AppSec Engineer at Indeed Flex, UK, 12 Months, to £650 per day (Outside IR35)

£550 - £650 per day
  • Contract Spy
  • UK
  • May 14, 2024
6 Months or more

Contract Description

Description

We are Indeed Flex. We Help People Get Jobs. Right now, we're hiring!

The current staffing model is broken, with low wages and limited opportunities. As flexible work continues to grow, we're taking a radically different approach: providing job seekers with control, ownership and choice, so employees can find the working patterns and scenarios to suit their lifestyles. In doing so, we aim to revolutionise the industry.

After demonstrating our approach throughout the UK under the Syft brand, we were acquired by Indeed.com in 2019 and we rebranded to Indeed Flex in 2020. With continued independence and phenomenal levels of support we've been able to accelerate our mission as we expand throughout the US as well as the UK. Fast growth creates tremendous opportunities - come and join a team of inquisitive, passionate, and driven individuals helping each other grow and building something meaningful!

Main Purpose

As an ApplicationSoftware Security Engineer you will be responsible for applying and implementing security across the breadth of the software development lifecycle within the Indeed Staffing Solution GM.
Very much a hands-on technical role suited to someone with an established software development background but with a strong focus on security, having ideally transitioned into Appsec, DevSecOps or Pentesting roles.
Leading by example and in collaboration with Product and Engineering teams you will apply expert knowledge and practical experience towards continuously improving the security of our platforms and applications.

Responsibilities & Duties

  • Collaborate with Product and Engineering teams to continuously improve security features and capabilities within the platform
  • Participate and advise design review ensuring that security requirements are appropriately considered against business risk and incorporated in solutions design
  • Proactively perform code reviews and application security assessments to identify vulnerabilities and assess security control effectiveness
  • Develop secure coding standards, principles and patterns to promote consistent and reusable by-design security
  • Motivate and educate Engineering teams on secure development and coding practices
  • Ensure Indeed enterprise wide security capabilities and tools are adopted and being leverage effectively within Staffing Solutions
  • Develop and establish DevOps practices to further embed and automate security within engineering practices and operations
  • Develop metrics to measure maturity and effectiveness of security against OKR's
  • Lead/assist in the management and resolution of identified vulnerabilities in accordance with SLO expectations (for example in response to Bug Bounty submissions, Pentest findings or other sources of vulnerabilities)

Qualifications & Skills

  • Minimum 6 years experience focusing on application security ideally across the full stack inclusive of Mobile Applications
  • Hands on developer experience Ruby/Rails, Java/JS, Python
  • Experience of SAST, SCA and DAST tools (Snyk, Invicti an added plus)
  • Practical application in the use of application security testing methods and tools such as Burp Suite.
  • Deep understanding of applications security risks and vulnerabilities (e.g OWASP Top 10)
  • API Security Implementation and Testing
  • Security expertise in Cloud Native architecture particularly in the areas of application development, automation engineering (AWS, containers, Kubernetes, Terraform, API)
  • Demonstrated experience of the full security software development life cycle (SDLC), including coding standards, code review, source control, build, test, deploy, and operations
  • Familiar with integrated development and CI/CD build platforms (GitlabCI)
  • Experience of application security protective capabilities for example WAF (Cloudflare) and API security
  • Familiarity with Data Security & Privacy by design principles
  • Familiarity with Centre for Internet Security (CIS) Critical Controls (especially where focused on secure software development)
  • High level of analytical and critical thinking skills with a strong drive to investigate, analyze, and resolve simple and complex problems.

Compensation:

  • Up to £650 per day (Outside IR35) for 12 months

You'll fit right in at Indeed Flex if:

  • You're a great communicator and highly collaborative. We're best when we all pull in the same direction
  • You don't mind doing the work, whatever it is - you can see the impact at the end and you're in it for the long haul
  • Data is your heart and soul - you know you need it to drive you in the right direction
  • You're proactive and always willing to learn
  • You can navigate the ambiguity and high levels of autonomy in a scale up environment - you know what we're about and you want to be a part of it