The position is part of the security engineering team responsible for the security and privacy of our players and our business. We are responsible for making sure everything is build in a securely manner by design and default. Our vision is to to enable the organisation to build secure products and services, by providing them integrated, flexible and scalable security solutions.
This role is an opportunity to have real impact on the company and the security discipline.
What You'll Do:
- Lead and work as part of a team of information security engineers, with a high degree of freedom to design and build best-in-class offerings within the Security Engineering discipline
- Provide leadership and direction to direct reports. Lead by example, provide coaching, teaching and mentoring, including pair code programming and troubleshooting
- Own the strategy and roadmap of the Security Engineering Tooling & Automation squad and contribute to the wide Security Engineering vision of Security Observability
- Bring ideas to the table, take ownership over the project timelines and deliverables
- Partner with Product Security and Platform Security Architecture squads to define, implement and operate tooling & solutions that leverage DevSecOps and automation principles to support in the overall goal of ensuring our products
- Partner with other engineering teams outside of security to create, implement and apply the security products and automated processes to be consumed across our company
- Understand existing processes and identify how to improve and streamline them in order to improve team efficiency and effectiveness, as well as business efficiency
- Drive and provide hands-on support to the squad to:
- Improve the accessibility of security information (security vulnerabilities, build compliance standards etc) through automation, continuous integration pipelines, and other means
- Build latest state of the art solutions to problems that affect the security of our systems, services and products
- Design security score metrics and improve the accessibility of security information through automation, continuous integration pipelines, and other means
- Design and test solutions to unique and interesting challenges
- Configure and maintain application and platform security tooling (logging and security data ingestion platform, application and infrastructure vulnerability management scanning and reporting platforms
- Automate secure configuration as part of IaC frameworks and embed Cloud Security Posture management solutions in the overall DevOps pipelines.
- Collaborate with GRC function to support quarterly vulnerability testing of various environments
Who You Are:
- Computer Science graduate or similar
- 2+ years of professional experience in backend, web application or full-stack development
- 3+ years of professional experience in security engineering or similar security discipline
- 2+ years of management experience (team lead or engineering manager)
- Demonstrable experience of DevSecOps and Agile principles.
- Enthusiastic about security, ideally with participation in Open Source Communities
- All around team player, fast self-learning individual, problem solver
- Excellent engineering mindset
- Disciplined and logical thinker, with the ability to draw conclusions from large and complex data sets
- Delivery driven with a sensible attitude to risk
- Proficient level of spoken and written English (B2, C1) (fluency in English is necessary)
Technical Strengths - Expected:
- Hands-on experience (build, operate) with Elastic or other similar solutions
- Coding and scripting experience (Python or other scripting language)
- Good understanding of and practical exposure to regular expressions (regex)
- Good understanding of integrations and API usage or previous experience in extending functionality to existing products using APIs.
- Experience with data serialization languages and frameworks (YAML/JSON) for parsing data and composing documents
- Vulnerability management scanning and host assessments
- AWS exposure
Technical Strengths - Desirable:
- Good understanding of Object Oriented Programming with previous experience in one programming language (Java, C++, C#..)
- DevOps experience - cloud networking architecture, AWS infrastructure and services, containerized environments, microservices and serverless
- Experience with IaC frameworks such as Terraform and Serverless Framework
- Experience with Docker, Kubernetes
- Host assessment experience / CIS exposure
- Experience with integrating security tools in CI/CD pipelines and familiarity with Ansible framework
- Experience with security tools like Nessus Tenable, Qualys, Rapid7 Insight, Prisma, Aqua, CloudGuard, Clair, Hashicorp Vault, secret management, etc.
What can you expect:
- 25 days of annual leave
- Sharesave scheme
- „Flexible Benefits” of your choice
- Private health insurance (includes dental insurance and health assessments)
- Free parking
- Thousands of courses online through ‘Udemy'
- Working from home options
Ways of working:
Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;
We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview. By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective Paddy Power Betfair role.