Cyber Security Engineer

  • London
  • Full Time (Permanent)
  • Hybrid
  • Infosec
Apply for this role

About the role

As our Cyber Security Engineer, you will be the bridge between Security and Engineering. You aren't here to block deployments; you’re here to ensure our code is resilient by design. You will empower our developers to ship fast without breaking the trust of our customers or regulators.

Tech Stack

Backend

  • Kotlin 1.7.20

  • AWS

  • GraphQL (it would be nice if you were familiar with this but it’s not a deal breaker)

  • Postgres

  • RabbitMQ

  • Docker

  • Kubernetes

Frontend

  • React & React Native, TypeScript, MobX, Redux, Stylus and SASS

Other

  • We build our Kotlin projects using Gradle and GitHub Actions, deploying to production as soon as we finish a feature

  • We use JUnit Jupiter, Kotest and TestContainers for automated testing

What you'll be doing

  • Secure the Pipeline: Integrate and automate SAST, DAST, and SCA tooling directly into our CI/CD pipelines to catch vulnerabilities before they reach production.

  • Harden the Product: Act as a Subject Matter Expert (SME) assisting engineers with the remediation of security vulnerabilities and bugs.

  • Safeguard AI: Design and implement security guardrails for AI-assisted development and LLM integrations, ensuring data privacy and preventing prompt injection or model leakage.

  • Threat Modelling: Partner with Product and Engineering teams to conduct threat modelling sessions for new features before they are built.

  • Security Architecture: Act as a consultant for infrastructure and application design, ensuring our AWS/GCP Kubernetes environments remain hardened.

  • Security Culture: Cultivate a Secure Development guild to level up our developers' secure coding skills.

What we’re looking for

  • Pragmatism: You understand the difference between partnering with Engineering and security being a blocker of progress.

  • Communication: You can translate a complex vulnerability into a business risk for a Product Manager and a technical fix for an Engineer.

  • AppSec Subject Matter Expertise: You have a strong understanding of critical security risks in applications, are able to identify them in code, and provide recommendations of how to remediate.

  • Cloud Native: Strong experience securing AWS/GCP environments and containerised workloads.

  • AI ready: You understand the unique risks of AI and have experience securing AI-driven workflows.

Apply for this role