Cambridge, UK

Lead Application Security Engineer

The Opportunity

Featurespace are building an exciting new Application Security team from the ground up, to sit within the Engineering function of our business, based in our head office in Cambridge.

In your role as Lead Application Security Engineer you will be joining Featurespace as the first member of the Application Security Team, and will be integral in working with Engineering Management to establish, grow, and manage the team. You and your team will be responsible for driving application security best practice across the engineering teams developing ARIC, our real-time platform for monitoring and preventing fraud and financial crime.

Day to Day

  • Championing application security best practices through the full software lifecycle across Featurespace Engineering
  • Working with development teams to build security into all steps of application development from specification and design through to build, test and deployment
  • Own the design of security critical aspects of ARIC’s architecture such as authentication, authorization, data protection and encryption
  • Collaborating with the Engineering Technical Communication team to educate engineers on common security threats (e.g. OWASP top 10), tooling and methodologies
  • Work closely with Release Engineering to adopt and automate security tooling as an integral part of our Continuous Integration process
  • Manage the engineering process around triaging, evaluating and responding to incoming security issues and questions. This often includes CVEs, customer security reports and penetration testing results
  • Leading the response to active application security incidents affecting the ARIC product, both internal and raised by customers
  • Collaborating with Featurespace IT and Corporate Security teams
  • Keep up to date with emerging security trends, threats and practices
  • Management and lead responsibilities surrounding the Application Security team
Apply now

Meet Rosanna, Senior Implementation Engineer at Featurespace

Check out Rosanna’s blog to see what life at Featurespace is really like!

Read Rosanna's blog

About you

Must haves

  • Familiarity with common security vulnerabilities and the ability to judge their severity and impact to the business
  • Practical experience with Application Security relating to Linux, Java and Web Client development
  • Experience creating and rolling best practice guidance and training to software engineers
  • Knowledge of source control and continuous integration systems
  • Comfortable working in an organisation using agile/scrum working practices
  • Ability to manage and prioritise your own workload
  • Experience with line management and running a team of Security Engineers

 

Great to haves

  • Familiarity with Kubernetes and Container security
  • Experience with applying cryptography in application development. Use of Java Cryptography Architecture and TLS in particular
  • Knowledge of enterprise authorisation and authentication technology such as SAML, OAuth and OpenID Connect.
  • Familiarity with security and data compliance standards such as GDPR, PCI DSS and PCI SFF

Personal Qualities

The work is often challenging and fast paced. As such we are looking for someone who has the following qualities:

  • Attention to detail, excellence and quality
  • A focus on personal achievement and responsibility
  • Passion to learn new skills and technologies
  • Ability to share knowledge
  • Enthusiasm and an open mindset
  • Can-do attitude
  • A passion to work for one of the fastest growing fraud prevention technologies in the world

 

And most importantly, a small-company attitude: willingness to adapt to a variable role, wearing many different hats from day to day.

As well as competitive salaries, we offer a range of benefits, including flexible working..

How to apply

If you think you’re a good fit for the role above, we would love to hear from you.

Fill out the short application form, upload your CV and one of the team will get back to you.

Please note: we are only able to accept applications from people who are already eligible to work in the UK.

If you have any questions or queries regarding this role, or life at Featurespace, please contact [email protected]

Featurespace Job Application Privacy Notice

Featurespace Ltd., is committed to comply with the General Data Protection Legislation and any implementing legislation (the “Data Protection Legislation”) and will process your Personal Data in accordance with the Data Protection Legislation and information security legislation. Any capitalised terms used in this Privacy Notice shall be given the same definition as in the Data Protection Legislation.

This Privacy Notice sets out the basis on which Featurespace Ltd will process Personal Data relating to job applicants.

The Data Controller is Featurespace Ltd., 140 Cambridge Science Park, Milton Road, Cambridge, CB4 0GF

Data refers to both Personal Data and Special Categories of Data. Your job application and the Personal Data held within it will be processed to assess your viability for the stated role. We may also process any information that you provide about your health, for the sole purpose of assessing whether any adjustments may need to be made to the recruitment process to accommodate you . If your application is unsuccessful, Featurespace will retain your Data for 24 months after the end of the recruitment process. Your Personal Data is processed in accordance with our legitimate interests of making sound recruitment decisions. You are under no obligation to provide us with your Personal Data. However without this, we cannot assess your job application. We will only process information about your health for the purpose of making reasonable adjustments to the recruitment process (if applicable), in accordance with our legal obligations. You have the following rights in relation to the processing of your Data: The right to be informed about how your Data is processed. You have the right to object to the processing of your Data based on our legitimate interests as outlined above. The right of access, to your Data and supplementary information relating to our use of your Data. In certain circumstances, we reserve the right to charge you for exercising this right. The right to rectification, if your Data is inaccurate or incomplete. In certain circumstances, the right to erasure, request the deletion of, or removal of, your Data. In certain circumstances, the right to restrict processing, block any further processing of your Data. We shall respond to any request made by you without delay and in any case within a month of your request. The right to complain to the Information Commissioner’s Office if you believe that your data protection/privacy rights have been breached. Your application will be submitted and stored on an application database (Greenhouse). Access to your Data on Greenhouse is limited to the relevant persons for your application- our internal recruiters, the hiring manager and interviewer(s). Your CV may be printed and shown to consulted decision makers, any physical copies will be securely and confidentially destroyed after a decision has been made on your application. Your CV is transferred to a third country, outside of the EEA, when it is processed by Greenhouse. Greenhouse meet the technical and organisational data security measures outlined in the GDPR Article 32, and are SOC2 Type II certified. We do not envisage that any decision will be taken about your application using automated means.