Description
Security Engineer
We are looking for a Security Engineer to join our Security Team which sits within the Technology Department. They will be part of a small team of security engineers, with a focus on application and cloud security, implementing best practices for cloud security, conduct threat modelling and integrating security throughout the software development lifecycle. They will also collaborate with cross-functional teams to address security vulnerabilities and ensure compliance with industry standards and regulations.
The role
1. Work closely with product and technical teams to identify and address vulnerabilities across the tech stack.
2. Collaborate with product engineers to explore and create innovative solutions for safeguarding customer data.
3. Drive the development and adoption of security tools, processes, and a security-conscious culture.
4. Streamline security remediation efforts to enhance developer workflows and reduce resolution times.
5. Lead secure coding practices through code reviews, mentoring, testing and close collaboration with security and development teams.
6. Contribute to the creation and maintenance of security documentation, policies, and best practices.
7. Respond to and resolve security incidents, partnering with security and engineering teams.
8. Stay current with security trends and share knowledge to promote a security-first mindset across the organisation.
What we're looking for
1. Strong knowledge of AWS, secure coding, software design, and supply chain best practices in production environments.
2. Proven experience collaborating with software development teams and understanding their workflows and challenges.
3. Deep understanding of web application vulnerabilities and practical application of OWASP guidelines.
4. Hands-on experience in managing vulnerabilities, including identification, triaging, root cause analysis, code reviews, and remediation validation.
5. Experience integrating and maintaining SAST/DAST/IAST/SCA toolchains within development workflows.
6. Ability to communicate complex technical concepts to non-technical audiences and knowledge of security frameworks (e.g., NIST CSF).
7. Experience coordinating and facilitating external web application penetration testing.
Nice to have
1. Familiarity with containers and Kubernetes.
2. Experience with WIZ, Terraform and mobile security.
At Funding Circle we are committed to building diverse teams so please apply even if your past experience doesn't align perfectly with the requirements.
Why join us?
At Funding Circle, we celebrate and support the differences that make you, you. We're proud to be an equal-opportunity workplace and affirmative-action employer. We truly believe that diversity makes us better.
As a flexible-first employer we offer hybrid working at Funding Circle, and we've long believed in a 'best of both' approach to in-office collaboration and non-office days. We expect our teams to be in our London office three times a week, where you can take advantage of our newly refurbished hybrid working space, barista made coffee and subsidised lunches (via JustEat) every day!
Ready to make a difference? We'd love to hear from you.
#J-18808-Ljbffr