Senior Security Engineer

At Kroo Bank, we are charting the future of banking with our groundbreaking technological innovations and unique digital services. The rapid advancements in the fintech sector necessitate ongoing evolution in the roles and responsibilities of our bank to effectively tackle new business opportunities and challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation.

How you will contribute and key responsibilities:

• Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices.
• Vulnerability Management: Proactively identify, assess, and remediate security vulnerabilities to maintain the integrity and confidentiality of our customer data.
• Security Automation: Automate security processes and procedures to enhance efficiency and effectiveness, reducing the risk of human error.
• Security Requirements and Solutions: Identify, define, and document system security requirements, providing well-considered recommendations to management.
• Development of Security Standards: Develop and maintain best practices and security standards for the organisation, guiding teams in the implementation of secure coding practices.
• Secure Design: Collaborate with development teams to ensure that web and mobile front-ends, as well as microservice architectures, are designed with robust security measures in mind.
• Risk Management and Compliance: Assist teams in ensuring that products and services are secure by design, align with the organisation's risk appetite, and comply with all relevant group standards, policies, and regulatory requirements.
• Cybersecurity Collaboration: Work closely with stakeholders across the organisation to align security measures with our overarching cybersecurity strategy and protect the bank's technology infrastructure.
• Regulatory Compliance: Support teams in meeting compliance requirements for internal audits and external regulators, safeguarding against potential fines and reputational damage.

Requirements:

To be successful in this role you should have skills and experience in multiple domains, such as application security, network security or security operations. You need to have programming experience and the ability to proactively seek out efficient and repetitive solutions to security challenges. At a minimum, you should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following:

• Threat modelling and risk assessments.
• Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...).
• Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2).
• Working knowledge of cryptography including encryption, signing and digital certificates.
• Principles of securing mobile applications and web services.
• Docker or Kubernetes and infrastructure as code.
• Event driven streaming technologies.
• Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs.
• Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform).
• Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes.
• Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP).
• Security certification such as CISSP, CCP, SANS, GAIC, Ethical Hacker.
• Experience in working in regulated company, preferably with a FinTech/ banking background and experience in DevOps.
• Excellent oral, written communication and presentation skills.

Benefits:

What we offer: At our cutting-edge fintech company, we know that attracting and retaining the best talent means offering top-notch benefits that help our employees thrive both in and outside of work. Check out what we currently offer:

• Generous holiday time: 25 days annual leave, 8 bank holidays, 1 Kroo bank holiday (June 24th), and 1 day off during the week of your birthday.
• Personal days: We know that life can be unpredictable, so we offer 3 personal days to use as needed.
• Employer-sponsored volunteer program: We're passionate about giving back to our community, and we support our employees in doing the same with up to 4 hours per month of employer-sponsored volunteer time.
• Mental health support: We care about the mental health of our team members and offer access to Spill, our mental health support partner.
• Workplace pension: We want you to feel secure about your future, so we offer a workplace pension with a 5% employee contribution and a 3% employer top-up.
• Learning and development: After 1 year of service, you'll have access to £500 from the Kroo Learning Fund to invest in your career development.
• Top-notch equipment: We provide top-of-the-line equipment necessary for smooth hybrid work, including a MacBook laptop. Additionally, we also offer support in establishing your home office by contributing towards your setup if required.
• Modern office: When you're in the office, you'll enjoy access to our modern, bustling workspace in Holborn, Central London, which includes a full gym.
• Cycle to Work scheme: We encourage sustainable transportation with our Cycle to Work scheme.
• Electric Car scheme: We're committed to reducing our carbon footprint, and our Electric Car scheme makes it easy for our employees to do the same.
• Enhanced parental leave: We know that family comes first, and we offer an enhanced parental leave policy to support our employees in starting and growing their families.
• You get full healthcare for you and your nuclear family via Vitality.

Hybrid Working: At Kroo Bank, we have a hybrid policy that gives both individuals and teams a lot of freedom when it comes to using the office space to boost productivity. Our London office is a great resource when used effectively. So, employees who can occasionally come to the office are a good fit for how we work right now. Keep in mind that this job involves working from Monday to Friday, with a mix of remote and office work, so you won't need to be on-site all the time.

Diversity and Inclusion: We wholeheartedly uphold our commitment to fostering a diverse and inclusive workplace. Every employee is highly regarded, respected, and supported without any form of judgement or prejudice. We consider Diversity, Equality, and Inclusion as fundamental pillars guiding our path in all aspects of our bank. We also ensure that reasonable adjustments are made available to all candidates throughout the recruitment process.