Application Security Engineer
Trade Ledger exists to create a world where every business gets the capital it needs to thrive. Through the use of smart technology and new digital datasets we have created a credit orchestration platform so lenders can embed, launch and scale next-gen working capital products - quickly to a much wider audience.
We specialise in making complex working capital products — Invoice Finance, Asset-Based-Lending, and Receivables Finance — simple, intuitive, and sustainable. From origination to in-life management, our ‘out-of-the-box’ designs help lenders launch new digital products in as little as 90-days.
You will be responsible for making sure that security is embedded in each phase of our Software Development LifeCycle (Secure SDLC) and promoting a DevSecOps culture through TradeLedger. As a member of the DevSecOps team, you will be working closely with the Infrastructure Team, the Risk & Compliance function, and the Developers to analyse and implement mitigations to security findings.
- “Shift left” - Preventing security bugs from being deployed to Production. Assessing potential threats during the software design phase and determining mitigations aimed at reducing the threats in the early stages of the development lifecycle
- Designing and implementing an agile and structured threat modelling approach to defend our applications from attacks
- Setting up testing and monitoring to build out our threat detection capability
- Advise developers and champion initiatives on best code security practices and standards
- Design, implement, and improve authentication and authorization mechanisms.
- Performing periodic security assessments and assisting with ad-hoc security investigations
- Writing technical documentation
Your Knowledge and Experience
- Thorough understanding of attacks, threats, vulnerabilities, risks, and countermeasures frameworks (e.g. STRIDE, DREAD, PASTA, D3FEND, ATT&CK, OWASP, CIS benchmarks)
- Hands-on experience of implementing and running Static Application Security Testing (SAST), Dynamic AppSec testing (DAST), and Software Composition Analysis (SCA)
- Hands-on experience of logging, monitoring, triaging, and alerting solutions (SIEM)
- Offensive Security (ethical hacking, pentest, bug bounties) and/or Defensive Security (Blue Team, SOC) experience is a plus
- Working knowledge of implementing ISO27001 technical controls in an agile environment
- You are a developer who loves security bugs
- Able to articulate security risks pragmatically to both technical and non-technical stakeholders
- Attacker mindset, a natural lateral thinker with a creative problem solving approach
- Critical in assessing the effectiveness of security architecture designs and implementation
- Able to manage competing deadlines and prioritise responsibilities
- You have an incredible appetite to learn
Trade Ledger promotes a diverse, flexible and open team culture. We actively invest in continuous professional development because we know that our people are the creators of our success.
Our interview process and panels are designed to ensure we do not discriminate against race, age, gender, sexual identity or preference or religion.