The opportunity

We are seeking an accomplished Application Security Engineer to join the Information Security team at Shieldpay. You will take a lead role in upholding the security of Shieldpay’s products, from early stages in their design to completion and go-live.

We are an ambitious company, processing funds in excess of £30 Billion, with global partners trusting us to securely deliver monies to the right people at the right time. As a result, we are looking for an individual with a natural curiosity for understanding how something works with a view to making continuous security improvements part of the company landscape.

You will be key in designing and helping to implement technical architecture for new opportunities, ensuring security is built into every step of the application lifecycle and ensuring a ‘security first’ approach.

What you’ll be doing

• You will be the subject matter expert and provide technical expertise and guidance for Shieldpay developers around the secure development of their products.
• Implementing secure tooling such as SAST and DAST to allow the developer teams to produce reports for your review.
• Performing vulnerability assessments both internal and external to actively look for possible security threats and to ensure compliance to PCI DSS.
• Further develop the secure application development lifecycle, integrating security tooling early into the continuous delivery pipeline, shifting ‘security left’.
• Contribute towards the broader company technical strategy, to push it in a more secure direction from a development perspective.
• Actively test the effectiveness of current controls to ensure continuous improvement.
• Provide information for various reports, such as penetration testing remediations and application vulnerability reports.
• Keep up to date with evolving InfoSec trends, emerging risks, and growing industry-wide technological shifts.
• Promote the importance of Information Security throughout the organisation.
• Work with the rest of the organisation to build security into everyday functions and promote good practice rather than ‘security as a blocker’.

What we’re looking for in you

• Knowledge of secure coding practices and tooling for examples NIST and BSIMM standards.
• The ability to implement, review and action vulnerabilities identified within SAST and DAST (e.g. BurpSuite or OWASP ZAP) reports from the developer teams.
• An understanding of Windows, Mac and Linux systems.
• A wider understanding of application and network protocols which could introduce security vulnerabilities.
• Experience in a Security Engineer role or similar.
• A desire for continuous improvement as security threats evolve.

If possible, we'd also love you to have:

• A natural enthusiasm for all things application security.
• Experience of the risks faced by FinTech companies.
• Experience with SAST, DAST, vulnerability and pen testing products.
• Experience with cloud computing providers such as AWS.
• Relevant certifications in security engineering or the general information security space, e.g. one or any of OSCP, OSWE, GPEN, GWAPT, GMOB, CRT, PenTest+

Our promise

Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.