CAREERS

Our portfolio companies are always looking for great people. Apply to the opportunities below or send us your profile.

Senior Security Engineer at GoCardless
London, GB

We’re looking for talented senior security engineers to help us reimagine how payments software looks and works. 

This position plays a key role in ensuring GoCardless teams are taking all required steps in building a secure product set.

You’ll play a major and leading role in protecting GoCardless against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities.

Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. You will be working alongside our Product Managers and audit specialists to design and implement measures that will keep GoCardless' products and systems secure.

About GoCardless engineering

At GoCardless we find creative ways to deliver simple solutions to complex problems. We do this by keeping our development cycles fast, by reviewing and adapting our plans frequently, and by investing in a culture of continuous feedback.

We build simple, reliable systems on top of technologies we understand and trust. We're primarily built in Ruby and JavaScript using Rails and Angular, and we rely on Postgres, ElasticSearch, RabbitMQ, and Chef. However, we believe in using the best technologies for each task – we have used React where server rendering is needed, Go for our infrastructure, and Python for our data analysis.

We are looking for people who share our desire to build high quality products that put customers at the forefront of our development. As a member of our engineering team you will build and improve our products, add new features, and work closely with other teams across the company to define our engineering roadmap and to understand what is most important to the customer.

We value learning and feedback and are committed to encouraging and supporting each other’s professional growth. Moreover, we believe in sharing our knowledge with and contributing to the wide tech community. We frequently host meetups, hackathons, and we open source projects we are proud of.

Core responsibilities

  • Implement measures to secure and protect the GoCardless products and systems.
  • Perform design reviews and Threat modelling of GoCardless services and products
  • Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
  • Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
  • Liaison with development teams for design, code reviews & education
  • Participate in cross-team security initiatives
  • Contribute in the formulation of our security strategy
  • Drive the implementation and dissemination of security KPIs.
  • Security tooling selection and/or creation.

Requirements

  • BSc/MSc in Computer Science or related field, or equivalent work experience.
  • Experience with vulnerability testing and auditing techniques
  • Experience with multiple programming languages (especially scripting languages such as Python, Ruby, Perl, etc)
  • Strong analytical and reasoning skills
  • A proven and strong depth of expertise in security engineering, system and network security, authentication and security protocols, cryptography and application security, with hands-on experience in web applications for critical 24/7 services.

Bonus points

  • Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. Scrum, Kanban)
  • A comprehensive knowledge of Web application security,
  • Experience in Penetration testing
  • Experience in security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.) and its integration into the company systems.
  • Experience in cloud services
  • Sound knowledge of the OWASP Top 10 and how they can be prevented
  • Knowledge of the latest industry threats
  • Experience of performing security design reviews, threat modelling and risk assessments
  • Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
  • Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS

Our team come from a variety of backgrounds and we welcome diversity – if you’re unsure, please apply.  




Stay in touch with Balderton

Sign up for our newsletter to stay up to date on news from Balderton, and our portfolio.