This senior position plays a key role in ensuring SumUp engineering teams are taking all the required strategic steps in building secure products. The Product Security squad sits within our Global Security team who oversee all the aspects of Security Engineering at SumUp. As Information Security Manager (Product Security), you'll help protect SumUp against security risks. You’ll drive the implementation of cutting-edge measures to minimise exposures and vulnerabilities. In this role, you’ll lead an awesome team of software security engineers. We’ll look toward your unique skills to approach and solve problems in your own way, whether by engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.
What you’ll do
Drive improvements to SumUps's security posture through strategic planning and collaboration with both development and infrastructure teams
Implement strategic security measures and operational processes to secure and protect the SumUp backend, web and mobile applications from ever-evolving global threats while minimizing the potential friction and disruption for our engineering squads
Organise and lead vulnerability and risk assessments across engineering including the offensive security testing exercises
Provide subject matter expertise on all areas of security and privacy throughout the software development lifecycle
Liaise with engineering teams through adequate engagement models for continuous design, threat modeling, code reviews and education
Ensure security of our cloud-based and container orchestration environments following the defense-in-depth and zero-trust principles
You’ll be great for this role if
You have experience with leading agile security teams on a global scale and proven expertise in democratization and/or gamification of security practices.
You have a proven,strong expertise in cyber and information security with hands-on experience in web and mobile security for critical 24/7 applications.
You have experience with security in a DevOps environment and experience in agile methodologies (e.g. sprints, Kanban).
You have comprehensive knowledge of web/mobile application security threat landscape, and cloud and containers technology (Kubernetes, AWS).
You have experience with penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analysers, etc.).
You have coding experience for automating/integrating security tools and creation of security tools.
You have experience performing security design reviews, threat modelling and risk assessments.
Why you should join SumUp
We’re a truly global team of 2000+ people from 60+ countries, spread across 3 continents.
You'll have the opportunity to make an impact as we work in flat hierarchies.
You'll attend global offsites and regular team events.
You’ll receive a budget for attending conferences and external training.
We offer a corporate pension scheme, 28 days’ paid leave, free German and yoga classes, subsidised Urban Sports Club membership and other great benefits.
We offer visa and relocation support for you, your family and even your pets.
You’ll be based in the heart of Berlin, one of Europe’s leading tech hubs and most vibrant cities.
We believe in the everyday hero.
Small business owners are at the heart of all we do, so we create powerful, easy-to-use financial solutions to help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America and the United States work together to ensure that the small business owners we partner with can be successful doing what they love.
SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.
SumUp will not accept unsolicited resumes from any source other than directly from a candidate.