Security Engineer

At Gearset, we build a cutting-edge DevOps solution for the millions of developers building applications on Salesforce, the world's biggest enterprise PaaS. In the space of just five years, Gearset has become the DevOps solution of choice for some of the world's biggest companies, including IBM, McKesson, and even Salesforce itself. What's the opportunity? As a security engineer at Gearset you'll help us continue to design and implement secure systems as we grow and scale, helping to build products that are both easy to use and secure by design. You'll be working with all areas of the business, building a deep understanding of our existing systems, learning about the needs of our current and future users, and levelling up both yourself and the people around you. We all care deeply about security, but as our first dedicated security engineer you'll pave the way for the future direction of security at Gearset by being the driver in deciding what the next most important thing is and how to design our systems securely. This role will be great for you if you've got a background in software engineering and cloud infrastructure, and have a passion for security and staying up-to-date on the latest best practices. You'll want to build systems that are easy to use and work with by default, and which only sacrifice usability as a last resort after exhausting all other possibilities. Flexibility is at your core, and you love the experience of working across a diverse set of areas. What you'll work on First and foremost, you'll be a hands-on advocate of security, leading by example in identifying and implementing changes which improve the security posture of our infrastructure and app Help to build on and enhance a security culture at Gearset that embraces Continuous Delivery and DevOps Scale our security practice by working with our other engineering teams, ensuring security stays at the forefront of every team's mind Empower other engineers through security, building out robust, but pragmatic, policies and practices which only compromise on capabilities and user experience as a last resort Implement a data-driven approach to our security landscape using metrics to help identify, prioritise and deliver work based on the needs of our customers Build out boundary and anomalous behaviour detection as a defence in depth technique to ensure we know if a system is ever compromised Streamline vulnerability management, including the use of pen-testing, bug-bounty programs, synthetic monitoring, and detection techniques such as SAST, DAST and fuzzing Work with our clients as a trusted advisor on security standards and facilitate their adoption of Gearset through InfoSec Collaborate with colleagues around the business to drive the implementation of security and compliance frameworks You'll be a good fit if you come from a software engineering background, and have some experience across a number of areas, such as Cloud infrastructure, networking, and security (we use AWS) Securing Kubernetes and associated cloud-native technologies Web application security in .NET and containerisation Working with infrastructure as code such as Terraform or Pulumi Threat modelling and exploring the most important attack vectors against our systems Automated pen testing, code scanning, and infrastructure scanning tools such as ScoutSuite Understanding user needs around complex compliance and security frameworks like ISO27001, SOC2, and HIPAA Techniques to improve security landscapes, such as Red/Blue team, secure code reviews, etc. Automating away manual processes or replacing them altogether A little about our salary and benefits This is a full time opportunity, working Monday to Friday with the option of flexible home working (for most of us that looks like 2-3 days a week) Salary range between GBP55,000 and GBP70,000 depending on experience 25 days holiday plus bank holidays Company Pension Plan (matching up to 5%) Bupa health care Life Insurance & Critical Illness cover Flexible working hours Free lunch in the office Discounted gym membership, as well as many other wellness benefits About us Gearset is the leading DevOps solutions for the millions of people developing on Salesforce, the world's biggest CRM. We have the fast paced exciting environment of a start-up, with the success, stability, and ambition of a scale up. In a few short years, we've rocketed from a 7 person start-up to over 180 people, and have become the DevOps solution of choice for some of the world's biggest companies, including IBM, McKesson, and even Salesforce themselves. In the last 18 months we've opened offices in Belfast and Chicago, alongside our Cambridge (UK) HQ. We're proud of what we've built and how we've built it. We work as a team, where attributes of trust, openness and honesty are key, as they allow us to have a feedback-driven culture that keeps us improving to deliver the best solution for our customers. Alongside our Glassdoor score of 4.9/5, and customer G2 scores of 4.7/5, we recently received three awards from Best Companies UK in 2022. This includes the Best Company to work for in the East of England, UK Top 5 Best Mid-Sized Company and Top 3 Best Technology Company to work for in the whole of the UK. a team of smart, pragmatic people who enjoy giving our best every day to solve our users' problems