Security Engineer

Security Engineer

Security Engineering , DevOps, API's, Node.JS. AWS, OAuth 2.0, Info Sec, ISO Controlls.

🤔 Who are we and why do we do what we do?

We are a data and payments company on a mission! We’re a group of developers, financial experts, and optimists who share a vision for improving the financial wellness of people, their businesses, and their communities.

We started this company with the aim of changing how the industry used and viewed data. As architects of Open Banking, Open Finance, and Open Data, we strive to be a force for good — changing the status quo of how businesses interact with people. We strive to serve the whole population through every change in their finances.

We do this by powering businesses through our APIs and Personal Finance Tech solutions as well as our own personal financial management app for consumers.

We can only do that by being an inclusive and diverse organisation. We invest in our people, and enjoy an environment focused on innovation, collaboration and openness.

💰 What do we offer?

We champion flexibility, and we trust and respect our employees to deliver results in a way that best suits them, working around their own lives and commitments.

We live and breathe a fantastic culture of remote working and you may perform your duties predominantly from your home. However, the heart of Moneyhub is in Bristol and from time to time you will be required to attend company meet ups. Your role may require you to attend client meetings, networking events or group training sessions. You may also be required to work at such other place or places as we may reasonably require from time to time. As a minimum, you will be required to attend a quarterly All Team Away Day at a location of our choice (including overseas).

As well as a truly flexible approach, we also offer a fantastic range of benefits, including:

• Remote working - with quarterly away days, regular team meeting and face to face client meetings as required.
• 10% contribution towards your Pension from your very first day with us;
• 25 days of holiday (plus bank hols), rising to 30 days after two years;
• Choose to take your entitlement to UK bank holidays at other times based on your own days of significance;
• Private medical insurance, including cover for pre-existing conditions, plus dental and optical benefit;
• Six week Moneyhubber Family Pay when you become a new parent;
• Permanent health insurance and life cover  - much greater than the industry standard (death in service);
• Employee assistance programme;
• Professional development support, with dedicated allowance of time and money;
• Life event leave;
• Cycle to work scheme;
• EV Salary sacrifice scheme;
• £750 towards professional memberships
• Remote working benefits, including work from almost anywhere, access to co-working spaces and support for your home office set-up
• High spec laptop

Requirements

👀 Sounds great right? What will you be doing?

We are seeking a Security Engineer to join our DevOps and Platform Team. As a Security Engineer, you will be responsible for working with our dev teams to ensure that our system is secure and that we follow best current practices with regards to API, Mobile, Web and Infrastructure security. You will work closely with the DevOps and Platform team to identify and address security issues, and implement appropriate measures to protect our systems and data.

Responsibilities:

• Work with dev teams to review and ensure the security of our system and compliance with best current practices, and helping product teams prioritise security tasks.
• Identify and address security issues within the system
• Implement appropriate measures to protect our systems and data; this may include making code changes
• Arrange and liaise with external security vendors, for example pentesters
• Collaborate with the DevOps and Platform team to identify and address security issues
• Contribute to the development and maintenance of security documentation
• Collaborate with the wider DevOps and SRE team to help with operations, especially from a security perspective
• Maintain Infosec and Cyber security ISO controls.
• Support prospects and clients with security governance or due diligence responses.

Requirements:

• Good experience with Node.JS and containerised applications
• Experience with OAuth 2.0 token-based authentication
• Strong problem-solving and communication skills, including very strong documentation skills.
• Ability to work independently and as part of a team
• Knowledge and experience of the OWASP Top 10

Nice to have:

• 
  
• Experience with key based authentication - mutual TLS and JWT
• Experience with modern security tooling, including SAST and DAST products
• Experience with AWS
• Experience as a JavaScript developer
• Experience with Snyk or similar and how to gain maximum benefit across development teams.