Platform Security Engineer in Manchester

Gear4music is a leading UK & European musical retailer. Having launched in 2003 with a mission to offer a range of easy and affordable musical gear to musicians. We offer over 63,000 products in 190 countries, 15 languages and 9 currencies. In 2022, AV.com launched under the Gear4music umbrella, focussing on retailing Home Cinema, HiFi and accessories. Gear4music is powered by a technical team of over 40 people who build and maintain a platform that makes achieving our mission possible. We recently turned over £152m as a group with consistent revenue growth since listing on the AIM.

Who Are You? You are a motivated, flexible and talented engineer who is enthusiastic about learning new things and challenging themselves. You’re not a lone ranger but believe in a joined up and friendly work environment that delivers real projects, working collaboratively excites you. You’re someone who takes pride in the things you do and likes to see things from beginning to end. You love the attention to detail and might admit it's a blessing and a curse. You will champion new technologies when it’s right for the business. You’ll also need some personality, a strong GIF-game, and we’d love to know what you’re into.. to an extent.

Your Mission To work alongside like‑minded people across our software engineering, architecture, infrastructure and testing teams. To be passionate about building security into everything we do; whether that’s threat modelling, hardening cloud environments, improving IAM, automating controls, or documenting best practice (or all of the above). To set high standards for yourself and the work you deliver, helping us create a secure, stable and trusted platform, enabling:

• Secure‑by‑design applications and services
• Safe, reliable and automated releases (working towards full CI/CD)
• Strong detection, response and observability
• A culture where security is shared, understood and championed

Your Stack

• Google Cloud security fundamentals: IAM, VPC design, Cloud Armor, Secrets, KMS
• Experience mitigating real‑world security threats and vulnerabilities
• Understanding of DevSecOps best practice and secure SDLC
• Familiarity with CI/CD systems such as GitHub Actions and securing build pipelines
• Monitoring & alerting: Prometheus, Grafana, GCP Monitoring, SIEM concepts

Nice to Have

• Experience with web servers & proxies: Apache, Nginx, Traefik, HAProxy
• Exposure to databases such as MySQL, MongoDB, Firebase, Elastic, Redis
• Network & request tracing including HTTP/1–3 and gRPC
• Experience running security workshops, threat modelling sessions or training

Soft and Fluffy Description of Skills

• Able to plan and manage your workload across multiple projects and priorities
• Comfortable collaborating, influencing and sharing knowledge with other teams
• Passionate about secure, scalable and complex distributed systems
• Confident communicating security concepts to both technical and non‑technical people
• Motivated to push security forward across the business, not just maintain it

Don’t worry if you can’t tick all of these boxes! If you did, you might be exaggerating. We’d like to hear from you if this sounds like the kind of tech stack you’re used to working with.

Why Us? Because we care about YOU. We pride ourselves on our culture, offering more than gimmicky branded merch and a PS5 you don’t have time to play. You are the most important aspect of our business. We want to grow and nurture you in an open and supportive environment. We create a safe and conducive atmosphere for you to share your ideas and make the necessary mistakes without the fear of failing - after all, mistakes are growing pains! We bring our most authentic selves forward - no need to pretend to be something you’re not, we’d rather your energy went into something more fulfilling. We embrace and encourage individual quirks and believe these qualities should be celebrated as they are vital to our innovation. We actively seek new ways to develop ourselves and respond to feedback constructively. We proactively share advice with others to accelerate our growth with new insights and perspectives. We celebrate each others success because when we win, we win together and if we don't win, we learn together!

We’ve got important things covered, like having properly trained mental health first aiders, a wellbeing coach, work-life balance, tailored personal progression plans and the glue that holds us all together - our Slack channel. We’re techy to the core, with technical leaders through to board level. We pride ourselves on our flat structure where directors sit in with the teams and are there when you need them. We encourage open and honest feedback, even if you’re critiquing your boss. No power games here! We normally work from our offices in central Manchester & York, but we do offer remote/hybrid working roles.

What We Will Offer

• Great pay – and it’s always on time. No expectation of long hours. We respect your time.
• A personal development plan and regular 1:1s.
• Your choice of Mac, Linux or Windows Laptop
• Health Assured Employee Assistance Programme.
• Flexible hours and no dress code.
• Mental health first aiders.
• A strong learning culture with support for external training.

And the usual good stuff:

• Cycle to work scheme.
• Company pension scheme.

We are an equal opportunities employer and welcome applications from all suitably qualified candidates, regardless of age, disability, gender reassignment, marriage or civil partnership status, pregnancy or maternity, race, religion or belief, sex, or sexual orientation, in line with the Equality Act 2010. If you require any reasonable adjustments as part of the recruitment process, please let us know. A member of our friendly recruitment team will contact you to discuss your needs in more detail and ensure appropriate arrangements are made.