Permutive is hiring for an Application Security Engineer to drive, assess and advise on the security strategy dedicated to our products and services as well as implement and integrate security into our SDLC and CI/CD workflows.
Security sits at the core of Permutive and it's crucial we set high standards throughout our internal and external products. This would be an exciting position for anyone interested in working closely with engineering and wider teams to shape the way we approach the future of security at Permutive.
As our first Application Security Engineer, you will work closely alongside our Infrastructure Engineering Manager and DevSecOps Engineer to ensure we're offering the highest level of protection to our end-users.
Some of the challenges you will help us to solve
- Influence, empower and assist engineering teams in design processes, threat modeling, and secure development
- Perform architecture and security reviews on our products to identify threats, vulnerabilities and privacy risks
- Collaborate with the Cloud Infrastructure Security Team to design and implement new scalable ways to automate and improve security across the business
- Develop Application Security tooling to be integrated to our CI/CD workflows, including SAST, DAST and SCA
- Take our Champion Application and Information Security program to the next level
- Keep an eye on emerging technologies and trends in the application security landscape and ensure we are up to date with the most efficient tools and techniques to mitigate threats
The wider context
Permutive is a B2B SaaS company building the data platform and tools for a world with a trillion edge devices. We have product–market fit and customers that love us, and we’re 100+ people and growing rapidly in Europe and the US. We have received funding from some of the world’s best investors, including Y Combinator.
We’re 30+ engineers working to build an outstanding engineering culture so that everyone who joins has the opportunity and the support to do the best work of their life. Small, autonomous teams are important to us, and we want to empower everyone to make—and be accountable for—decisions through ownership.
Everything we build has to scale: our platform handles more requests each day than there are new tweets and Google searches, and each month we see more than a billion users. We think applying functional programming techniques like compositionality and type-safety is the best way to build the type of massive distributed system our platform comprises, allowing us to move fast without sacrificing quality.
The ideal person for this role will have
- Experience working alongside engineers to empower security best practices, testing and code reviews.
- Solid understanding of privacy, security and compliance challenges surrounding product development and software development lifecycle.
- Experience with penetration testing, as well as designing and implementing automated application security tooling into CI/CD workflows to support SAST and DAST operations as part of the SDLC.
- Command of the web stack, including storage mechanisms like Local Storage and IndexedDB; browser cookie types like HttpOnly, SameSite, third-party; iframe limitations; browser security features, e.g. CSP directives; and the fundamentals of web server software and deployment.
- Excellent development experience with focus on secure coding.
- Passion about security tools and automation.
- Understanding of threat modeling and vulnerabilities, and how to mitigate risks concerning applications and services.
- Ability to communicate technical security concepts to diverse audiences.
We'd be particularly excited if you have one or more of the below
- Experience setting security strategies from scratch.
- Familiarity with Scala.
- Cloud Experience (GCP or AWS).
- Experience with OWASP ZAP, Burp Suite and OSINT.
How we pay
We take a structured, objective approach to salary-setting, which is based on market information, our compensation strategy, and your experience and capability as assessed through our interview process.
For a typical candidate meeting most of our requirements we would likely pay £105,000 + options.
For a candidate with a breadth of experience, and who meets several of our bonus criteria, we'd pay up to £125,000 + options.
- Stock options (you'll own a piece of the pie)
- Parental Leave Policy entitling new parents up to 26 weeks of leave on full pay
- Everyone has an annual learning budget of £2,400 which we encourage you to use to level up
- Time to rest and relax with unlimited paid leave (minimum expectation of 25 days annually)
- Extensive training and development opportunities
- Automatic enrolment into our pension scheme from day one
- Free access to Spill, our mental health partners
Diversity, Equity & Inclusion
At Permutive, we’re taking a thoughtful, intersectional, long-term approach to diversity, equity & inclusion. We care deeply about creating an inclusive work environment that allows everyone to flourish, and we are taking continual action to progress in that direction. If you would like to read an outline of efforts we have already made towards becoming a more inclusive company as well as insight into what we are actively working on, you can find that information here.
How we are responding to COVID-19
We have a presence in London and New York. At the beginning of March 2020 we made the decision to move to working from home for all Permutive employees until 2022. We have invested significant time and budget into ensuring that everyone is suitably equipped to manage this time period. Our guiding principle behind any decision we make will always be the health and well-being of our employees.