CAREERS

Our portfolio companies are always looking for great people. Apply to the opportunities below or send us your profile.

Lead Security Engineer at Depop
London, GB

Depop is the fashion marketplace where the next generation buy, sell and get inspired. We are headquartered in London, UK with locations in New York and LA. We have more than 17 million registered users in 147 countries. In the UK, 1 in 3 Gen Z/Millennials are registered and in the US we have grown 300% over two years. We are also the only European player to have recently entered the top 25 shopping apps by daily active users.

Our mission is to empower the next generation to transform fashion, and our team of nearly 200 people are dedicated to serving the needs of our global community.

We operate on three pillars:

    Community: Our buyers, sellers and employees are inclusive, diverse and accessible. We are committed to empowering diversity within the fashion community.
    Entrepreneurship: We support our community and help them build their business with Depop. We thrive on supporting innovation by shaping an environment where creators, makers or hustlers can thrive.
    Sustainability: Depop helps extend the life of garments and reduce waste, we care about the world and want to make a positive change within the fashion industry.

Read a little more about us Here

The Role

As security hire #1, you will be responsible for building out a small but effective security team, that will define, drive and deliver our security posture.

You will be responsible for auditing, implementing, and extending security functionality within our services and the platform upon which they run. We believe that usability is a major factor in how effective a given security feature will be, and that the best security is invisible to the user.

We assert that "DevOps" as originally envisioned, is about a culture of end-to-end ownership and collaboration, and not about job titles or the industry that has sprung up around this term. In this vein, all of our Software Engineers are responsible for deploying and operating their software, and any directly supporting infrastructure.

We appreciate economies of scale, automation and homogeneity, which is why we have a Platform Engineering team responsible for maintaining the core infrastructure and providing a platform (built upon Kubernetes, Terraform, AWS, Vault and Concourse CI, among other things) complete with tooling, re-usable components and solutions, to our cross-functional production engineering teams. We want to take a similar approach with our security team, baking security into the platform.

Want to find out more about Depop & our engineering team? Take a look at our blog.

We write about technology, people and smart engineering - https://engineering.depop.com/

Responsibilities

    Assume ownership of an existing backlog of technical security improvements, working with Head of Systems Engineering
    Assume ownership of company security policy definition and enforcement, working with CTO & Head of Systems Engineering
    Embrace agile methodologies and engage in a culture of continuous improvement by attending (and perhaps even running) events such as book club, functional meet up, blameless post-mortems, architecture review, war games, hack days
    Build out a roadmap for staff training, penetration testing and company security policies. We're not adverse to engaging with reputable third parties, but we want you to own it

Requirements

Technical:

    A competent software engineer in at least one language
    Experience with Kubernetes, Docker and related security landscape
    Experience with AWS (e.g common IAM privilege escalation vectors)
    Experience with detection and exploitation of security vulnerabilities
    Knowledge of Operating Systems; specifically Linux
    Familiarity with the JVM and it's security features (e.g bytecode verification, class loader)
    A high-level understanding of modern cryptography, including cryptographic primitives

Non-technical:

    Exemplary communication skills, especially in dealing with multiple stakeholders
    Able to take a risk-based approach and effectively prioritise many competing demands
    Good people management and mentoring experience; we want you to help shape and develop our people

Desirable

    Experience with any of our core languages: Scala (Services), Python (Older Services, ML, Scripting), Golang (Internal Tooling & Services), JavaScript/NodeJs (Web)
    Experience with our core service infrastructure stack (Postgres, Redis, RabbitMQ, DynamoDB)
    Experience with HashiCorp Tools (Terraform, Vault)
    Any experience with iOS and Android security
    Network Security (e.g 802.1x)
    JFrog Artifactory & X-Ray
    A desire to evangelise some of the great work that you will be doing within the wider engineering community
    BS in CS, a related technical field, or equivalent practical experience

Benefits

Depop offers the opportunity to work in one of the UK's fastest-growing scale-ups, with a vibrant and diverse group of people, building a product we all deeply care about, in addition to:

Learn and Grow: We sponsor and run a myriad of programs, conferences and meet-ups to up-skill our employees and enhance their journey with us, just ask!
Wellbeing: We care about wellbeing. We offer a cycle to work scheme, healthy fruit and snacks in the office, breakfast every Tuesday, eye-care vouchers and a discounted gym membership.
Mental Health: Mental health is a top priority for Depop. We offer subsidised counselling appointments through SelfSpace, have mental health first aiders and also run yoga, meditation and more.
Work/life balance: We have 25 days of holiday with the opportunity to buy or sell 5 more, a day off for activism, and sabbaticals for our long-serving employees.
Family life: We offer flexible working (based on your team), generous parental leave policies, and, all of our offices are dog-friendly!
Financial: We match up to 6% on your pension and offer discounts through BenefitHub.
Fun: We love to celebrate our successes at Depop. On Friday we finish an hour early to socialise with free food, and have amazing Winter and Summer Parties. We also host internal employee socials such as quiz night, games night, movie night and more.

Depop is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.




Stay in touch with Balderton

Sign up for our newsletter to stay up to date on news from Balderton, and our portfolio.