Platform Security Engineer

Job Description

About Attest

Founded in 2015 and headquartered in London and New York, Attest is a consumer research SaaS platform for the world’s biggest and fastest growing brands. Attest’s easy-to-use, self-serve dashboard is coupled with on-demand research expertise, empowering anyone to quickly conduct high-quality research and be continuously tapped into the consumer.

Some of the notable brands leveraging continuous insights to put the consumer’s voice at the center of their business with Attest include Unilever, Santander, Walgreens/Boots, Klarna, Brew Dr. Kombucha, Trustpilot, JCDecaux among many others. To date, Attest has raised $90 million in venture capital with backing from investors such as Kismet, Schroders, and NEA. To learn more about Attest, visit www.askattest.com.

The mission for this role:

Attest’s platform squad exists to empower other engineers to deliver value with high efficiency, security and reliability, by empowering them with platforms, tooling and infrastructure and we are looking for a Platform Security Engineer to join us. The security aspect is of no less importance and extends beyond the Engineering team.

Along with this security focus, you will share responsibility for the stability, scalability and efficiency of Attest’s platform infrastructure. You will work in collaboration with platform team members, other engineers, and people across Attest to scope out, prioritise and deliver security and other enhancements to the Attest platform.

You will also participate in defining the best security tooling and configuration changes to meet ISO 27001 and other compliance/security requirements. You will work with a wider team on ISO certification, with your role remaining focused on security, from strategy to implementation.

Your focus will be to…

• Plan, design, and improve infrastructure as code (IaC) relating to security. You may also be involved in developer tooling for security, while aiming to maintain developer velocity.
• Deliver day to day tactical improvements, mostly for the security area. These typically include enhancing CI/CD pipelines, automating our AWS/EKS infrastructure with Terraform, and helping migrate to Pulumi and Golang, maintaining and improving our telemetry and logging infrastructure as well as maintaining documentation for all platform owned services and processes.
• Develop technical solutions based on DevSecOps principles to help address security issues and automate repeatable tasks, along with implementation of security controls to protect cloud resources and data.
• Partner with leaders across the business (Product, Engineering, Legal, IT and beyond) to define security direction and to provide security strategy, tooling advice and promote secure engineering practices. As part of a wider team, you will contribute to ensuring that our platform is compliant to security related regulations such as ISO 27001.
• The culture of security awareness is not the job of the Platform Security Engineer alone! You will ensure that security policies and practices for cross-disciplinary teams and engineers remain relevant and impactful.

We’d love to hear from you if…

• You have previous experience as a Platform Security Engineer, or may have had roles with “DevSecOps”, “DevOps”, “Platform”, “Security or “SRE” in the job title. You were working alongside others for compliance projects such as ISO 27001 or GDPR.
• You have experience working with AWS, Kubernetes, cloud networking and Linux. It would be ideal if you have experience with Kubernetes manifests and Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, Pulumi, AWS CDK or CDKTF (Terraform CDK).
• You have basic experience of programming for infrastructure using any procedural language beyond bash, and want to learn more - examples could be Golang, Python, JavaScript, Ruby or other languages.
• You have experience of applying DevSecOps techniques and tools - these may include threat modelling, “shift left”, static analysis, dynamic analysis, policy as code, software supply chain security, tamper-proof audit trails, etc.
• You are familiar with the main types of security tools and can advise on which types are most appropriate based on security goals, tech environment and business context. Such tools may include SIEM, SAST, DAST, vulnerability management, etc, and could involve a mix of open source and commercial components.
• You have experience managing security incident responses including blameless postmortems.
• You are able to see big picture goals and create actionable roadmaps for security programs, technology, and business initiatives.

Pay & Benefits:

We believe that everyone’s unique skills and experience are important and we celebrate every hire we make. Our pay and benefits programme is designed with a focus on the wellbeing, engagement and growth of our people.

• A competitive salary that fairly recognises your experience and potential
• We’re enthusiastic to offer all Attesters EMI share options in the company so that as the business succeeds, so do you!
• 25 days (UK) paid holiday per year, increasing to 26 after 3 years service and 27 after 4 years service. This is in addition to local public holidays and an additional 2 days off around the festive season
• To help you save for your retirement, you’ll be auto-enrolled to our group pension plan when you join
• Support with remote and flexible working both whilst we navigate the world as it is now and in the long-term. We’ll even give you £300 to set up your home office
• A career growth and development budget of £20 per month which can be accrued over the year.
• A £40 a month wellness allowance to spend on things that matter to your physical and mental wellbeing. This can be spent on a monthly basis or saved up for larger purchases over the year.
• Access to private and confidential coaching or counselling via Sanctus
• Spend up to 2 paid days per month - 10% time - giving back to your community or supporting your favourite charity
• 10 days paid sick leave a year - for your body and your mind
• 24/7 Employee Assistance Programme by Care First
• Your choice of equipment and access to great tools that support your productivity and impact
• An open, inclusive and supportive team where everyone is valued and all ideas and suggestions are welcomed

In-person and remote working balance…

As a company, we aren’t fully remote and place strong emphasis on teams being able to meet, and spend time together in a safe and flexible environment regularly, as well as being able to travel to meet customers when rules and safety considerations permit. We always want to ensure that it is balanced against having a healthy approach to flexible working/working from home and nurturing your life outside of work as well as in work.

With that in mind, we have a permanent office location at 21-33 Great Eastern St, London EC2A 3EJ, where our team spend time together on a weekly basis. We don’t set specific rules, but expect folks to spend time with the team in the office on average 2 - 3 days per week.

Our Commitment to Diversity, Equity and Inclusion

The world’s best companies mirror the world around them. We are building an Attest that brings together, and actively celebrates, diversity in race, age, physical and mental ability, sexuality, gender identity and perspectives. Every Attester should feel they belong as their complete selves. We make an active choice to acknowledge and remove systematic inequality from our people and talent processes. We don't claim to have this all figured out yet, but it’s a journey we are fully accountable to.

With this in mind, data shows that individuals from minority groups typically only apply if they meet every criteria listed. Based upon this insight, we wanted to take this opportunity to encourage individuals who meet some, but not all criteria to still apply as you may be the right person for the role!

We want you to bring the best of you to the hiring process. Please contact us at talent@askattest.com if you’d like to discuss any adjustments to our process which might help you demonstrate your strengths and capabilities.