This is a challenging, exciting, varied and broad role. Some key duties include responding to alerts from the SIEM, Vulnerabilities Management with Qualys, managing and implementing security tools such as DLP and IPS, co-ordinating pen test and security remediation with engineering team, Risk Management, updating Risk Register and Continual Improvement log where security issues have been identified, updating documentation when required, and participation in internal and external audit activities.
Our awesome Security team consists of Information Security Officers, Cloud Security Engineers and Ethical Hackers and we're now looking to grow this team.
This is a challenging, exciting, varied and broad role. Some key duties include responding to alerts from the SIEM, Vulnerabilities Management with Qualys, managing and implementing security tools such as DLP and IPS, co-ordinating pen test and security remediation with the engineering team, Risk Management, updating Risk Register and Continual Improvement log where security issues have been identified, updating documentation when required, and participation in internal and external audit activities.
Some of our main security tools: Cloudflare, Trend Micro Deep Security, Alienvault USM, Carbon Black, Qualys, Jamf, Snyk, AWS GuardDuty, AWS Cloudtrail, AWS IAM, AWS Shield, Ubuntu Landscape, Vault, Auth0.
Occasional travel to our London office will be required.
WHAT WE'RE LOOKING FOR
- 5+ years in Information/Cyber Security.
- A technical background.
- Working knowledge of security frameworks and security controls e.g. NIST CSF, ISO22301, IS027001, ISAE3000/SOC2, SOC1, GPR and PCI DSS.
- Exposure to security operations and application security best practices.
- Experience developing, writing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards to ensure that security and compliance accreditations are achieved and maintained.
- Perform periodic internal audits, reviews and contribute to the continuous improvement of IT security standards, processes and procedures.
- Ability to perform Business Impact Analysis, risk assessment and treatment.
- Experience operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems.
- Relevant certifications (CISSP etc.)
- Experience in security incident response, forensic security investigations, management and remediation of identified and day zero vulnerabilities, alerts, threats and breaches.
- Public Cloud Security experience.
- 30 days annual leave plus Bank Holidays
- Remote friendly environment
- Remote working equipment allowance
- Flexible working arrangements
- Udemy and educational reimbursements
- Full details are available on our careers page
Form3 appreciates that we all lead different and often really busy lives. We work remotely 100% of the time and many of us work part time. If you’re interested in hearing what different flexible working arrangements may be available, we’d love to chat.
We are an award-winning cloud-native payment technology provider for financially regulated institutions. Launched in 2016, we've doubled in size year on year as we continue to redefine what a truly instant payment experience means.
We celebrate diversity, promote entrepreneurialism and are committed to giving everyone a say in shaping our business. Here you will grow as a person and accomplish incredible things. A career at Form3 is empowering, inspiring and fun. Join us and help shape the future of payments.
At Form3 we embrace equal opportunity and are committed to building a diverse team of exceptional individuals. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status and it is our strong belief that the more inclusive we are as a business, the better our work will be.