Security Engineer

London
Technology – Tech Ops
Full Time
Hello there. We’re Zopa the Feel Good Money company.
 
In 2005 we built the first ever peer-to-peer lending company to give people access to simpler, better-value loans and investments. Since then we’ve helped hundreds of thousands of customers take the stress out of money by building our business on honesty, transparency and trust.

It works so well that we want to give our customers access to other great products and tools, empowering them to better manage their money. That’s why, in December 2018, we launched a different type of bank, allowing us to bring a greater range of smart finance products to even more people.

Zopa is looking for a Security Engineer, focusing on application security and internal security tools, to be part of a growing Information Security team. We are in the process of building a comprehensive set of cutting-edge security practices for Zopa, involving both building our own tools and using the best external tools where necessary. You will have the ability to help define what this set of practices should look like. This role will also provide exposure to a wide range of areas such as infrastructure, development and compliance.

On a day to day basis, the Security Engineer would be expected to:

    • Collaborate with development teams, providing consultation and guidance on good security practices
    • Design, develop and implement new tools, processes and support systems
    • Work to find new and emerging threats, and automate identification and prioritisation
    • Promote the importance of Information Security throughout the organisation

Job Requirements:

    • A thorough knowledge of standard application security practices and technologies
    • Experience in application security testing, with confidence using some of the usual tools (Burp, ZAP, sqlmap, etc.)
    • Knowledge of at least one programming language and the willingness to dabble in others (Ruby, Go, Python, .NET)
    • Experience with version control and unit testing
    • Some experience with Linux containers and orchestration (Docker, Kubernetes)
    • Experience working with Linux and Microsoft environments
    • An active interest in the latest developments in security, architecture, and server automation technologies
    • Desire to learn and improve

If possible, we’d also love you to have experience with:

    • Security Information and Event Management (SIEM) tools like Splunk
    • Vulnerability scanning technologies (Infrastructure and Application)
    • Networking protocols and technologies
    • Cloud infrastructure (AWS)
    • IT security certifications