Security Engineer

GoCardless is a global bank payment company. Over 100,000 businesses, from start-ups to household names, use GoCardless to collect and send payments through direct debit, real-time payments and open banking. 

GoCardless processes US$130bn+ of payments annually, across 30+ countries; helping customers collect and send both recurring and one-off payments, without the chasing, stress or expensive fees. We use AI-powered solutions to improve payment success and reduce fraud. And, with open banking connectivity to over 2,500 banks, we help our customers make faster, more informed decisions.

We are headquartered in the UK with offices in London and Leeds, and additional locations in Australia, France, Ireland, Latvia, Portugal and the United States.

At GoCardless, we're all about supporting you We're committed to making our hiring process inclusive and accessible. If you need extra support or adjustments, reach out to your Talent Partner — we're here to help 

And remember: we don't expect you to meet every single requirement. If you're excited by this role, we encourage you to apply

The role

As a Product Security Engineer, you will enable development teams to take ownership of the security and privacy of their product by collaborating to set requirements and standards, performing design reviews and vulnerability assessments, and helping build security controls. You will also work closely with the dedicated Security Operations and Security Engineering teams. 

You will be someone who has experience securing a cloud-native environment, and, in particular, in embedding security and privacy standards in engineering functions. You should also be comfortable automating security and privacy engineering and performing various security assessments.

What excites you 

• Developing high-quality code for extensive tasks, showcasing proficiency in leading systems and architecture design independently. 
• Leading the design and documentation processes for complex tasks, breaking them down into manageable segments for team collaboration while also handling the most challenging portions.
• Contributing significantly to the company-wide systems architecture, impacting the organisation's technological landscape.
• Providing guidance to developers and architects on secure coding methodologies, architectural design, and security best practices, fostering a culture of excellence within the team.
• Overseeing the vulnerability management program, conducting routine assessments, prioritising resolutions, and tracking progress towards securing systems.
• Demonstrating advanced proficiency in security testing, ensuring comprehensive evaluations of system, application, and network security postures.
• Creating and maintaining robust security policies, procedures, and guidelines for effective programme management.

What excites us  

• Experience in cloud-based application and infrastructure security - especially, DevSecOps
• Background in threat modelling and security architecture/secure design
• Awareness of or exposure to security and privacy standards, such as ISO27001, SOC1, CyberEssentials, GDPR, or similar
• Nice to have: Cybersecurity certifications, such as CISSP, CEH, Professional Cloud Security Engineer, or similar
• Technical experience in working with cloud computing providers such as GCP or AWS
• Technical leadership qualities -  setting direction alongside the managers and supporting the security team in technical development. 

Base salary range: €54,000 to €68,000 gross annually

Base salary ranges are based on role, job level, location, and market data.  Please note that whilst we strive to offer competitive compensation, our approach is to pay between the minimum and the mid-point of the pay range until performance can be assessed in role. Offers will take into account level of experience, interview assessment, budgets and parity between you and fellow employees at GoCardless doing similar work.

• Wellbeing: Dedicated support and medical cover to keep you healthy.
• Work Away Scheme: Work from anywhere for up to 90 days in any 12-month period.
• Hybrid Working: Our hybrid model offers flexibility, with in-office days determined by your team.
• Equity: All permanently employed GeeCees get equity to share in our success.
• Parental leave: Tailored leave to support your life's great adventure.
• Time off: Annual holiday leave based on your location, supplemented by 3 volunteer days and 4 wellness days.

We're an organisation defined by our values; We start with why before we begin any project, to ensure it's aligned with our mission. We make it happen, working with urgency and taking personal accountability for getting things done. We act with integrity, always. We care deeply about what we do and we know it's essential that we be humble whilst we do it. Our Values form part of the GoCardless DNA, and are used to not only help us nurture and develop our culture, but to deliver impactful work that will help us to achieve our vision.

We're building the payment network of the future, and to achieve our goal, we need a diverse team with a range of perspectives and experiences. As of July 2024, here's where we stand:

• 45% identify as women 
• 23% identify as Black, Asian, Mixed, or Other 
• 10% identify as LGBTQIA+ 
• 9% identify as neurodiverse 
• 2% identify as disabled 

If you want to learn more, you can read about our Employee Resource Groups and objectives here as well as our latest D&I Report 

We're committed to reducing our environmental impact and leaving a sustainable world for future generations. As co-founders of the Tech Zero coalition, we're working towards a climate-positive future. Check out our sustainability action plan here. 

Find out more about Life at GoCardless via X, Instagram and LinkedIn.