InfoSec Engineer - Flutter UK&I

The Role
Information Security Engineering is responsible for developing systems for detection, prevention, analysis, reporting, and lifecycle management of software vulnerabilities and other security-related needs.

The ideal candidate will be required to demonstrate software development, automation, infrastructure and network security skills and work with a cross-skilled security engineering team, have regular contact with the Development, DevOps, Infrastructure, Network, Architecture, DBAs and other teams or business stakeholders.

As a business partner you will provide insightful and timely security advice that enables the business initiatives to move at pace whilst ensuring risks are clearly articulated and appropriately managed.

What You'll be Doing:

• Support for Identity & Access Systems (SailPoint and co’), including developing automation in Java & Python.

• Technical background in development (especially Python), capable of driving the engineering needs of the security engineering aspects of products built in-house and/or integrated from 3rd parties.

• Offering guidance to development teams on how to solve vulnerabilities, incidents, business logic flaws or implement security requirements.

• Understand the architecture of production systems (high level) including identifying the security controls in place and how they are used.

• Knowledge about Everything as Code and how to integrate Security into this flow - CI/CD, DAST, SAST, SCA, Security Scanners, Security Controls.

• Knowledge sharing and interest to grow together with the other team members, including support for more junior team members from the team.

• Develop and maintain engineering components autonomously that enable the Security team to ensure internally developed code is following security best practices.

• Able to explain in simple words web technologies and how the full stack works - if need to go into details, use documentation (“a man” of “man man”).

• Incident response (security related), capable to perform triage and with support from other business functions provide mitigation advise.

• Effectively manages stakeholder interaction and expectations.

What You'll Bring

• Good written and verbal communication skills / fluency in English (work related).

• Demonstrating knowledge and experience in real projects is required.

• To be fair with yourself, to have soft skills and a relaxed mindset.

• Resolve and/or escalate issues in a timely fashion.

Nice To Have

• Participated in Bug Bounty programs / CTFs, reported security to other companies and keep up with the security trends and exploits from news.

• Knowledge about how The Internet (web related stack and concepts) is working and interest into deep dive the concepts.

• Research and evaluate emerging technologies to detect, mitigate, triage, and remediate application security defects (XSS, RCE, SQL Injection, CSRF etc).

• Hands on experience in hardening, secure systems, firewalls, vulnerability management, security scanners, etc - buying consultancy is “Acquisition” not “Security”.

• Ability to think like an attacker and solve problems with expertise and ingenuity, but at the same time, be able to think like a gatekeeper (Red/Blue Team).

• Capable of suggest and implement security controls for both public & private clouds.

What you can expect:

• 25 days of annual leave;

• Sharesave scheme;

• ”Flexible Benefits” of your choice;

• Private health insurance (includes dental insurance and health assessments);

• Free parking;

• Thousands of courses online through ‘Udemy'

Ways of working:

Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;

We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.

By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective role within the company.