Software Security Engineer at ZappiStore

Description

Who we are

Zappi is a fast growing SaaS platform helping Fortune 500 companies pre-test new ideas and creative content before production. From new products, media campaigns, names, logos, packaging or flavours, Zappi allows companies to shelve bad ideas and improve on good ones. We bring together top expertise in applied statistics, data science, visualization, UX and engineering to create a platform that allows non-expert users to make high-stakes decisions easily and confidently. We believe it’s possible to run a profitable business while also having a positive impact on the environment and our communities.

What we Value

We believe in hiring people that want a chance to do their best work. We believe driven individuals operate best in high-trust, small, cross-functional teams who work together with the rest of the business to bring value to our customers.We believe great results happen in great teams that value improvement, curiosity and continuous learning. We align as a business on the challenges we need to solve and trust teams solve them in the best possible way.We value experimentation, failing fast and being bold. We practice continuous delivery and fast iteration. We hate politics, gate-keeping, unfairness and toxic behaviour. We believe in transparency, even when it’s unflattering. We believe in honesty, even when it’s uncomfortable. We treat failure as a learning opportunity. We believe in ethical and responsible business practices and having a positive impact on the environment and our communities.

Requirements

The security team has multidisciplinary skills who aim to create and embrace an honest, transparent and reliable security management system that ensures our users, clients and other stakeholders operating in a secure environment. Our security analytics tooling includes TheHive + Cortex, ELK stack, MISP, Defect Dojo and Security Data Lakes. We are mandated to improve the security for our users, AWS Cloud Infrastructure, Zappi Applications (built with Rails, JavaScript, Python e.t.c) several supporting SaaS solutions and enforce regulatory compliance requirements. We are moving towards security focused on a combination of User-Centric, Data-Driven Security and Zero Trust Networks applied to a Mobile and Cloud-first organisation.

At Zappi we work hard to maintain an honest and transparent environment. We are humble; we hold ourselves and each other to account; we listen carefully to leverage our diversity as one of our biggest strengths; we value people who step up and show leadership, whatever their level or experience; and we deeply trust the people who work here to manage their commitments and their own time. If you are motivated by working with brilliant people and solving hard problems, you are going to love it here.

Responsibilities:

• Working with DevOps team to secure the platform, hardening servers, networks, Kubernetes

• Deploying, operating and monitoring DLP, WAF, SIEM, IPS/IDS, Security Data Lake

• Architecting and implementing technical solutions to support defensive security

• Mentoring and coaching security within the organization

• Expanding security auditing and monitoring capabilities

• Developing custom applications to detect high-risk activities

• Working with dispersed Sys-admins to secure services, hardening SaaS and endpoint configurations

• Working with Infrastructure to secure the physical environments (office networks, etc.)

• Hardening servers, and building security into the platform

• Developing automation so we can focus on the hard problems

• Responding to Security Incidents

• Collaborating with the SOC Analysts on developing effective security information and events management

Must-Have:

• Proven work experience in Public Cloud Infrastructure Engineering

• Programming or scripting experience with at least one popular modern language e.g. Bash, Python, Ruby, Perl, R and Java

• Knowledge of network security and networking technologies e.g. firewalls, intrusion detection systems, anti-malware solutions, content filtering, log management and network monitoring tools.

• Familiarity with web-related technologies (Web applications, Web Services) and their protocols

Nice to Have:

• Experience and/or knowledge of AWS Cloud Infrastructure and its security

• Experience and/or knowledge of Kubernetes

• Experience and/or knowledge of working with SIEM’s

• Experience and/or knowledge of building Infrastructure as Code

Education/Certification/Experience:

• Bachelor’s degree in Computer Science, Computer Engineering, or other Technical discipline or equivalent relevant experience

• 2+ years of experience with Security Best Practices, implementing security solutions

• 3+ years of experience writing code or scripts in a modern programming or scripting language

Benefits

• Competitive pay scales that are benchmarked annually – this is not something we just say in job descriptions. You shouldn’t have to leave to earn what you’re worth

• Tailored personal development through training allowances (for courses, conferences, etc), coaching, mentorship and career frameworks

• Unlimited holidays – we encourage people to take plenty of leave

• Flexible working arrangements, including remote (unless otherwise specified)

• Thoughtfully designed offices to support both individual work and collaboration without interrupting others

• Generous hardware budget – get what works for you

• Support setting up your home office, if appropriate (chair + desk, etc)

• Wellbeing benefits such as free yoga and access to trained therapists / counsellors

• Paid 24h secure parking

Zappi is an equal opportunity employer; our diversity is a major strength. We maintain a constant dialogue with our teams and wider communities about how we can become a more inclusive place to work.