Engineering Manager - Application Security

Job Description

What do we do?

As the SaaS space expands, there’s more potential than ever for growing software companies.

Having a great product is only part of the journey. B2B SaaS companies today face endless competition, live or die by customer acquisition costs, have to earn customer loyalty every day, need to operate across borders, and must navigate increasingly complex regulations.

Our all-in-one platform is purpose-built for modern SaaS execution and already powers growth for over 2000 software companies, globally. Our Revenue Delivery Platform integrates checkout, payment, and subscription management, making it easy for businesses to activate new business models, enter new markets, turn on new offerings, and renew subscriptions without friction and we handle compliance globally, so our Sellers always operate with full integrity.

The role:

As a leader in the Product and Engineering group you will play a pivotal role in helping Paddle achieve its business objectives by embedding application security principles and processes throughout the product development lifecycle. You will be working to scope, plan and deliver application security and DevSecOps processes and procedures which set standards for SaaS software security and which provide our customers with assurance that we can be trusted with their critical business processes.

What you'll do:

• Managing integration and use of AppSec related tooling such as Static or Dynamic Application Testing, SCA and vulnerability scanning tools in the Development lifecycle
• Establish, mature and run Paddle’s Penetration testing and bug bounty programs
• Subject matter expertise for application vulnerability scanning and penetration testing remediation, taking charge of bug intake and remediation process for the organisation
• Responsible for upholding code reviews across all code platforms and providing hands on support
• Conducting Risk Assessments as part of a larger Risk Management framework

We'd love to hear from you if you:

• Have proven work experience in an AppSec role, or proven hands-on experience in a similar role and a solid development background. PHP and Go plus AWS experience a bonus!
• Enjoy collaborating with our technical and non-technical departments to solve business problems from a security and privacy perspective
• Are excited by the challenge of finding ways to improve the code and team processes that lead to more integrated security
• Have a strong understanding of the development process - from design through to deployment, maintenance, and what that means for day-to-day development
• Are interested in what DevSecOps can do for our ability to deliver SaaS software securely and efficiently!
• Experience working with diverse AppSec frameworks and methodologies such as OWASP Top 10, MITRE ATT&CK. Bonus points if you have experience with OpenSAMM and OWASP ASVS from concept to implementation

Why you’ll love working at Paddle

We are a diverse team of 170 and growing people. We care deeply about enabling a great culture which is inclusive no matter your background. We celebrate our diverse group of talented employees and we pride ourselves on our transparent, collaborative, friendly and respectful culture.

We live and breathe our values, which are:

• Exceptional Together
• Solve for the Customer
• Execute with impact
• Better than Yesterday

We offer a full suite of benefits, including attractive salaries, stock options, pension plans, private healthcare, a health & wellbeing platform and coaching sessions.

We are a ‘digital-first’ company, which means you can work remotely or from an amazing office if you prefer, or even a bit of both! We offer all team members unlimited holidays and 4 months paid family leave regardless of gender. We love our casual dress code, annual company retreats and much more. We truly invest in learning and will help you with your personal development, from constant exposure to new challenges, an annual learning stipend to regular internal and external training.

Our Mission

Our mission is to help software companies succeed — enabling them to focus on creating products the world loves. Hundreds of companies rely on our e-commerce platform to sell their software products globally, as well as our powerful analytics and marketing tools to understand and grow their businesses.

Our vision is to become the platform that all software companies use to run and grow their business. We aim to replace a fragmented ecosystem of specialised tools with a unified platform that removes the complex burden that comes with running a software business, whilst also providing unparalleled insight to help them grow faster.

Deloitte Fast 50 named us amongst the fastest growing software companies in the UK four years running, and we’ve raised over $93m in funding from incredible investors such as FTV Capital, Kindred, Notion, and 83North.

Equal opportunities

We believe in having diverse teams in which everyone can be their authentic self is key to our success. We encourage people from underrepresented backgrounds to apply and we don't discriminate based on race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, marital status, disability or age. ​Our office is wheelchair friendly and we are a family-friendly employer​.