AppSec Engineer

Job Description

AppSec Engineer Who are we We want to help small businesses win. Thats why were here. We connect small business owners to investors - to create jobs, support local communities and power economies - because we believe that people are made to do more.And we want to help realise their goals. So, we created the leading small business loan platform. Investors have lent £9.8 billion in 130,000 loans to 90,000 small business owners. In a single year, this lending unlocked 115,000 jobs and contributed £6.5 billionto the global economy. Theres never been a better time to join! Be part of the team that changes everything. Lets build the place where small businesses can get the funding they need to win and leave a legacy behind, forever. This role sits within the TechSecurity teams. The drivers behind our platform - brilliant people working together to create, code, and build the next game changers. What will you be doing As an AppSec engineer in our DevSec team you will be responsible for ensuring that security is embeddedand automated to protect the network and infrastructure. This is a hands-on AppSec role where the candidate will be helping to implement security tools and work with engineering teams to remediate web and infrastructure vulnerabilities. To do this you will:Implement automated security tooling for containers and web applications Work with engineering teams to help remediate vulnerabilities Scope penetration testing engagements on our infrastructure Properly balance security risk against the other needs of thebusiness Triage issues found by tools, external reports, and various tests, to accurately assess the real risks Design application security requirements Train development, infrastructure, and IT teams on security best practices You have experience in and enjoythe following: Security Professional - A foundation and in-depth technical knowledge of security engineering Collaboration - Engagement with the InfoSec team and other stakeholders Automating - Experience scripting and optimizing day-to-day operations, workflows,and security tools Previous experience in an web security role, or a role that works closely with infrastructure security Strong understanding of network security techniques Strong understanding of the OWASP Top Ten Experience of training engineers in securebest practices Excellent communication skills, in both technical and non-technical topics Bonus points for... Previous experience working with security tooling in cloud environments, notably AWS Experience working with Vulnerability tools and WAFs DAST ExperienceAPI Security knowledge Why should you join us Were gearing up for our biggest chapter yet - and its being driven by tech. That means full steam ahead working on our global platform and real challenges for you to noodle and solve - as we build new things,reimagine the stack and go after the greenfield. We believe that great ideas come from everywhere. So, there are no pigeonholes here. We keep it agile and open. Think big remits and huge ownership in a continuous learning environment. Close knit teams, withmentorships and global career opportunities. Everyone working together to make a genuine difference to small business owners. Join the team making it happen. Help us define long-term commitments and launch the next game changers - lets build the incredible.Its in our differences that we find our strengths. At Funding Circle, we celebrate and support the differences that make you, you. Were proud to be an equal opportunity workplace and affirmative action employer. We truly believe that diversity makes us better.We particularly encourage applications from applicants from underrepresented backgrounds. We welcome applicants who may want to work flexibly. Want to Build the Incredible Wed love to hear from you. #LI-CW1 TECH01