(Senior) Security Engineer - Product Security
As a Security Engineer, you’ll help us ensure that we’re taking all the required steps to build a secure product set and protect our production environments from ever-evolving cyber threats. You'll play a key role in our product engineering ecosystem and partner with engineers from various tribes and squads to oversee the security of our products and features. You’ll be influencing implementation of cutting-edge measures to minimise exposures and vulnerabilities while actively training and educating the engineers on security best practices and latest developments. We will look toward your unique skills to approach and solve problems in your own way while ensuring alignment with our global strategic directions. Whether engineering a system to address a technical security hurdle, protecting the customers' data, or consulting on a wide range of security topics, you are fully empowered to autonomously drive the engagement and promote security best practices cross-functionally.
What you’ll do
Own and drive engagement with our engineering tribes while ensuring continuous security posture improvements across the product landscape
Proactively detect security deficiencies and flaws in our products and features across software development stages, drive the remediation and improvements and ensure knowledge sharing
Perform architectural design reviews and threat modelling exercises of SumUp web/API/mobile solutions and advise on security best practices
Perform vulnerability assessments and security testing
Provide subject matter expertise on all areas of security and privacy throughout the software development lifecycle
Liaise with software development teams for design, code reviews and education and be a security go-to person
Implement and review controls to protect data and systems
Assist in company-wide security initiatives
You’ll be great for this role if
You have a proven and strong depth of expertise in cyber and information security. ideally with hands-on experience in web and mobile security for critical 24/7 applications
You’re experienced with security in a DevOps environment and have knowledge of agile methodologies (e.g. sprints, Kanban).
You have a comprehensive knowledge of Web/API application security, and cloud and containers technology (Kubernetes, AWS).
Experience of using AWS is essential for this position.
You have experience in penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.).
You’ve performed security design reviews, threat modelling and risk assessments.
You carry good analytical and reasoning skills with a passion for technology, the internet economy and mobile applications.
You have extensive knowledge of Internet security issues, cloud architectures, and threat landscape.
Why you should join SumUp
We’re a truly global team of 3000+ people from 60+ countries, spread across 3 continents.
You'll have the opportunity to make an impact as we work in flat hierarchies.
You'll attend global offsites and regular team events.
You’ll receive a budget for attending conferences and external training.
We offer visa and relocation support for you, your family and even your pets.
We believe in the everyday hero.
Small business owners are at the heart of all we do, so we're creating tools that help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America and the United States work together to ensure that the small business owners we partner with can be successful doing what they love.
Job Application Tip
We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.