This senior position plays a key role in ensuring Skyscanner teams are taking all required steps in building a secure product set. The Security Squad forms part of our Developer Enablement Tribe who have responsibility for all aspects of Product Engineering at Skyscanner.
You’ll play a major and leading role in protecting Skyscanner against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. We will look toward your unique skills to approach and solve problems in your own way.
Whether engineering a system to address a technical security
hurdle, protecting our customers' data, or consulting on a wide range of
security topics, you are empowered to engage and lead
- To drive improvements to Skyscanner’s security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence
- Implement measures to secure and protect the Skyscanner website and mobile apps
- Perform design reviews and Threat modeling of Skyscanner services and products
- Perform vulnerability assessments and security testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
- Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle
- Liaison with development teams for design, code reviews & education
- Cross-team security initiatives
- To contribute to security strategy, security tooling selection and creation
What do you need to apply?
- A proven and strong depth of expertise in Cyber and Information Security is essential - ideally with hands-on experience in web and mobile security for critical 24/7 applications
- Knowledge of security in distributed systems at scale
- Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. sprints, Kanban)
- Experience securing consumer products and services
- Experience in Penetration testing and security tooling (Burp proxy, Web/Network Scanners, Static code analyzers, etc.)
- Coding experience for automating/integrating security tools and creation of security tools.
- Cloud and containers technology knowledge essential (AWS)
- Sound knowledge of the OWASP Top 10 and how they can be prevented
- Knowledge of the latest industry threats
- Knowledge and understanding of web programming languages is highly preferred (e.g. we're big Python users but an awareness of other coding languages would also work to engage with our developers from a security coding perspective, code reviews etc.)
- Experience of performing security design reviews, threat modeling and risk assessments
- Good analytical and reasoning skills
- A passion for technology, the internet economy and mobile applications
- Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
- Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
- - ‘Skyscanner University’ offers a range of courses for tech and business topics.
- - At Skyscanner there’s no clocking in and there’s no bell at the end of the day, they prefer to give you the freedom and autonomy to do your job, add value and own your work.
- - Better than average annual leave in all office locations.
- - There’s enhanced maternity and paternity leave and a flexible working policy to encourage and enable a healthy work-life balance.