The Role The role encompasses several security domains covering application security, cloud & infrastructure security, security orchestration, security assurance, corporate security and incident response. Our Security Engineer is familiar with two or more of these security domains and has knowledge of other domains at a high-level. 

The Team The Deputy Trust team is responsible for ensuring that the Deputy platform lives up to the high expectations of the millions of people using it every day. We work to continually minimise risk while ensuring that customers and employees have an excellent experience. All team members have an opportunity to help build and maintain a strong and healthy team culture where collaboration and camaraderie are encouraged. We also support and encourage Diversity and Inclusion and welcome a broad variety of perspectives and experiences into all our roles.

You You may currently be in a security engineering or operations role and are passionate about automation and designing secure products and solutions. You might have an IT/systems administration background and are keen to specialise in security, or you might have experience in at least two of the listed domains looking to explore multiple facets of an end-to-end security program. Responsibilities - Ownership and delivery of identifying, testing, mitigating, and/or responding to security issues/incidents is required for this role. - Own and deliver projects to meet monthly, quarterly or yearly roadmap objectives.   - Define security solutions and collaborate with the team to select the best approach. - Identify and implement necessary short and long-term risk-reduction measures - Implement controls to address vulnerabilities in our applications.  - Assist with penetration testing exercises - Triage bug bounty submissions - Perform code reviews for security remedial work and fix code-based vulnerabilities  - Participate in discussions regarding web/mobile application vulnerability remediation Skills & Experience - You have experience in information security fundamentals, have been working in the industry for 2+ years, and are looking to use your skills and expertise to build and influence a new security practice. - You are highly effective at collaborating with other areas of the business and leading with influence rather than relying on authority. - You have strong presentation and written documentation skills, working together requires telling a story everyone can understand. - You are comfortable with taking on a “builder” mindset, you are ready to learn, aren’t afraid to ask questions and execute with a high agency. - Understanding of cloud security best practices (we use AWS), their tools around security, risk mitigation, etc. - Experience with distributed web-based applications services (we use PHP, Go & JS) and their security posture, risk, etc. - Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, GitLab, Jenkins, etc). - Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience. - Experience in web application penetration testing, secure coding and source code analysis.  - Experience with Bug Bounty programs Employee Perks - Share Options - Paternity/Maternity Leave Policies - Flexible Work Policy - Company wide Development & Coaching - Hackathons - Awards - "Your Time to Shine & Celebrate Success" - Social Events & variety of social clubs (Books, LGBT, Games, Sports) - Mental Health Support - Munch & Learns