bug bounty program.
• Author, share and contribute to documentation on application security processes, tooling and other resources to ensure collaboration and transparency within your own team and throughout the greater organisation. 
• Design and implement continuous application security testing mechanisms to aid in assessing our security posture and furthermore, drive down the number of vulnerabilities and threats in our environment.
• Inform, support and empower our software engineers to strive towards becoming more vigilant, aware and capable secure coding practitioners. This includes developing structured and unstructured engagements such as, targeted and general training, one-on-one and one-to-many coaching/information sharing sessions and general enquiry handling around application security.

A little about you:

• Experience in vulnerability management and enhancing and/or contributing to the security within application source code.
• Experience in securing CI/CD pipelines on Cloud platforms. Ideally AWS with the AWS Developer Associate certification being advantageous
• Deep understanding of security best practices on technologies mentioned above
• Team player, willing to pitch in wherever needed
• Keen interest in application security and vulnerability management
• Understanding of the Software Development Lifecycle
• Basic development or scripting experience and skills. Golang, Python, JavaScript, and Java/Kotlin are preferred.
• Familiarity with some common security libraries, frameworks and tools (e.g. static analysis tools, proxying/penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).

Don’t be put off if you don’t tick all of the boxes – they’re a guide based on what we’d love to see but we appreciate that excellent candidates have diverse backgrounds. We value attitude above aptitude. With the right mindset, you can empower yourself.

Life at Luno:

• A forward-thinking and ambitious team that values diversity, hard work, and the continuous quest for excellence.
• The remote but reachable work policy gives you the freedom to choose between working from home or the office.
• Improve body and mind, with excellent private medical insurance. 
• Free training courses on Udemy and CodeAcademy.
• Generous maternity/paternity and even paw-ternity for your furry friend.
• Annual Inspiration Day.
• A collaborative, friendly work community, with regular social events and virtual cooking, dancing, drawing and house planting classes hosted by our Lunauts. 
• Free lunch and snacks.
• Free access to Headspace – a full library of guided meditations, sleep stories, and music.
• 0 fees with Luno from the day you start.*

*Offer only available on Luno Instant Buy, not Luno Exchange

About us:

Luno makes it simple to buy, store and explore crypto. More than 10 million people have chosen to invest in crypto with Luno using our platform, which is available on Apple, Android and as a desktop experience. We’ve enabled over $52bn of transactions and we securely store over $1bn for our customers around the world.

Our mission is to put the power of crypto in everyone's hands because we believe that giving people access to a robust and fair financial system is a basic human right. We are with customers at every step of their investment journey with clear, jargon-free information and an easy-to-use app experience that helps people get started from as little as $10.

In order to make crypto accessible to everyone, everywhere, we’re on the ground in more than 40 markets across North America, Africa, Asia and Europe. We are registered with all local financial intelligence authorities and proud of our strong Anti Money Laundry measures and world-leading compliance teams. All the crypto we store for our customers is regularly verified by independent auditors.  Luno is the trusted guide that will bring crypto to over 1 billion people by 2030.

We are an equal opportunity employer and value diversity at our company. We do not negatively discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.