At a Glance
- Tasks: Secure AI systems, improve security tools, and collaborate with engineering teams on innovative features.
- Company: Join Zopa, a diverse fintech company focused on security and innovation.
- Benefits: Hybrid work, flexible hours, training resources, and a supportive community.
- Other info: Diverse workplace with opportunities for personal and professional growth.
- Why this job: Make a real impact in product security while working with cutting-edge technology.
- Qualifications: Experience in offensive security and strong knowledge of web/mobile OS security.
The predicted salary is between 70000 - 90000 £ per year.
Role Overview
Zopa’s Product Security team ensures security is baked into our products from the very start of their lifecycles within a niche of 4 professionals, part of a larger InfoSec team of 18. You will help secure AI‑based systems, improve security tooling, develop a SLSA strategy, roll out bounty programs, and collaborate closely with engineering teams to design, architect, and test new features.
A Day in the Life
- Advocate for security for product owners and engineers, building working relationships.
- Perform web, mobile, and backend security assessments directly.
- Coordinate assessments with third‑party assessors when required.
- Provide input on technical architecture discussions and threat‑model upcoming features.
- Oversee secure engineering training programmes and promote secure practices.
- Integrate security tooling—SAST, SCA, DAST, secrets scanning, vulnerability scanning—into CI pipeline.
- Manage and enforce Secure Development Lifecycle controls.
- Triage bug‑bounty reports and findings from automated tools.
- Acquire knowledge of new technologies as needed, with company support for learning.
- Advise on security patching and monitor internal tool patch status.
- Balance security with productivity and communicate trade‑offs to stakeholders.
About You
- Experience in offensive security, performing assessments with tools such as BurpSuite, nmap, Kali Linux.
- Strong background in web or mobile OS security and willingness to learn the other.
- Fundamental networking and OS knowledge, command‑line proficiency.
- Comfortable with threat‑modeling and explaining trade‑offs to non‑technical stakeholders.
- Basic scripting skills and confidence in at least one language (Python, JavaScript, Go).
- Knowledge of secure coding practices and the ability to provide detailed remediation guidance.
- Experience advising on architecture earlier than code and spotting fundamental flaws.
- Basic cloud infrastructure knowledge (VMs, SDN, IaC fundamentals).
Additional Bonus
- Experience in fintech, especially banks with mobile apps.
- Ability to read common tech‑stack languages (Java, C#) for white‑box assessments.
- Understanding of software‑engineering practices to maintain internal tools.
Working at Zopa
Hybrid role: 2–3 days per week in London, up to 120 days per year working from abroad (subject to right to work). Flexible working arrangements supporting work‑life balance and face‑to‑face collaboration. We support employees through resources, training, and community.
Diversity Statement
Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture. Nearly fifty nationalities are represented here, and we maintain a DE&I forum that welcomes any Zopian who wants to make a difference. We reflect our commitment in our hiring process and welcome applicants needing any reasonable adjustments.
Senior Product Security Engineer employer: Zopa Bank
Zopa is an exceptional employer that prioritises security and innovation within a collaborative and diverse environment. With a hybrid working model that promotes work-life balance, employees benefit from flexible arrangements, continuous learning opportunities, and a strong commitment to diversity and inclusion. Joining Zopa means being part of a forward-thinking team dedicated to shaping the future of fintech while enjoying the support and resources necessary for personal and professional growth.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Product Security Engineer
✨Network Like a Pro
Get out there and connect with folks in the industry! Attend meetups, webinars, or even just grab a coffee with someone who works at Zopa. Building relationships can open doors that a CV just can't.
✨Show Off Your Skills
When you get the chance to chat with potential employers, don’t hold back! Share your experiences with tools like BurpSuite or Kali Linux, and talk about how you've tackled security challenges in the past. Let them see your passion for product security!
✨Be Ready to Learn
Zopa values continuous learning, so be prepared to discuss how you keep up with new technologies and trends in security. Mention any recent courses or certifications you've completed, and show that you're eager to grow with the company.
✨Apply Through Our Website
Don’t forget to apply directly through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining the Zopa team.
We think you need these skills to ace Senior Product Security Engineer
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Senior Product Security Engineer. Highlight your experience with offensive security tools and any relevant projects that showcase your skills in web and mobile OS security.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you’re passionate about product security. Share specific examples of how you've advocated for security in past roles and how you can bring that expertise to our team at Zopa.
Showcase Your Technical Skills:Don’t hold back on your technical prowess! Mention your familiarity with tools like BurpSuite, nmap, and your scripting skills. We want to see how you can integrate security tooling into CI pipelines and manage secure development lifecycle controls.
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It’s the best way for us to keep track of your application and ensure it gets the attention it deserves!
How to prepare for a job interview at Zopa Bank
✨Know Your Tools
Familiarise yourself with the tools mentioned in the job description, like BurpSuite and Kali Linux. Be ready to discuss your experience using these tools in assessments and how they can enhance security in product development.
✨Understand the Security Lifecycle
Brush up on the Secure Development Lifecycle (SDLC) and be prepared to explain how you would integrate security practices into each phase. Highlight any past experiences where you successfully managed security within a project lifecycle.
✨Communicate Trade-offs Effectively
Practice explaining complex security concepts in simple terms. You’ll need to communicate trade-offs to non-technical stakeholders, so think of examples where you’ve done this before and how it impacted the project positively.
✨Show Your Passion for Learning
Zopa values continuous learning, so share your enthusiasm for acquiring new skills and technologies. Mention any recent courses or certifications you've completed, especially those related to fintech or secure coding practices.
