Engineer - Application Security

intelliflo is a global business that welcomes bold ideas and all points of view. Doing what matters inspires us, and we believe that we grow best – as people and businesses - by working together and always striving to get better without fearing failure. 

We’re not looking for a ‘culture fit’. We want you to bring your unique skills and perspectives and add to our culture, not conform to it. This isn’t about finding the person who fits in; we want people who stand out. 

Who is intelliflo? 

Sound financial advice has the power to transform lives and should be accessible to the many, not the few. intelliflo widens access to financial advice through leading technology that powers the advisory experience.

We use open software architectures and unmatched industry experience to simplify a complex digital landscape and help advisors flourish and grow. Our solutions support over 30,000 financial advisors globally, who represent over three million households with over USD 1 trillion assets. 

intelliflo operates independently under its own brand as a wholly owned subsidiary of Invesco, a global leader in the asset management industry. 

Job Description

Key Responsibilities / Duties:

• Maintaining security operational processes supporting the Secure SDLC
• Running application penetration tests based on clear objectives and test plans
• Soliciting input from stakeholders on testing scope
• Build threat models for various types of systems, and changes to systems
• Perform architectural reviews of applications for evaluating their security posture
• Provide project teams with security requirements based on company security policies and industry best practice
• Provide consulting services to stakeholders on remediation and mitigation strategies
• Perform manual validation on issues found from penetration testing or automated testing tools
• Writing reports based on testing output
• Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities
• Validate recommendations, mitigations, and workarounds for issues found
• Perform after hours testing in accordance with business requirements
• Write and customize testing tools and scripts to automate testing functions
• Build positive relationships with peers and operations teams who’s controls are under evaluation
• Other duties as assigned

Work Experience / Knowledge:

• Minimum 5 years of relevant experience in information security
• Minimum 3 years in application Security and penetration testing
• OSCP, CEH, Pentest+, or CISSP in good standing
• Prior knowledge of application and network penetration testing tools, scripting languages, software vulnerabilities, exploits and malware
• Prior experience of vulnerability management and mitigation design
• Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications, DevSec Ops concepts, agile methodologies, modern SDLCs, & applicable monitoring tools
• Network infrastructure knowledge
• Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public
• Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse

Skills / Other Personal Attributes Required:

• Experience of working in a high volume and result-oriented operational environment
• Ability to communicate assertively – verbally as well as in writing- technical information clearly and concisely, commensurate with the audience
• Maintain strict confidentiality of all security issues
• Must be assertive, methodical and detail oriented
• Must be intensely curious, innovative, and think beyond existing procedures.
• Must be able to build rapport quickly and positively influence outcomes.
• Must mentor, cross-train, and oversee more junior resources on the team.   
• Must be a team player and self-starter
• Ability to multi-task and work on more than one initiative at a time
• Flexible – able to meet changing requirements and priorities
• Maintain current knowledge for all applicable technical areas

Formal Education:

• BS or equivalent in information security, computer engineering, or computer science

EMEA Regulatory Data:

SMCR Senior Manager

No

SMCR Certified Person

No

MiFID Knowledge & Competence role

No

FCA Training & Competence role

No

Material Risk Taker

No

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

Yes

Workplace Model

intelliflo’s workplace model is designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection when possible. Most teams within our England office work 1-day a week in the office, however, most of our teams within the United States and India operate in a remote working pattern. Certain limitations apply.  Please consult with your Talent Acquisition contact during the interviewing process.

What’s in it for you? 

intelliflo offers industry-leading Total Rewards that help you thrive – in and out of the office, including competitive pay, retirement savings plans, generous health and wellness benefits, and much more. 

Our commitment to diversity, equality, and inclusion   

Our aspiration is for our workforce to continually reflect the diversity of people and perspectives in today’s evolving society, which we believe is fundamental to our efforts to widen access to financial advice.  intelliflo is proud to be an Equal Opportunity Employer. We are committed to equal employment opportunity for all job applicants and employees. Individuals seeking employment at intelliflo are considered without regards to race, religion, color, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, military or veteran status; or any other characteristic protected by applicable laws. 

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.