Security Engineer at Gearset

Job Description:

At Gearset, we build a cutting-edge DevOps solution for the millions of developers building applications on Salesforce, the world's biggest enterprise PaaS. In the space of just five years, Gearset has become the DevOps solution of choice for some of the world's biggest companies, including IBM, McKesson, and even Salesforce itself.

We're a team of smart, pragmatic people who enjoy giving our best every day to solve our users' problems. We recently received three awards from Best Companies in 2021, putting us in the top 10 best mid-sized companies to work for, the top three best technology companies in the UK, and top 5 best companies in the East of England.

We’re proud of what we’ve built and how we’ve built it. We work as a team, where attributes of trust, openness and honesty are key, as they allow us to have a feedback-driven culture that keeps us always improving. To learn more about what “good” looks like to us, read about our engineering values.

What’s the opportunity?

As a security engineer at Gearset you'll help us continue to design and implement secure systems as we grow and scale, helping to build products that are both easy to use and secure by design. You'll be working with all areas of the business, building a deep understanding of our existing systems, learning about the needs of our current and future users, and levelling up both yourself and the people around you. We all care deeply about security, but as our first dedicated security engineer you'll pave the way for the future direction of security at Gearset by being the driver in deciding what the next most important thing is and how to design our systems securely.

This role will be great for you if you've got a background in software engineering and cloud infrastructure, and have a passion for security and staying up-to-date on the latest best practices. You'll want to build systems that are easy to use and work with by default, and which only sacrifice usability as a last resort after exhausting all other possibilities. Flexibility is at your core, and you love the experience of working across a diverse set of areas.

What you'll work on:

• First and foremost, you’ll be a hands-on advocate of security, leading by example in identifying and implementing changes which improve the security posture of our infrastructure and app
• Help to build on and enhance a security culture at Gearset that embraces Continuous Delivery and DevOps
• Scale our security practice by working with our other engineering teams, ensuring security stays at the forefront of every team’s mind
• Empower other engineers through security, building out robust, but pragmatic, policies and practices which only compromise on capabilities and user experience as a last resort
• Implement a data-driven approach to our security landscape using metrics to help identify, prioritise and deliver work based on the needs of our customers
• Build out boundary and anomalous behaviour detection as a defence in depth technique to ensure we know if a system is ever compromised
• Streamline vulnerability management, including the use of pen-testing, bug-bounty programs, synthetic monitoring, and detection techniques such as SAST, DAST and fuzzing
• Work with our clients as a trusted advisor on security standards and facilitate their adoption of Gearset through InfoSec
• Collaborate with colleagues around the business to drive the implementation of security and compliance frameworks

Requirements:

You'll be a good fit if you come from a software engineering background, and have some experience across a number of areas, such as:

• Cloud infrastructure, networking, and security (we use AWS)
• Securing Kubernetes and associated cloud-native technologies
• Web application security in .NET and containerisation
• Working with infrastructure as code such as Terraform or Pulumi
• Threat modelling and exploring the most important attack vectors against our systems
• Automated pen testing, code scanning, and infrastructure scanning tools such as ScoutSuite
• Understanding user needs around complex compliance and security frameworks like ISO27001, SOC2, and HIPAA
• Techniques to improve security landscapes, such as Red/Blue team, secure code reviews, etc.
• Automating away manual processes or replacing them altogether

Company Benefits

• Company Pension Plan
• Bupa health care
• Life Insurance & Critical Illness cover
• Flexible working hours
• Travel insurance
• When in-office: Free lunch, fruit, coffee/tea, beers
• Discounted gym membership, as well as many other wellness benefits

Interview Process

• 20 min Phone Screen
• 2 Hour Technical interview
• 2 Hour Final Interview