Form3 are looking for a Senior Cloud Security Engineer (DevSecOps) - 100% remote (UK/EU Only) to join their team.
Our Security Team is led by our CISO and consists of Ethical Hackers, Cloud Security Engineers and Information Security Officers. Together they work to keep Form3 secure, whilst educating our teams and promoting best practices across all divisions. They’re consistently baking security into our culture and utilising some of the most modern and exciting technologies on the market.
Working at the pinnacle of Payment Technology our security teams have varied day-to-day responsibilities. As a cloud-native company, our services are mainly on AWS, but we are deploying more on to GCP, as we are intending to become cloud-agnostic. Utilising Terraform for IaC we need to ensure that our increasing Infrastructure is not only meeting compliance standards (ISO27001, Soc1/2 and PCI-DSS just to name a few) but is functionally secure to allow our software engineers to continue their developments. We have developed a DevSecOps mindset here at Form3 so you’ll be an advocate for this coaching the software engineers on best practices around ‘Secure as Code/ by Design’ concepts to ensure that all of our products are secure from conception to when they are deployed on our CI/CD pipeline. Another aspect of the opportunity will be increasing the resilience around our Micro-Service architecture, this will include encryption policy reviews and testing, IAM monitoring and container security. Container security is an important aspect of this opportunity, containers bring their own set of attack vectors which you will be tasked with mitigating and securing. Ensuring the scanners and monitoring tools that we use are as efficient and effective as possible through the entire journey a container takes on Docker within our Kubernetes clusters.
What we are looking for
- Strong Programming Skills (we use Go but we are flexible on this)
- Strong experience in Container and Kubernetes security implementing cluster/ container best practices, Linux hardening, and container image provenance.
- Hands-on experience with API Security and Cloud Security, preferably AWS/ GCP.
- DevSecOps methodology and tools experience that is being utilised in a mature SDLC to create a Secure SDLC.
- Security Architecture experience
- Threat modelling experience for SDLC and hybrid infrastructure
- Relevant qualifications such as AWS Security Specialist, GCP Security Engineer, CKA, CKS, OSCP, eCPPT, CCSK or GCLD, GPCS, GCSA
- 30 days annual leave plus Bank Holidays
- Remote friendly environment
- Remote working equipment allowance
- Flexible working arrangements
- Udemy and educational reimbursements
- Hack-the-box Thursdays!
- Full details are available on our careers page
Form3 appreciates that we all lead different and often really busy lives. We work remotely 100% of the time and many of us work part time. If you’re interested in hearing what different flexible working arrangements may be available, we’d love to chat.
We are an award-winning cloud-native payment technology provider for financially regulated institutions. Launched in 2016, we've doubled in size year on year as we continue to redefine what a truly instant payment experience means.
We celebrate diversity, promote entrepreneurialism and are committed to giving everyone a say in shaping our business. Here you will grow as a person and accomplish incredible things. A career at Form3 is empowering, inspiring and fun. Join us and help shape the future of payments.
At Form3 we embrace equal opportunity and are committed to building a diverse team of exceptional individuals. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status and it is our strong belief that the more inclusive we are as a business, the better our work will be.