Job Title: Senior Security Engineer
Salary: Up to £80,000
Start date: ASAP
Location: Remote/Bristol. At the moment we are only able to accept candidates based in the UK.
Who are we?
We recognised a global problem. Millions of ordinary people contribute to our investment system through ISAs, workplace pensions, and other investments. Yet most have no visibility over where their money is going and no voice at the many companies they own through their investments. The result? A society that is disengaged and an investment system that is failing to address critical social, environmental and governance challenges.
Tumelo was founded to change this. We believe every investor should be empowered to use their shareholder voice to create change on issues like climate, gender and human rights at companies where their money is invested. Our software shows investors the companies they own and empowers them to engage on issues they care about. In doing so, we help investment firms connect with customers so they can better serve people and protect our planet.
We’ve just raised a $19m Series A, we are growing at pace, heavily investing into our people and our product and have an exciting roadmap ahead of us.
Big change takes time but we are patient and ambitious in equal measure; influencing the system, building a movement and empowering the world. Want in?
What our team say:
“People actively help each other and make time for it. Every week I've learnt something new. Flexibility is respected. People are here to work and deliver, not to have meetings for the sake of it”.
“Everyone here is treated as a valuable member of the team and no good deed goes unnoticed. I feel appreciated and respected constantly. The culture is full of fun and the people are all fab. Would recommend to anyone”.
“Everybody is so passionate about what they do, which is great for motivating each other. Our ideas are heard and encouraged. There is such trust and support all throughout the business and everyone is always eager to help”.
“Great culture, flexibility, good work/life balance, a worthwhile job (promoting shareholder rights) and amazing colleagues”.
What the press says:
We're looking for a security engineer to support Tumelo's internal security ambitions and empower other team members to do their best work while staying secure. We are looking for someone to come into our modern cloud-based tech stack of MDM, cloud technologies (AWS/Google/Kubernetes), cloud IT (Office 365/Intune) to make Tumelo secure and agile. You will be responsible for:
- Enhance Tumelo’s security governance practices through the management of internal security policies, systems and practices.
- Take an active role in contributing to the Information Security Strategy.
- Recommending security enhancements to management and modifications in legal, technical, and regulatory areas.
- Encourage a ‘shift left’ in security by recommending/implementing/automating tools that make security adoption easier for the organisation (e.g. through CI tooling).
- Configuring software, such as MDMs, data encryption programs, and access tools to protect Tumelo effectively
- Assisting with installation or processing of new security products and procedures
- Conducting scans of software, networks, and infrastructure to find vulnerabilities on a periodic basis (e.g. Penetration Testing) and acting on the findings to ensure timely resolution.
- Monitor networks and systems and build tools to help with breaches or intrusions
- Supervising security changes in software, hardware, and user needs
- Supporting on incident response activities and investigating security incidents
- Educating staff members on information security through training and awareness
- Awareness of cloud security best practice and tooling.
You should have a strong understanding of networks/systems that is wanting to grow their scope and responsibilities. If you are analytical, enjoy mucking in and problem-solving and have a strong enough understanding of the basics. These are desirable rather than essential criteria. We welcome applications from people who do not have all the listed criteria but think they have what it takes and a willingness to learn by doing:
An understanding of operating systems, Linux, security protocols
Experience applying an information governance program to IT
Experience communicating security processes to other engineers as well as non-technical people
Experience in automating processes with bash
- Security Certifications: CISSP, CEH ...
Understanding of basic developer tools such as git to automate processes
A strong enough understanding of networks suitable to aid in securing them
Understanding and experience in implementing security best practices
An understanding of how to conduct a penetration test and how to look for vulnerabilities in a system.
Exposure to security certifications such Cyber Essentials, ISO 27001,
Very much a nice to have: Security certifications
What we offer:
We’re incredibly passionate about Tumelo’s culture and ways of working. We have an amazing team who care deeply about our mission. We value team well-being and strive to build a safe, healthy environment where people can bring their whole selves to work.
- Salary up to £95,000 dependent on experience.
- Generous company share scheme plus an annual bonus
We are all owners of Tumelo and beneficiaries of our collective success.
- Work From Home budget
To get you everything you need to be able to work comfortably from home.
- 5% employer pension contribution
- £50 per month wellness budget Pick the benefit that works for you, whether that’s a monthly gym membership, a regular massage, career coaching or a regular delivery of healthy food. There are over 1000 things to choose from!
- 33 days holiday
These include bank holidays but you can take bank holidays off at your discretion, some of the team prefer to work those days and save the holiday for another time, and that’s fine by us!
- Flexible hours
We commit to being available to each other on slack/email between 10am and 3pm Monday – Friday (save for lunch), but outside of these hours you can work whenever you feel most productive.
The team commit to gathering together for a full day at least once per month in Bristol. During the day we work on our culture, talk strategy, run hack days and bring in guest speakers. Then we always follow things up in the evening with a fun activity – recently we’ve had laser quest, a pub quiz, roller disco and a darts tournament! It’s a fantastic way to spend time with the team.
- We're remote-first but we have an office in Bristol and London that you can also use as much as you’d like should you wish to have a space to work outside of your home.
As we continue to grow, we intend to increase our employee benefits package so expect more in the future!
- Meet our talent team (15 mins)
- Meet with a couple of the tech team (1 hour)
- Final interview (1 hour)