Staff Security Engineer - Cloud Infrastructure

London

Applications have closed
Forter logo
Forter
Find more jobs like this

About us: 

Forter provides a new generation approach to meeting the challenges facing modern enterprise e-commerce. From attracting and retaining the right shoppers by reducing friction and boosting consumer confidence across the entire purchase journey, to fighting sophisticated fraudsters and reducing chargeback losses, only Forter provides a fully automated, real-time Decision as a Service™ platform. Behind the scenes, Forter’s machine learning technology combines advanced cyber intelligence with behavioral and identity analysis to create a multi-layered detection and decisioning mechanism. Across all our client's sites, we have created a network of over 800 million buyer identities globally. Our success so far in the marketplace has allowed us to achieve a total series F valuation of over $3 Billion. Our investors include: Tiger Global, Bessemer, Sequoia Capital, March Capital, Salesforce Ventures.

What you'll be doing:

  • Improve the company’s security standing by developing security features for use in the company’s cloud infrastructure
  • Develop and take ownership of automated security tools for internal company use, beginning identity and access management (MFA, Temporary privileges, Secret management)
  • Represent the Security Team as point of contact and source of knowledge in Design Review meetings across Engineering
  • Perform threat analysis, define security controls and security KPIs for implementation and tracking across the organization.
  • Define automated tooling for sensitive (GDPR, CCPA) data discovery, classification, and management
  • Select and deploy tools from external vendors for continuous application and infrastructure security scanning, tracking, and resolution (SAST, IDS, IPS, DDoS, etc.)
  • Design, build, evangelize, and maintain security infrastructure and tools that all Forter's engineering teams will enjoy using.
  • Implement security features, fixes, encryption, networking and data protection.
  • Mentor others designing secure applications, providing security requirements during design reviews, and ensuring correct implementations during code reviews.
  • Perform quarterly risk assessments and prepare recommendations for how to invest security resources.
  • Work very well cross-functionally, think rigorously, and make hard decisions despite tradeoffs.
  • Work in brownfield environments, imagining the next evolution of legacy systems alongside new ones.

What you'll need:

  • 12+ years developing complex software projects (Python / Ruby / Go / NodeJS / etc.)
  • 5+ years working with infrastructure as code tools (Cloudformation / Terraform / Pulumi / etc.) 
  • Extensive experience working with public clouds (AWS / GCP / Azure)
  • Extensive knowledge of every layer of the stack (Hardware / OS / Network / Application / Database / Storage / etc.) 
  • Hold yourself and others to a high bar when working with production

We would especially love to hear if you:

  • Contributed significantly to any open-source application security tooling.
  • Have production experience with CNCF technologies like Kubernetes, Istio, Prometheus, Vault, Consul, etc.
  • Have experience developing multi-cloud SAAS platforms.
  • Have experience with threat modeling, performing security audits, penetration testing, and SAST tools.
  • Have experience with certifications, privacy laws, and compliance programs such as PCI-DSS, SOC II, ISO27001, and GDPR.

Why Forter:

We believe DevOps is not a job title. It is a culture.

Each team at Forter owns and maintains the performance, availability, security, and privacy of their systems, databases, and applications. Teams perform backups, manage capacity, fix security vulnerabilities, and perform required upgrades (OS, libs, etc.). They also participate in on-call rotations to handle outages and incident response.

 We believe that head-count is a vanity metric. More doesn't necessarily mean better and people matter! We prefer smaller teams of talented and cohesive teams over more working hands.

We believe in continuously increasing the IQ and EQ of our teams by building an organization that will draw such people to us. We care immensely about how the team works together, and we're not scared of hard conversations. The friction of opinions or business constraints is something we need to deal with when trying to make an impact. 

We don't have QA, architects, or a CTO team. We have neither a NOC nor a SOC team. Our teams are part of the system that we build, so we optimize the processes and tools to fit them. Most of our teams have a generalist-mindset, but our vast system allows people to develop expertise in the areas about which they are most passionate. 

We are big believers that having Skin in the game aligns incentives to build things right. We also favor picking boring technology, respecting the complexity of our system and business.

At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company.

Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law.

Job region(s): Europe
Job stats:  5  0  0

Explore more Information Security career opportunities