We’re looking for talented security engineers that love working in a fast paced environment and in a culture of continuous feedback.
You will play a major role in implementing our security operations programmes by using cutting-edge measures to prevent, detect and respond to potential cyber security threats.
You are empowered to engage and lead cross-functional initiatives - whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.
We work closely with our engineering teams who are building simple and reliable solutions to complex problems. We keep our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.
- Provide subject matter expertise on various areas of security, specifically on security operations
- Develop security use cases, onboard data sources, manage logging and SIEM technologies (i.e Elastic, Splunk, etc.)
- Monitor metrics associated with security controls to ensure controls are well tuned
- Handle security operations day-to-day activities, by troubleshooting and coordinating resolution (activities can be hardware or software failures, security incidents, security breaches, actively looking for threats in logs - threat hunting - etc.)
- Professionally manage inbound security-related calls and questions, create tickets, run security-related assessments, security-related user complaints, and escalate accordingly
- Provide technical support for on call outside normal business hours (when required)
- Drive the implementation and dissemination of security KPIs
- Liaise with teams on security design, incident handling & education
- Participate in cross-team security initiatives
- Select and assess capabilities and features of security tooling
- Perform scheduled vulnerability assessments and security testing
- Minimum of five years of security-related experience
- Strong analytical and reasoning skills
- Experience in security tooling (Endpoint Security, DLP, Web/Network Scanners, SIEM, IDS/IPS, etc.) and its integration into the company systems
- A proven in depth expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security
- Hands-on experience in web applications for critical 24/7 services
- In depth, hands-on experience with security features and system administration of Linux, UNIX and Windows operating systems
- Excellent communication skills and ability to cooperate with other business functions
- Understanding of and exposure to the latest message queue technologies such Syslog, Fluentd, GCP PubSub, Logstash and SIEM-specific collection mechanisms (i.e. Splunk forwarders, etc.)
- Exposure with at least one scripting / programming language (i.e Python, Ruby)
- Professional security qualifications (e.g. CISSP, Offensive Security, GIAC, etc.)
Our team come from a variety of backgrounds and we welcome diversity – if you’re unsure, please apply.