Job title: Cyber Security Engineer - DMD
Job type: Permanent
Emp type: Full-time
Salary type: Annual
Salary: GBP £70,000.00
Location: Uxbridge
Job published: 2022-06-29
Job ID: 53193

Job Description

Remote (UK) Cyber Security Engineer - giffgaff

Are you a Cyber Security Engineer? Do you want to be challenged and help a Cyber Security function grow all while working for a company who’ve been awarded Uswitch Network of year for 6 years out of 7? Who are we you ask?

We’re giffgaff, and whether or not you’ve heard of us before, our business model is certainly unique. We take a highly collaborative approach to any decision we make - working with our members (who are rewarded for helping) across all areas of the business. Our vibrant community, online platform and immense value proposition are key to our success. We’re both proud and humbled to say that over the past few years our member base has grown, but our job is far from done. We’re always looking to acquire new members - but to do that we need the best people to help and that’s why we’re hiring! 

We’re looking to expand our engineering capabilities and to follow our growth plans for 2022, we’re looking to make 70-80 new hires, and so will also need to grow our Cyber Security Engineering team – and that’s where you come into play! We’re currently searching for a Cyber Security Engineer to help ensure giffgaff protects our members' data to the highest possible standard. 

Our agile engineering teams build and support a set of applications and services that combined create our unique user experience on the GiffGaff website, enable our internal teams to work in the most productive and efficient ways and to enable a whole range of awesome features via modern APIs.

As a Cyber Security Engineer, you’ll be looking after our security toolset, will be able solve complex security issues with other tech teams, protect our internal services and data as well as external.

Key Responsibilities:

  • Operating and maintaining security toolset
  • Analysing and evaluating security systems, and seek for improvements on a continuous basis
  • Researching and understanding our security gaps and weaknesses, providing ways and solutions to counter them
  • Developing security standards and practices for our DevSecOps program
  • Supporting and coaching security champions
  • Experience of influencing product teams
  • Triaging and prioritising projects comfortably in a fast-paced environment
  • Implementing necessary security controls and measures for minimising potential risks
  • Reporting and documenting in a timely manner and comprehensively


Skills, experience and attitudes:

  • Experienced with SAST and DAST –  We use static and dynamic testing to ensure that we are developing secure products
  • Experienced with code reviews – ideally with Python or Java as a lot of our code base is written in Java and we use Python for all types of scripting and automation
  • Experienced with a cloud environment and microservices – we use AWS to deploy our software, automate repetitive procedures and much more but we’re also open to experience in GCP or Azure
  • Experienced in improving security within CI/CD pipelines – this is integrating security into our software development lifecycle to ensure that we’re building, testing and deploying secure software faster and easier (DevSecOps)
  • Familiar with security frameworks and standards (NIST, OWASP top 10, ISO, etc.) – this is to ensure that we all follow the best cyber security practices and maintain the security of our web applications


If this sounds like something you'd like to learn more about then don't hesitate and apply!