Application Security Engineer

Job Description

Who we are:

At TrueLayer, we’re creating a payments network that better connects banks, businesses and everybody. And we’re going big. We’re taking on cards with a payment method that’s actually designed for the online, on-demand world we live in. Removing friction from the most crucial part of commerce: the payment.

To date, we’ve raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We’ve got offices in London, Milan and Dublin. And we’re trusted by industry leaders like Revolut, Coinbase and Nutmeg… though we’re not stopping here.

We’re on a mission to change the way the world pays, invests, shops and saves. To transform how people approach payments. To build a brand that redefines an entire industry — and we’d like your help to get us there. So what do you say?

Description

Security is a core pillar across all TrueLayer’s products. Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients, and ensure the availability, stability and security of our platform.

We’re looking for an Application Security Engineer to join our existing security team to shape and mature our approach to building secure applications. You’ll partner with product and engineering teams building scalable security solutions and embedding security processes from design through to release.

We aim to empower our engineers with best-in-class technologies and the opportunity to have meaningful impact. As part of an ambitious team you’ll be given hands on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.

What you will do:

• Establish security early in the design process, be involved in threat modelling our services during the design phase, to ensure a culture of secure design and execution is in place in engineering teams;
• Help shape engineering best practice through common libraries and performing source code reviews of our projects;
• Pro-actively test the security posture of our APIs, from an attacker’s perspective;
• Manage our bug bounty program and 3rd party penetration testing projects;
• Identify and own the tooling and process to integrate application security testing into our CI/CD pipeline;
• Improve and drive application security monitoring;
• Work with the security team to educate engineers on emerging technologies trends and threats.

Requirements

We’re looking for people who

• Have a strong background within application security;
• Are experienced working in modern development environments: we practice CI/CD and host everything in the cloud;
• Can create and improve processes that embed security in the SDLC;
• Have good knowledge of applied cryptography and authentication;
• Are proficient with scripting languages, and one object-oriented programming language;
• Have experience working with SAST or DAST solutions;
• Have experience performing code reviews, threat modelling and reviewing penetration test findings;
• Have a talent for conveying highly technical security concepts to colleagues of technical and non-technical backgrounds.

Nice to have:

• A blog, GitHub account and/or bug bounty findings that demonstrate your experience;
• Experience with AWS, Kubernetes, Docker from a user and/or security perspective;
• Experience in penetration testing REST based services
• Experience working in a .NET or Rust environment;
• Experience working with 3rd party security vendors;
• An understanding of the technical architecture of open banking.

Benefits

What you can expect from us:

• Meaningful equity in the company 💰
• Flexible hours and hybrid working — work from home 3 days a week and our incredible offices 2 days a week in London Milan and Dublin
• Need to collect the kids from childcare? Love a workout in the gym first thing? No worries, we trust you to do your best work within our hybrid framework 🧘
• A one-off remote-working budget to help you set up your home office 💺
• 24 days holiday as standard ✈️ with flexible bank holidays, so you can take those days whenever you like 🌍
• 12 fully-paid wellbeing days a year and your birthday off (on top of the holiday allowance) 🕊️
• 2 volunteering days to support causes important to you
• 90 day ‘work from abroad’ policy 👩‍💻☀️
• Generous parental leave, above and beyond statutory requirements and with no minimum tenure 👪
• Competitive pension contribution at 4% & 4% 🧓
• Private health insurance from the day you start 🧑‍⚕️
• Membership of mental wellbeing platform Spill and premium Calm subscription
• A £1000 budget to spend on learning & development each year 📚
• Free lunch from Just Eat 🥙 (If you choose to work from the office on Tuesdays and Wednesdays)

At TrueLayer, we don’t just do inclusion and diversity. We embrace people that have different opinions, perspectives and personalities. Because we believe that by seeing the world from all sorts of angles, we can make life better for all the people who live in it. We strongly encourage applications from underrepresented groups (e.g. people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from all socio-economic backgrounds). If you’d like to discuss alternative working patterns, please let us know.

We will always aim to make appropriate adjustments to ensure we are fully inclusive to people with different needs during our interview process. So if you need us to make any adjustments to suit your individual needs please let us know - we’ll be happy to support you.