Original listing text, shown exactly as published by the company.
Your key responsibilities include
- Own the vulnerability management programme across our products, cloud, and corporate estate: discovery, prioritisation, remediation tracking, and reporting.
- Consolidate findings across our detection stack into a single risk picture.
- Partner with software engineers to grow the Secure Software Development Lifecycle, including code reviews, threat models, and pre-ship security input.
- Harden the GCP estate, Kubernetes platform, and CI/CD systems our engineers depend on.
- Run vendor security reviews and respond to enterprise customer security questionnaires.
- Operate and tune the Elastic SIEM and broader detection stack, building new detections as the threat picture evolves.
- Respond to security incidents including on-call, and run training exercises to keep the team ready.
- Build and run security agents and automations that other engineers and the wider business rely on, treating them as production-grade software.
- Evaluate AI models and frameworks against security standards.
Requirements
- Around five years in security engineering, with depth in at least one of application security, infrastructure security, enterprise security, or vulnerability management, and solid breadth across the others.
- Hands-on experience running or contributing to a vulnerability management programme, including prioritisation, SLA setting, remediation tracking, and reporting.
- Working knowledge of SCA/SAST tooling, Internal Developer Portals, and SIEM; we use Snyk, Port, and Elastic.
- Working knowledge of the security features of the major public cloud providers, with GCP preferred.
- Comfort with Kubernetes, Docker, or other container architectures.
- Confident with at least one programming or scripting language such as Python, Go, or Bash.
- Solid experience with Git, GitHub Actions, and Terraform.
- Active, daily use of AI and agentic tools, with concrete examples of agents you have built and outputs you have shipped.
- Experience with vendor security questionnaires.
- Familiarity with common security frameworks such as PCI DSS and NIST.
It would also be music to our ears if you have
- Penetration testing background or OWASP Top 10 fluency.
- Experience with CI/CD security hardening at scale.
- A track record of building security tools other engineers want to use.
- Experience reporting vulnerability management and security posture metrics to leadership.
- Familiarity with social engineering attacks, especially phishing, and the controls that reduce them.
Equal opportunity employer
We believe that bringing people together from different backgrounds, experiences and perspectives makes for a healthy workplace, a more successful business and a better world. We value diversity and encourage everyone to come and soundtrack the world with us.
Application
Ready to make the world feel your work? Please apply, in English.
