Security Engineer

Job Description

Our Mission

We're not your average benefits platform; we're the unordinary force that uplifts people's lives. Our technology is the link that connects the entire benefits ecosystem, creating better outcomes for employers, employees, brokers, and providers.

Our mission is clear: we're here to create a world where everything operates at its very best, ensuring that every employee receives the support they need to live life to the fullest, both at work and beyond.

Your Mission

As part of our engineering team, you will have the opportunity to learn from our senior security engineer and CTO, while helping to maintain and enhance our information security management system (ISMS) and execute our security roadmap.

We value self-starters who are eager to take on ownership and autonomy, in a supportive environment where you can make a real impact while developing your skills. Our culture emphasises work-life balance, so while we work hard to ship on time, we also take downtime and relaxation seriously.

What you'll be working on

• Configure and troubleshoot cyber security tools, including preventative and detective controls like EDR, vulnerability management tools, MDM & ZTNA

• Conduct risk assessments and evaluations of vendors and third-party solutions

• Document information security policies, procedures and technical controls as part of the ISMS

• Hands-on implementation of technical controls in collaboration with different parts of the engineering team (Platform, Backend, Data etc.) and other departments (People team, Operations etc.)

• Working across the engineering team to ensure that secure development practices are being championed and adhered to

• Monitor systems for irregular behaviour and help set up preventive measures

• Ensure that security considerations are taken into account, based on current best practices (e.g. OWASP Top 10, AWS Well-Architected Framework) in all software development and infrastructure projects

• Maintaining and managing our existing infrastructure, and supporting employees on occasion, as required

Behind the scenes

Our cross-functional delivery team is focused on business goals and solving problems in an efficient manner. We want the team to collaborate on new ideas and projects to find the best solutions.

Ben is built on Python 3, Django, PostgreSQL and React. We run on AWS and follow engineering best practices, with a pragmatic approach.

We are ISO 27001 certified and are striving for further certifications like SOC2 in the future.

You'll love this role if you have...

• The ability to contribute to complex information security projects with different stakeholders from end to end

• Experience working with a range of tools and technologies, including DLP, EDR, Firewalls, source code analysis & SIEM

• Experience with the Microsoft suite of products, including Entra/Azure AD, Intune & Defender

• Good knowledge of of single sign on, via SAML and OIDC/OAuth

• Knowledge of the OWASP Top 10, and the ability to partner with engineers to develop and embed security from the beginning of the product life cycle

• A strong understanding of networking, security frameworks and attack vectors

• Excellent communication skills adaptable to both tech and business audience

• Experience with GDPR, HIPAA and CCPA/CPRA (nice to have)

• Security certifications (e.g. Sec+, ISO 27001, etc) (nice to have)

• MacOS systems knowledge (SIP, Gatekeeper, etc) (nice to have)

and you...

• are a self-starter who thrives on autonomy, enjoys a rapid pace and wants to make a difference

• have a continuous improvement mindset. You appreciate that there are always ways to do things better and ensure your team does too

• have a preference to action-oriented behaviour with just enough analysis, as compared to too much time spent doing analysis with no action

• have the ability to make decisions balancing different factors such as business requirements, technical integrity, overall priorities etc.

• appreciate the opportunities and challenges of a distributed work environment

• are solution-focused with a pragmatic approach to problem-solving

Diversity and Culture at Ben

We are organically growing a brilliantly diverse, inclusive and respectful bunch of people we are extremely proud of. This should go without saying but all applications are very much welcome. If you need any adjustments to support you with your application, just let us know by emailing jobs@thanksben.com.

Our BENefits (... It's all in the name! 😉)

💰 Competitive base salary + equity, so you own what you build

💳 £100 monthly personal Ben Balance: for whatever works for you, whether that's Netflix, Spotify, or a really expensive cup of coffee! This allowance will increase by £50 for each year of service until you reach £250

🔋 £1000 annual Learning & Personal Development Ben Balance: plus 3 days paid study leave a year to support you with your professional development

👩🏽‍💻 £500 work from home set up allowance, which you can put towards your home office

🍔 Weekly lunch provided in office so you can spend quality time with the team over some tasty food!

🏖 28 days of holidays a year (plus bank holidays, which you have the option of swapping for days of celebration that are significant to you)

🌴 ...and an option to buy or sell 5 days per year. Also, your holiday entitlement will increase to 30 days at your 3rd year of service!

🍼 Enhanced parental leave and workplace nursery scheme to support with the cost of childcare in a nursery setting

🧠 Comprehensive and tailored mental health support through a leading provider

💪 Access to a Gympass membership!

❤️ Comprehensive Private Medical Insurance

🍿 Team activities: we have quarterly team social budgets to support spending time together and we frequently organise company wide events

📅 Flexible working - we're serious about life/work balance