Cyber Security Lead

Job Description

Were looking for our first Cyber Security Lead to join us and bring their passion, skills and experience to steer and move us on the next steps of our journey on all things InfoSec. This is an awesome opportunity to work in a talented and passionate teamin a young business to evolve the Cyber Agenda that will enable our next growth phase (and beyond). Furthermore you will be involved early enough to help shape the technology, our products, the team and ways of working with plenty of opportunity to grow yourself.Inprevious roles you will have been involved in many of the varied aspects of rolling out and implementing a Cyber Security roadmap. You will be well versed in cloud services (e.g. AWS and GCP). You will have experience (and enjoy) working within a DevOps culture.***Aboutyou:** Extensive experience of working within Information / Cyber Security related roles* A strong communicator and collaborator is key; you will be responsible for embedding awareness and understanding of Cyber Security across DeadHappy* Experience of beinginvolved in creating a Information/Cyber security roadmap and implementing aspects of it would be advantageous* Strong knowledge of security in a cloud-first environment and working knowledge of AWS / GCP (security certifications in these technologies wouldbe an advantage)* Coding Experience using Python, Typescript/JavaScript, Go, Bash, etc. would be an advantage* An understanding of Security across Engineering, SecOps, Infrastructure, Networks, Hardware and Collaboration tools (e.g. Google Workspace) is important*An understanding of vulnerability testing of systems including in pipeline and external pen testing (and working alongside security partners as needed)* An understanding of DevOps culture and an ability to work closely with tech / data teams to ensure thatsecurity is embedded in our ways of working and systems* Familiarity with Zero trust concepts and relevant tooling across the broad range of cyber security topics* A good understanding of technical security concepts, tools and capabilities* Awareness and goodunderstanding of at least one security framework (NIST, ISO 27001) and preferably Cyber Essentials* An understanding of cyber threats and how they impact the organisational risk position* CCSP and/or CISSP or are working towards one (or more) of these qualificationsand are keen to develop your skills and experience further (technical examples on how this has been applied would be advantageous)* Excellent stakeholder management skills and experience and must be able to articulate InfoSec to both technical and non technicalstakeholders***About the tech:*We care more about your mindset and how you go about solving problems and creating solutions versus how experienced you are in our technology/tools. We are more than happy to provide the training and support needed to expandyour knowledge in any area you wish to improve. Here is more detail about how we are building DeadHappys technology platform.Our current technology stack is predominantly JavaScript using React and Next.js. We are in the process of migrating relevant applicationsover to Typescript when we identify a good fit. We also have an ever decreasing legacy PHP/Laravel application that we are refactoring over to React, piecemeal at the right time. The backend is centred around Lambda functions, GraphQL, RDS Databases and weuse AWS Eventbridge to communicate between services.For infrastructure, everything the customer interacts with is hosted in AWS. But we also use Google Cloud Platform for our data platform to leverage the power of BigQuery and Googles Machine Learning capability.Weship fast with the help of Gitlab for day to day operations including issue tracking, code repositories and pipelines. To make sure everything is running smoothly we adopt a mixture of monitoring and observability tools including Sentry, Bugsnag and Grafanato power our dashboards and alerting.***Life at DeadHappy:*Life at DeadHappy is certainly different and some people may be put off by our direct approach. How many job adverts have you come across that mention death However we are highly motivated to growour product and technology, which sometimes means doing things outside of our comfort zones and things we have never done before. We love what we do and we hope you will too!We have an office in the heart of Leicester, where we meet up to socialise and collaborateface-to-face if that is your sort of thing. That said, our culture is one of high autonomy and high trust and we believe that the right people are grown up enough to figure out how to balance what works for them and for DeadHappy in order to get the job done.It will be an adventure, and well all learn a huge amount along the way.We celebrate diversity at DeadHappy. We want to build a product that truly reflects and serves the society we all live in. We are working to create a team with multiple and diverse perspectives,experiences and backgrounds. Thats why were committed to hiring people regardless of race, religion, colour, national origin, sex, sexual orientation, gender identity or disability.-* Share Options* Unlimited, fully paid time off* Super flexible working*Enhanced maternity cover* A workplace pension scheme* A brand new 16in Macbook Pro* Regular (and optional) social events* Fantastic Office (if you plan to come in)*We would like our interview process to be as straightforward and enjoyable as possible.*We kick-offwith a technically focussed discussion with up to two members of our engineering team. This will include a small coding exercise where we are keen to see your thought process and how you approach things. We know this can be intimidating for some people, soif you prefer, please let us know that you have an interesting piece of code you have written previously which we can discuss instead.We take great care to make this a friendly and welcome session (to reflect how we work).The next step will be a chat withour CTO, Nick, to find out more about each other. Here we will talk about DeadHappys culture, values and ways of working, a bit more about the role and about you as an individual. This is our collective opportunity to have a two way conversation to ensurewe are the right fit for each other. Following this session we should both be in a good position to make an informed decision about whether to go forward.Cyber Security, Cyber Essentials, Security Testing, Cloud SecurityCyber Essentials, Cyber Security, AWS,React, Node.js, Typescript, Terraform