Why we’re hiring for this role:

As a  Secure Application Specialist , you will work collaboratively with the entire Technology team [primarily, although this may extend to other teams and other other systems] to drive our internal information security program and cyber resilience goals.
Youll help us scale our information security program and compliance efforts by being a proactive, force multiplier across teams, especially our engineering teams who are building our various Peachy products and services. This role will focus on playing a key role in identifying security vulnerabilities as early as possible, and working with the teams to educate on these vulnerabilities and improve our coding practices to shift security as far left in the development process as possible.

How you’ll be making a difference:

• Security Architecture and Implementation
  • Design and implement security solutions for applications and infrastructure.
  • Develop and maintain security architectures for APIs and integrations.
  • Collaborate with development teams to ensure secure coding practices.
• API Security
  • Implement and enforce security measures for API endpoints.
  • Conduct regular security assessments of APIs and remediate vulnerabilities.
  • Develop automated tools and scripts to enhance API security.
• Compliance and Best Practices
  • Ensure compliance with PCI DSS standards and other regulatory requirements.
  • Conduct code reviews and security assessments to ensure compliance.
  • Assist with documenting and maintaining security policies, procedures, and standards, especially with regard to the scope of the role.
• Penetration testing
  • Regularly conduct vulnerability assessments and penetration tests across all systems.
  • Facilitate and coordinate the remediation of findings with the relevant engineering teams.
• Incident Response and Monitoring
  • Assist in the investigation and response to security incidents.
  • Implement and manage security monitoring tools such as SIEM and IDS/IPS.
  • Perform regular log analysis and threat hunting.
• Development and Automation
  • Write secure code and develop security tools and scripts.
  • Automate security processes and workflows to enhance efficiency.
  • Integrate security tools into CI/CD pipelines.
• Continuous Improvement
  • Stay updated with the latest security threats and technologies.
  • Participate in security research and development activities.
  • Provide recommendations for improving the security posture.
• Secure Coding Techniques and Best Practices
  • Assist with providing training and knowledge sharing with development team members.
  • Assist with creating guides, standards, and other content to support teams in this regard.
• Red team/Blue team exercises
• Threat intelligence monitoring & hunting

Were looking for someone who has:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 4-6 years of experience in information security engineering.
• Strong coding skills in languages such as Python, Java, or C++.
• Very good penetration testing skills, with a focus on cloud-based technologies.
• Experience with API security and secure software development practices.
• Relevant certifications such as CEH, OSCP, CREST or CSSLP.
• Proficiency in security tools such as SIEM, IDS/IPS, and firewalls, and general networking good practice.
• Strong understanding of PCI DSS standards and regulatory requirements.
• Excellent problem-solving and analytical skills.
• Ability to work collaboratively with cross-functional teams.
• A deep understanding of application security, especially within API’s and financial and/or e-commerce platforms.
• A deep understanding of various coding languages and software deployment strategies particularly within cloud environments (understanding of long-running services, containerization, micro services, etc).
• A deep understanding of Penetration Testing and vulnerability assessment techniques and how to grow and scale these techniques in automated fashion, while still maintaining the value that can only be achieved from manual testing.
• Great communication skills, both verbal and written.
• The ability to work under pressure and in a dynamic, fast-paced environment.
• A valid work authorisation to work in the region in which you are working