(Senior) Security Engineer - Product Security
As Security Engineer, you’ll help us ensure that we’re taking all the required steps to build a secure product set and protect our production environments from ever-evolving cyber threats. You'll play a key role in our product engineering ecosystem and partner with engineers from various tribes and squads to oversee the security of our products and features. You’ll be influencing implementation of cutting-edge measures to minimise exposures and vulnerabilities while actively training and educating the engineers on security best practices and latest developments. We will look toward your unique skills to approach and solve problems in your own way while ensuring alignment with our global strategic directions. Whether engineering a system to address a technical security hurdle, protecting the customers' data, or consulting on a wide range of security topics, you are fully empowered to autonomously drive the engagement and promote security best practices cross-functionally.
What you’ll do
Own and drive engagement with our engineering tribes while ensuring continuous security posture improvements across the product landscape
Proactively detect security deficiencies and flaws in our products and features across software development stages, drive the remediation and improvements and ensure knowledge sharing
Perform architectural design reviews and threat modelling exercises of SumUp web/API/mobile solutions and advise on security best practices
Perform vulnerability assessments and security testing
Provide subject matter expertise on all areas of security and privacy throughout the software development lifecycle
Liaise with software development teams for design, code reviews and education and be a security go-to person
Implement and review controls to protect data and systems
Assist in company-wide security initiatives
You’ll be great for this role if
You have a proven and strong depth of expertise in cyber and information security. ideally with hands-on experience in web and mobile security for critical 24/7 applications
You’re experienced with security in a DevOps environment and have knowledge of agile methodologies (e.g. sprints, Kanban).
You have a comprehensive knowledge of Web/API application security, and cloud and containers technology (Kubernetes, AWS).
You have experience in penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analyzers, etc.).
You’ve performed security design reviews, threat modelling and risk assessments.
You carry good analytical and reasoning skills with a passion for technology, the internet economy and mobile applications.
You have extensive knowledge of Internet security issues, cloud architectures, and threat landscape.
Why you should join SumUp
We’re a truly global team of 2000+ people from 60+ countries, spread across 3 continents.
You'll have the opportunity to make an impact as we work in flat hierarchies.
You'll attend global offsites and regular team events.
You’ll receive a budget for attending conferences and external training.
We offer visa and relocation support for you, your family and even your pets.
We believe in the everyday hero.
Small business owners are at the heart of all we do, so we're creating tools that help them run their businesses. With a founder’s mentality and a 'team-first’ attitude, our diverse teams across Europe, South America and the United States work together to ensure that the small business owners we partner with can be successful doing what they love.
SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.