hero
3,374
companies
3,651
Jobs
If you are a Techstars portfolio companyclaim your profile.

Product Security Engineer 

Shieldpay

Shieldpay

Product
London, UK
Posted on Oct 23, 2024
Technology · London · Hybrid Remote

Product Security Engineer

You'll be key in designing and implement technical architecture for new opportunities, ensuring security is built into every step of the application lifecycle and ensuring a ‘security first' approach

We usually respond within two weeks

The opportunity

We are seeking an accomplished Product Security Engineer to join the Information Security team at Shieldpay. You will take a lead role in upholding the security of Shieldpay’s products, from early stages in their design to completion and go-live.

We are an ambitious company, processing funds in excess of £30 Billion, with global partners trusting us to securely deliver monies to the right people at the right time.

As a result, we are looking for an individual with a natural curiosity for understanding how something works with a view to making continuous security improvements part of the company landscape.

You will be key in designing and helping to implement technical architecture for new opportunities, ensuring security is built into every step of the application lifecycle and ensuring a ‘security first’ approach.

What you’ll be doing

  • You will serve as the subject matter expert, providing technical expertise and guidance to Shieldpay developers in the secure development of their products.
  • Utilise SAST, DAST, and SCA within the development pipeline and collaborate with the engineering team to investigate, re-test, and resolve identified vulnerabilities.
  • Conduct internal and external penetration testing and partner with external experts to proactively uncover potential security threats.
  • Lead architectural reviews and threat modelling to embed security requirements into product designs.
  • Own the secure software development lifecycle and represent application security in ISO 27001 audits, ensuring alignment and compliance with the standard.
  • Contribute towards the broader company technical strategy, to guide it in a more secure direction from a development perspective.
  • Regularly evaluate and report on the effectiveness of existing security controls as part of the RCSA process.
  • Contribute to the wider security team and assist with incident response, monitoring, and routine security operations tasks.
  • Work with the rest of the organisation to build security into everyday functions prioritising a culture of security best practices over barriers.

What we’re looking for in you

  • Strong knowledge of secure coding practices and familiarity with security frameworks such as OWASP, BSIMM, or SAMM.
  • Experience with SAST, DAST, and SCA security tooling and the ability to interpret and address their findings.
  • Proficiency in conducting penetration testing and vulnerability assessments, both manually and with automated tools.
  • Solid understanding of software development methodologies and experience working with development teams to integrate security practices into the SDLC.
  • Experience in an Application Security, Penetration Testing, or similar role.
  • Strong communication skills and ability to build effective relationships with engineering teams.
  • As we are dedicated to fostering an inclusive environment where every individual is valued, respected, and empowered to use their voice, we’ll expect you to demonstrate a likeminded approach to how you communicate and collaborate with others.
  • We don’t like old fashioned corporate hierarchy. Instead, we like to empower our people and be autonomous in their role. You should be adaptable and thrive in a fast paced, dynamic environment.
  • We're building a vibrant community full of the best people the fintech world has to offer. You should be enthusiastic about our industry and able tap into your experience and expertise to help take Shieldpay to the next level.

If possible, we'd also love you to have

  • A natural enthusiasm for all things application security.
  • Experience with threat modelling and security architecture reviews to identify and mitigate risks in product designs.
  • Familiarity with implementing ISO 27001 within software development environments.
  • Experience with AWS and GCP cloud security services, including WAF, API gateways, key management services, and secret managers.
  • Relevant certifications in security engineering or the general information security space, e.g. one or any of OSCP, OSWE, GPEN, GWAPT, GMOB, CRT, PenTest+

Our promise

Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.

Team
Technology
Locations
London
Remote status
Hybrid Remote
Employment type
Full-time
Employment level
Technicians
Contact Georgie Leonce Head of People – Central

Workplace & culture

Our team is filled with ambitious, curious and entrepreneurial people. We hire and nurture inquisitive, creative minds looking to flourish in a supportive and collaborative environment, recognised by being placed within the top 100 startups to work for in 2022 by Tempo and Flexa certified in 2023

We don’t like old fashioned corporate hierarchy. Instead we like to empower our people to make a change and be autonomous in their role with all the support you need with the other teams around you.

About Shieldpay

Shieldpay Limited: Regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Reference number 770210) as an authorised payments institution. Shieldpay is a company providing simple and transparent payment solutions across the legal, financial, and professional services industries. The firm offers Third-Party Managed Accounts, Escrow facilities and payment agent services.

Shieldpay Trust Services Limited: Registered with HMRC as a trust service provider (Reference XPML00000158706) and provides the services as a corporate trustee to the beneficiaries of the trust, established by deed, in connection with escrow transactions.

Registered Address for our Group Companies is 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT.

Founded in 2016
Co-workers 95
Technology · London · Hybrid Remote

Product Security Engineer

You'll be key in designing and implement technical architecture for new opportunities, ensuring security is built into every step of the application lifecycle and ensuring a ‘security first' approach

Already working at Shieldpay?

Let’s recruit together and find your next colleague.