Offensive Security Engineer

About the team

As an Offensive Security Engineer at Tide, you’ll join the Threat Detection and Response team a highly motivated and talented team of Tideans who love to collaborate, and are driven by helping people achieve their business ambitions. We live and breathe our values, which are to put our members first, work as one team and be data-driven. As part of our team, they’ll matter to you too. You'll also help take our security processes to the next level. Our scaling security team is responsible for securing Tide, our Tideans and our Members

About the role 

As an Offensive Security Engineer you will be,

• Reviewing web/mobile applications, source code, operating systems, and network security architectures; finding vulnerabilities and defining effective strategies for remediation and hardening.
• Identifying gaps in controls and vulnerabilities in our Cloud infrastructure with containerised environments and GitOps deployment pipelines.
• Ability to think critically and identify areas of technical and non-technical risk.
• Research and develop tools, techniques and exploits specific to Tide.
• Help with the triaging and perform validations of external security submissions whenever required.
• Communicate effectively findings and remediation actions with both technical and non-technical teams.
• Coaching engineers across both Security and broader technical teams in the principles and practices of offensive security.
• Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
• Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
• Work with the Tide engineering teams to plan and scope internal/external pen-testing.
• Bring your red team hat to support Incident Response

What we are looking for

• First and foremost you will be passionate about security and secure application design. You will love helping engineers create more secure web and mobile applications.
• You will be comfortable explaining security issues and concerns to product owners, engineers, area VPs and executives and love the feeling you get when this results in them releasing a more resilient product.
• You have experience working within the Fintech or tech sector.
• You have worked within a fast-scaling business.
• You have experience in attack simulation and vulnerability research.
• You are comfortable with writing tooling in Python, Java, go etc.
• You have strong Experience in performing security assessments on the following:
• Cloud technologies (AWS, Azure, Kubernetes, containers etc).
• Mobile/Web applications and APIs.
• Mac /Windows.
• Have exposure to LLM testing.

Our Tech Stack

AWS, Azure, GitOps, Kubernetes, microservices, Distroless, Angular, Flutter

What you’ll get in return

• A competitive salary
• 25 days holiday with the option to take 5 extra days of unpaid leave per year
• 3 days paid volunteering or L&D time off per year
• Personal L&D budget of £1,000 professional L&D budget per year 
• Group Life Insurance, Vitality Health and Dental Insurance
• Spacious brand-new office by Old Street station with an all-day snacks bar
• Enhanced family-friendly leave
• Access to a global mental wellbeing platform that provides 1:1 video therapy sessions with accredited therapists and unlimited chat therapy sessions
• Work from home budget
• Team socials - virtual and physical events
• Sabbatical leave

#LI-EP1 #LI-Hybrid #LI-Remote