At a Glance
- Tasks: Secure AI systems, improve security tools, and collaborate with engineering teams on innovative features.
- Company: Join Zopa, a diverse fintech company focused on security and innovation.
- Benefits: Hybrid work, flexible hours, training resources, and a supportive community.
- Other info: Diverse workplace with opportunities for growth and learning.
- Why this job: Make a real impact in product security while working with cutting-edge technology.
- Qualifications: Experience in offensive security and strong knowledge of web/mobile OS security.
The predicted salary is between 60000 - 80000 £ per year.
Zopa’s Product Security team ensures security is baked into our products from the very start of their lifecycles within a niche of 4 professionals, part of a larger InfoSec team of 18. You will help secure AI‑based systems, improve security tooling, develop a SLSA strategy, roll out bounty programs, and collaborate closely with engineering teams to design, architect, and test new features.
A Day in the Life
- Advocate for security for product owners and engineers, building working relationships.
- Perform web, mobile, and backend security assessments directly.
- Coordinate assessments with third‑party assessors when required.
- Provide input on technical architecture discussions and threat‑model upcoming features.
- Oversee secure engineering training programmes and promote secure practices.
- Integrate security tooling—SAST, SCA, DAST, secrets scanning, vulnerability scanning—into CI pipeline.
- Manage and enforce Secure Development Lifecycle controls.
- Triage bug‑bounty reports and findings from automated tools.
- Acquire knowledge of new technologies as needed, with company support for learning.
- Advise on security patching and monitor internal tool patch status.
- Balance security with productivity and communicate trade‑offs to stakeholders.
About You
- Experience in offensive security, performing assessments with tools such as BurpSuite, nmap, Kali Linux.
- Strong background in web or mobile OS security and willingness to learn the other.
- Fundamental networking and OS knowledge, command‑line proficiency.
- Comfortable with threat‑modeling and explaining trade‑offs to non‑technical stakeholders.
- Basic scripting skills and confidence in at least one language (Python, JavaScript, Go).
- Knowledge of secure coding practices and the ability to provide detailed remediation guidance.
- Experience advising on architecture earlier than code and spotting fundamental flaws.
- Basic cloud infrastructure knowledge (VMs, SDN, IaC fundamentals).
Additional Bonus
- Experience in fintech, especially banks with mobile apps.
- Ability to read common tech‑stack languages (Java, C#) for white‑box assessments.
- Understanding of software‑engineering practices to maintain internal tools.
Working at Zopa
- Hybrid role: 2–3 days per week in London, up to 120 days per year working from abroad (subject to right to work).
- Flexible working arrangements supporting work‑life balance and face‑to‑face collaboration.
- We support employees through resources, training, and community.
Diversity Statement
Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture. Nearly fifty nationalities are represented here, and we maintain a DE&I forum that welcomes any Zopian who wants to make a difference. We reflect our commitment in our hiring process and welcome applicants needing any reasonable adjustments.
Senior Product Security Engineer in London employer: Zopa Bank
Zopa is an exceptional employer that prioritises a collaborative and inclusive work culture, offering flexible hybrid working arrangements that support a healthy work-life balance. With a strong focus on employee growth, Zopa provides ample resources for training and development, ensuring that team members can continuously enhance their skills in a dynamic fintech environment. The diverse team, representing nearly fifty nationalities, fosters innovation and creativity, making it a rewarding place to contribute to cutting-edge product security initiatives.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Product Security Engineer in London
✨Network Like a Pro
Get out there and connect with folks in the industry! Attend meetups, webinars, or even local tech events. Building relationships can open doors to opportunities that aren’t even advertised.
✨Show Off Your Skills
Don’t just talk about your experience; demonstrate it! Create a portfolio showcasing your projects, assessments, or any security tools you've developed. This gives potential employers a tangible sense of what you can bring to the table.
✨Ace the Interview
Prepare for interviews by brushing up on common questions related to product security. Be ready to discuss your past experiences and how they relate to the role. Practice explaining complex concepts in simple terms—this will impress non-technical stakeholders!
✨Apply Through Our Website
When you find a role that excites you, apply through our website! It’s the best way to ensure your application gets the attention it deserves. Plus, we love seeing candidates who are genuinely interested in joining our team.
We think you need these skills to ace Senior Product Security Engineer in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the role of Senior Product Security Engineer. Highlight your experience in offensive security and any relevant tools you've used, like BurpSuite or Kali Linux. We want to see how your skills align with what we're looking for!
Showcase Your Projects:Include specific projects where you've performed security assessments or integrated security tooling into CI pipelines. This gives us a clear picture of your hands-on experience and how you can contribute to our team.
Be Clear and Concise:When writing your cover letter, be clear about why you're interested in Zopa and this role. Keep it concise but impactful—let us know how your background makes you a great fit for our Product Security team.
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It helps us keep track of applications and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at Zopa Bank
✨Know Your Tools
Familiarise yourself with the security tools mentioned in the job description, like BurpSuite and nmap. Be ready to discuss your experience using these tools in assessments and how they can be integrated into CI pipelines.
✨Understand the Role of Security in Product Development
Prepare to explain how you would advocate for security within product teams. Think about examples where you've successfully communicated security trade-offs to non-technical stakeholders and how you can build relationships with engineers.
✨Showcase Your Scripting Skills
Brush up on your scripting skills, especially in Python or JavaScript. Be prepared to discuss how you've used these languages to automate security tasks or improve processes in previous roles.
✨Stay Current with Industry Trends
Research recent developments in fintech and AI-based security practices. Being able to discuss current trends and how they relate to Zopa's products will show your enthusiasm and commitment to the role.
