Product Security Engineer

London

GoCardless logo
GoCardless
Apply now Apply later

About us

At GoCardless, we’re passionate about payments. Our vision is to provide businesses with the best way to collect recurring payments, wherever they and their customers are in the world.

Today, we help over 60,000 businesses take the pain out of getting paid, so they can focus on what they do best. And through our partnerships with over 200 software providers such as Xero, Zuora, Salesforce and Quickbooks, more and more businesses are benefiting from our unique global payments platform every day. We process $15bn of payments a year across more than 30 countries, powering recurring payments for businesses worldwide, from multinational corporations to small businesses. 

We’re headquartered in the UK, and backed by some of the world’s leading investors including Google Ventures, Salesforce Ventures, Balderton Capital, Accel Partners, Notion Capital and Bain Capital. Over 500 employees worldwide have decided to develop their careers with us. We’ve built a friendly, collaborative culture where we hire and develop people who share our desire to do work we can be proud of. We value learning and feedback, and support colleagues to develop in their role and more broadly in their career.

The Role

Our Security and Privacy Engineering team is here to make sure that we remain a secure and trusted partner for all of these businesses as we grow. We believe security and privacy works best when it is part of the product, so we focus on inspiring autonomous teams to take shared responsibility for security and privacy.

As a Product Security Engineer you will enable teams to take ownership of the security & privacy of their service by collaborating to set standards, providing advice on specific projects and performing hands-on security testing. You will also work closely with the Director of Security & Privacy Engineering to ensure the continued evolution of our security and privacy strategy.

In this role you will..

  • Work with internal stakeholders to agree security and privacy standards based on industry best practices and the work Product Development teams to develop a roadmap which balances our risk appetite with engineering realities
  • Perform design reviews and threat modelling of GoCardless services and products
  • Perform vulnerability assessments and security testing (we’ll expect you to already know the type of security vulnerabilities a company like ours faces)
  • Provide subject matter expertise on areas of security throughout the software development lifecycle 
  • Help and incentivise development teams to work with a security mindset
  • Lead cross-function security initiatives
  • Automate and continually improve our approaches through development of tooling and procedures
  • Work closely with our sales teams to respond to Requests for Proposals

About you

You will be someone who has experience securing a cloud native environment, and in particular, embedding standards in engineering functions so that product teams can take the lead in building security and privacy into what they do.

Your background should include either developing application security programmes in a devops environment, or application security testing. In either case, you will be comfortable writing scripts to automate tasks and conducting security related testing.

We want you to be part of explaining security to our merchants and partners, so you will need to be comfortable communicating security and privacy to a broad audience.

Our engineers contribute to the engineering culture within and outside of GoCardless: they contribute to Open Source Software projects (see our Github), and share learnings in post-mortems, conferences and on our blog.

Life at GoCardless

Diversity is hugely important to us and we welcome applications from those with disabilities and from under-represented backgrounds. Throughout our hiring and onboarding process we make any reasonable adjustments necessary to create a level playing field and continually look at how we can improve in this area. We also have active ‘employee resource groups’ (such a BEAM and Rainbow) that are supported and sponsored by members of our Exec team; they work to engage and inspire our employees on diversity & inclusion topics throughout the year.

We offer flexible working hours and remote working arrangements, enhanced parental leave and pension packages. You’ll also receive equity, because we believe having this ‘buy in’ is a vital part of building a successful business where everybody - regardless of their role - can make a valuable contribution.

Here at GoCardless we value flexibility, and throughout the challenges of the Covid-19 pandemic we've listened to our global GeeCees to gain a better understanding of the positives and negatives of working remotely (which we've been doing since March 2020).

Their feedback helped us develop our 'Adaptive Working' model, rolling out mid to late 2021. It's built around three components: days in the office, remote working, and enhanced environments. This means teams will be able to come into a GC office between one and three days per week for collaboration and teamwork, with the rest spent working remotely to enable a healthy work/life balance. We’ll also be reimagining our office environments so they enhance the collaboration and socialisation aspects our GeeCees told us they value most highly.

We continually review this approach in conjunction with the changing restrictions in each of our locations; additionally we offer support to maintain wellbeing and comfort, including subsidised home office equipment, workstation assessments and a range of remote social activities you can dip in and out of whenever you fancy.

Find out more about Life at GoCardless via Twitter, Instagram and LinkedIn.

Job region(s): Europe
Job stats:  7  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities