Application Security Engineer
Thought Machine, one of the UK's leading fintech companies, is undergoing a period of rapid expansion and is looking to hire a number of candidates in the role of Application Security Engineer.
Our mission is to cure one of the banking industry's primary problems: its reliance on outdated IT infrastructure. Nearly every bank is stuck on a legacy IT platform, which cripples their ability to innovate and give their customers the type of service they deserve.
Our solution to this is Vault: a complete retail banking platform that is capable of being configured easily to suit the needs of any bank. We have built Vault from the ground up as a cloud native, microservice API architecture platform. Thought Machine has a deep culture of engineering excellence, and we believe it is this which delivers a solution compelling enough to engender a seismic shift in the banking industry.
Thought Machine is looking for highly talented individuals to help grow the company and achieve our ambitious goal. We pride ourselves on having an excellent internal culture, where we strive hard to create the best possible working environment; a healthy mix of great technical work, fast pace, supportive atmosphere, and of course our irreverent sense of fun.
Thought Machine hires team members of excellent calibre in every role. While a lot will be asked of you, you will benefit greatly from working in a world class team, with colleagues who excel. Working at Thought Machine is fast paced and team oriented with an emphasis in delivering the highest quality work in every role.
Security Engineers play major and leading role in protecting Thought Machine against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.
- To drive improvements to Thought Machine’s security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence.
- Perform design reviews and Threat modeling of Thought Machine services and products
- Perform vulnerability assessments and security testing.
- Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
- Liaison with development teams for design, code reviews & education
- To contribute to security strategy, security tooling selection and creation
- Conduct regular security assessments and code reviews
- Expertise with a programming language (Python, Go, Java).
- Experience of security in a DevOps environment.
- Experience in web application penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analyzers, etc).
- Coding experience for automating/integrating security tools and creation of security tools.
- Knowledge of security in distributed systems at scale.
- Cloud and containers technology knowledge essential (AWS, GCP, Kubernetes, Docker).
- Experience of performing security design reviews, threat modeling and risk assessments.
- A passion for technology, the internet economy and mobile applications.
- Extensive knowledge of internet security issues and/or mobile security issues.
- Excellent communication abilities.
- Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
- Contributions to the security community (public research, blogging, presentations, etc)
- Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
- Expertise with programming frameworks such as ReactJs.
- Competitive salary
- Share options
- Healthcare (including dental & optical)
- Other perks like sports clubs, healthy (and sometimes not so healthy) snacks, tea and coffee
- A talented & experienced team as your colleagues
- An environment where you can learn and progress
- Friday team wrap up with drinks and food!