infosec-jobs.com

Product Security Engineer

London/Manchester (Hybrid)

Applications have closed
Moonpig logo

Moonpig

Please select which country you want to send your order to

View company page

Find more jobs like this Jobs in the United Kingdom

Our Ways of Working:
We believe that we do our best work when we are together, but also appreciate that everyone works in different ways. That’s why we operate with three working models which look to define where and how our people work - Remote, Hybrid, Site/Office - based. 

Although we believe the majority of our people will choose our hybrid working model (at least 2 days in the office each week), for some of our teams that don't require as much in-person connection and collaboration, we offer fully remote working (with paid travel to the Moonpig office up to 6 times per year).  Remote roles are specified directly on our job adverts


Work with us

Moonpig Group achieved ‘Unicorn’ status in one of the biggest tech IPOs of 2021, making the FTSE 250 index of leading companies listed on the London Stock Exchange with a market cap of £1.5 billion at the time. We’re now growing the security team to work towards an even more ambitious goal of reaching 25 million customers whilst still ensuring that we’re protecting our customers' special moments. 

To help get us there, our Product Security Team's mission is to shift left our SDLC (Software Development Lifecycle) processes for code written at Moonpig Group to reduce the likelihood of introducing new vulnerabilities in production and minimise the risk of externally identified vulnerabilities on Moonpig Group Services. 

But the magic does not stop there. Our architecture is built for scale and flexibility which will allow us to quickly innovate and launch new propositions -- coupling that with the wealth of data we have on our customers, the sky's the limit in the world of experimenting with cutting edge ideas whilst still ensuring that security is at the forefront of all solutions we build.

Moonpig is a hidden gem in terms of our culture. Check out our tech culture and benefits as well as our 4.6 rating and reviews on Glassdoor for a view on how great it is to work here!

What you’ll be doing:

As a Product Security Engineer you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. We’re a small team, so the role is a hybrid of engineering and vulnerability and risk management. With a focus on automation and collaboration with our wider Technology team to enhance our capabilities in our software development life cycle.

Key Responsibilities
Contribute to the development of the product security roadmap and strategy.
Boost, build and innovate our security tools in our DevOps pipeline/processes.
Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritise and remediate them.
Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment.
Drive security testing (individually, with third parties and by encouraging adoption within engineering teams) of our products using both structured and explorative approaches. Helping to identify vulnerabilities early on in our product lifecycle.
Provide SME support during incidents and crisis management meetings.

You'll be a great addition to the team if you have:
A positive, collaborative and pragmatic attitude.
Great communication skills, both verbal and written.
Strong knowledge of application security best practices (such as OWASP).
Familiarity with cloud infrastructure (such as AWS, Azure, Google Cloud).
Strong grasp of infrastructure-as-a-code and configuration tools (such as Terraform/Cloudformation) for the purpose of deploying security tooling.
Knowledge of extracting metrics and events from security tooling.
Experience working with and securing microservices, API’s and event driven architectures.
Advanced understanding of secure coding principles and how to apply them.
Experience implementing SAST and/or DAST within a CI/CD environment.
Understanding of security tools such as WAFs, SAST, vulnerability scanning tools.
Understanding of cryptography, authentication, authorization.

We are also keen to speak to candidates currently in software engineering roles looking to move into Cyber Security. If this is you, please apply! 
Want to hear more? 
Find out more about Moonpig Group and what it has to offer here!
 
Moonpig’s Commitment to Equality, Diversity and Inclusivity 

At Moonpig Group, we’re committed to creating an inclusive and caring culture with brilliant people who feel a real sense of belonging. We welcome and celebrate all diverse backgrounds to Moonpig Group, from working parents who need flexibility with their hours to individuals who are neurodiverse and prefer to work a certain way. 
We’re proud to have several employee-led committees within our organisation, including the LGBTQ+ Committee, The Gender Balance Committee and our Moonpig Against Racism Committee. 
We’ll continue to push for diversity and that sense of belonging so that all Moonpig Group employees feel safe and comfortable to be their true authentic self at work.
Find more jobs like this Jobs in the United Kingdom

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile APIs Application security Automation AWS Azure CI/CD Cloud Cryptography DAST DevOps GCP Microservices OWASP Product security Risk management SAST SDLC Strategy Terraform Vulnerabilities

Perks/benefits: Team events

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  25  2  0
Category: Security Engineering Jobs

More jobs like this

« Back to job search To the top ↑

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.