Product Security Engineer

Work with us
At Moonpig Group our purpose is to create better, more personal, connections between people that care about each other. We are an international group, comprising the Moonpig, Buyagift and Red Letter Days brands in the UK and the Greetz brand in the Netherlands.
We were founded with a goal to disrupt the traditional greetings industry. Two decades on, we’re an established leader within the online gifting market, offering a wide range of products to customers across the world.
Moonpig is an iconic brand and innovator, with clear values (read more about our values here!). These values set our teams and our business up for success in an environment that’s fun, supportive and challenging. They’re the glue that binds us together and we think of them as a platform to help us deliver our best work.
Our architecture is built for scale and flexibility which will allow us to quickly innovate and launch new propositions - coupling that with the wealth of data we have on our customers, the sky's the limit in the world of experimenting with cutting edge ideas.
We’re currently looking for a Product Security Engineer to join our Security Team. 
What you’ll be doing: 
As a Product Security Engineer you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. We’re a small team, so the role is a hybrid of engineering work along with vulnerability and risk management, with a focus on automation and collaboration with our wider Technology team to drive secure development processes within our software development life cycle.

Key Responsibilities:

• Contribute to the development of the product security roadmap and strategy.
• Boost, build and innovate upon our security tools in our DevOps pipeline/processes.
• Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritise and remediate them.
• Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment.
• Drive security testing (individually, with third parties, and by encouraging adoption within engineering teams) of our products using both structured and explorative approaches, helping to identify vulnerabilities earlier in our product lifecycle.
• Provide SME support during incidents and crisis management meetings.

You'll be a great addition to the team if you have:

• Strong knowledge of application security best practices (such as OWASP).
• Familiarity with cloud infrastructure (such as AWS, Azure, or Google Cloud).
• Strong grasp of infrastructure-as-code and configuration tools (such as Terraform or AWS CloudFormation) for the purpose of deploying security tooling.
• Knowledge of extracting metrics and events from security tooling.
• Experience working with and securing microservices, and API’s.
• Advanced understanding of secure coding principles, the Secure Development Lifecycle, and how to drive acceptance and integration into engineering teams.
• Experience implementing and managing SAST and/or DAST within a CI/CD environment.
• Understanding of security tools such as WAFs, and vulnerability scanning tools.
• Understanding of cryptography, authentication, and authorization.
• A positive, collaborative, and pragmatic attitude.
• Great communication skills, both verbal and written.
• We are also keen to speak to candidates currently in software engineering roles looking to move into Cyber Security. If this is you, please apply!