Security Engineer at Zopa
London, GB
At Zopa, we’re shaping the future of finance.
We offer simple loans and smart investments that help people take control of their finances and do more with their money. In the 12 years we’ve been in business, we’ve helped more than 60,000 people lend over £3 billion to 246,000 UK consumers.
And our journey’s only just beginning. In November 2016 we announced our plans to build a next generation bank so that we can bring a greater range of smart, ethical finance products to even more people.
Zopa is looking for a Security Engineer, focusing on application security and internal security tools, to be part of a growing Information Security team. We are in the process of building a comprehensive set of cutting-edge security practices for Zopa, involving both building our own tools and using the best external tools where necessary. You will have the ability to help define what this set of practices should look like. This role will also provide exposure to a wide range of areas such as infrastructure, development and compliance.

On a day to day basis, the Security Engineer would be expected to:

    • Collaborate with development teams, providing consultation and guidance on good security practices
    • Design, develop and implement new tools, processes and support systems
    • Work to find new and emerging threats, and automate identification and prioritisation
    • Promote the importance of Information Security throughout the organisation

Job Requirements:

    • A thorough knowledge of standard application security practices and technologies
    • Experience in application security testing, with confidence using some of the usual tools (Burp, ZAP, sqlmap, etc.)
    • Knowledge of at least one programming language and the willingness to dabble in others (Ruby, Go, Python, .NET)
    • Experience with version control and unit testing
    • Some experience with Linux containers and orchestration (Docker, Kubernetes)
    • Experience working with Linux and Microsoft environments
    • An active interest in the latest developments in security, architecture, and server automation technologies
    • Desire to learn and improve

If possible, we’d also love you to have experience with:

    • Security Information and Event Management (SIEM) tools like Splunk
    • Vulnerability scanning technologies (Infrastructure and Application)
    • Networking protocols and technologies
    • Cloud infrastructure (AWS)
    • IT security certifications