cubierta
Esta oferta ya no está disponible

Senior Product Security Engineer en London

Skyscanner

Lugar de trabajo
En sede
Horas
Full-Time
Prácticas
false
Comparte la oferta

Descripción de la oferta

This senior position plays a key role in ensuring Skyscanner teams are taking all required steps in building a secure product set. The Security Squad forms part of our Developer Enablement Tribe who have responsibility for all aspects of Product Engineering at Skyscanner.

You’ll play a major and leading role in protecting Skyscanner against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. We will look toward your unique skills to approach and solve problems in your own way.

Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.

Core responsibilities:

  • To drive improvements to Skyscanner’s security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence
  • Implement measures to secure and protect the Skyscanner website and mobile apps
  • Perform design reviews and Threat modeling of Skyscanner services and products
  • Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
  • Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
  • Liaison with development teams for design, code reviews & education
  • Cross-team security initiatives
  • To contribute to security strategy, security tooling selection and creation

What do you need to apply?

  • A proven and strong depth of expertise in Cyber and Information Security is essential - ideally with hands-on experience in web and mobile security for critical 24/7 applications
  • Knowledge of security in distributed systems at scale
  • Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. sprints, Kanban)
  • A comprehensive knowledge of Web application security, HTML5, JavaScript, React, REST APIs.
  • Experience securing consumer products and services
  • Experience in Penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analyzers, etc.)
  • Coding experience for automating/integrating security tools and creation of security tools.
  • Cloud and containers technology knowledge essential (AWS)
  • Sound knowledge of the OWASP Top 10 and how they can be prevented
  • Knowledge of the latest industry threats
  • Knowledge and understanding of web programming languages is highly preferred (e.g. we're big Python users but an awareness of other coding languages would also work to engage with our developers from a security coding perspective, code reviews etc.)
  • Experience of performing security design reviews, threat modeling and risk assessments
  • Good analytical and reasoning skills
  • A passion for technology, the internet economy and mobile applications
  • Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
  • Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS

For more details on Engineering at Skyscanner you can check out our Engineering Blog - CodeVoyagers and follow Skyscanner Engineering on Twitter @CodeVoyagers


 

Acerca de Skyscanner

  • Travel

  • Edinburgh

  • 500-1000 employees

  • 2001

Skyscanner is a global search engine that enables people to find comparisons for flights, hotels and car hire. The service is free to users and directs you to the airline, hotel, car hire provider or travel agency to complete the booking process. It has over 50 million users a month.


  • - ‘Skyscanner University’ offers a range of courses for tech and business topics.
  • - At Skyscanner there’s no clocking in and there’s no bell at the end of the day, they prefer to give you the freedom and autonomy to do your job, add value and own your work.
  • - Better than average annual leave in all office locations.
  • - There’s enhanced maternity and paternity leave and a flexible working policy to encourage and enable a healthy work-life balance.



Otras ofertas de ciberseguridad que podrían interesarte...