Ravelin is hiring a

Security Engineer / Penetration Tester

London, United Kingdom
Remote


Who are we?

Hi! 👋 We are Ravelin! We're a fraud detection company using advanced machine learning and network analysis technology to solve big problems. Our goal is to make online transactions safer and help our clients feel confident serving their customers.

And we have fun in the meantime! We are a friendly bunch and pride ourselves in having a strong culture and adhering to our values of empathy, ambition, unity and integrity. We really value work/life balance and we embrace a flat hierarchy structure company-wide. Join us and you’ll learn fast about cutting-edge tech and work with some of the brightest and nicest people around - check out our Glassdoor reviews.

If this sounds like your cup of tea, we would love to hear from you! For more information check out our blog to see if you would like to help us prevent crime and protect the world's biggest online businesses.


Role

Our data is a crucial part to our success and of great importance to our clients, our partners and to our team. This is why we are currently looking for someone to help evolve the security function as Ravelin grows. As part of the security team, you will be highly technical, fully hands-on, be interested in all areas of information security and be willing to switch communication between technical and non-technical audiences.

To be successful in this role, you have to be a practical and pragmatic person with security sensibility who knows the difference between implementing an ineffective policy, and something difficult that is worth the additional friction.

For this role we are able to consider candidates based in the UK or Europe in a GMT -2/+2 timezone.


Responsibilities

  • Be a core member of the InfoSec team
  • Static and dynamic security testing including code review and penetration testing
  • Review security-based change requests
  • Help implement, maintain and administer security toolsets used in the software development process
  • Ensure teams have what they need to deliver secure code and applications including the skills, tools and training
  • Perform threat modelling exercises for critical changes
  • Provide assurance to the security architecture and design patterns for all IT and Cloud systems deployed and used
  • Provide expertise in compliance programmes for regulatory and compliance frameworks such as PCI DSS Level 1 / PCI 3DS2 / ISO 27001, and take part in their external audits
  • Create, review and maintain security policy, standards and procedures
  • Coordinate security awareness and training activities across the organisation
  • Manage the supplier assurance process
  • Manage and execute day to day security procedures (security incident management, information transfer etc) allowing the business to operate efficiently in a secure manner
  • Automate and improve security across the business
  • Contribute to InfoSec roadmap, leading initiatives


Requirements

  • At least 4 years of experience in the Information Security field
  • Excellent skills in penetration testing of web or mobile applications
  • Experience working in a cloud-native organisation, preferable with the Google Cloud Platform
  • Experience in documentation of controls, standards and procedures
  • Experience in scaling security with automation e.g. including tooling in pipelines instead of manual remediation (guardrails, not gatekeeper)
  • Relevant certification e.g. CISSP, CRISC, CISM
  • Experience or working knowledge of a variety of SAST, DAST and SCA security tools
  • Knowledge of current information security standards and regulations such as PCI DSS, ISO27001, GDPR
  • Solid and demonstrable comprehension of cyber and information security including secure coding, security in the SDLC, hacking techniques and the evolving threat landscape
  • Experience with web application firewalls
  • Working knowledge of infrastructure security scanning software
  • Working knowledge of secure development practices such as OWASP and BSIMM
  • Experience with MacOS and Linux OSs
  • Experience protecting organisations from known and emerging security threats (ransomware, DDOS, application vulnerabilities)
  • Strong understanding of the zero-trust/BeyondCorp security model and techniques/technologies used to secure remote-first, cloud-native organisations


Nice to haves

  • Experience with Golang and Python
  • Experience with Docker containerisation and Kubernetes security


Benefits

  • Competitive salary & equity package
  • A minimum of 25 days annual leave + bank holidays
  • Flexible working hours
  • Individual learning and development allowance of £1,000/year
  • Remote volunteer opportunities and monthly company charity donations
  • Fortnightly team lunches with different people from across the company (currently via video chat!)
  • Virtual quarterly company socials
  • Cycle-to-Work and childcare schemes
  • Virtual yoga twice per week as well as weekly board game and movie nights