Headquartered in London, the FinTech capital of the world, Form3 are building the most exciting banking technology company on the planet. Our mission is simple: transform payments technology to enable the global financial community to move money in real-time.
Form3 was born from the idea that moving money in real-time will be the new normal and cloud-native payments services the way forward. By combining the latest cloud-native technologies with our in-depth payments experience we find innovative solutions to problems that others would deem unsolvable. We favour open-source, prioritise best-practice and live and breathe DevOps. We advocate a positive work-life balance and offer a super flexible, remote-friendly working environment.
Our Security team is growing, and you will be reporting directly into the Head of Information Security. We use Terraform for Infrastructure-As-A-Code and have fully automated CI/CD and platform monitoring. As a Senior Security Engineer/Ethical Hacker at Form3 you’ll work closely with the Security and Platform Teams to protect our networks and perform penetration testing to keep our cloud-native platform and digital assets safe. We will cross-train in different security disciplines within the team or areas where needed!
At a high level, these are the key things that our Cloud Security Engineer/Ethical Hacker will be responsible for;
- Performing response analytics, determining root-cause and mitigation of cyber security events
- Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems
- Security configuration, hardening and risks, i.e. Linux/Unix, Mac OS, Containers, Office 365, etc.
- Creating scripts to test for vulnerabilities including penetration testing and risk assessment
- implementing technical controls and automation to meet compliance of information security frameworks
- Developing low-level tools for vulnerabilities to improve security testing and monitoring
- Performing risk assessment across the entire network
- Keep up to date on the latest security threats and vulnerabilities
- Continuous process improvement across the board
We’re looking to speak with Cloud Security Engineers/Ethical Hackers that have experience in;
- Public cloud security (we primarily run on AWS)
- Security of docker and container orchestration (Kubernetes etc.)
- Have appropriate certifications (e.g. LPT, OSCE, CEPT, GXPN)
- DevSecOps tools and processes, including automatic code analysis
- Application security best practices (OWASP top 10/SANS top 25)
- IS027001, ISAE3000/SOC2, SOC1, NIST, GPDR and PCI DSS
- Security operations, security incident response, forensic security investigations, management and remediation of identified and day zero vulnerabilities, alerts, threats and breaches
- Networking, Application and ‘Next Generation’ Firewalls, IDS/IPS, Proxies, security monitoring, FIM, WAF, DDOS, DLP, malware, antivirus and endpoint protection
- Vulnerability Management, SIEM and Threat Intelligence systems
- Various technologies and operating systems and their related security configuration, hardening and risks i.e. Linux/Unix, Mac OS, Containers, Office 365, etc.
- Cryptographic controls, secure communications, PKI, hash and encryption technologies, ciphers, including IPsec VPN, TLS and certificates
- Programming and scripting
- Screening call with Talent Team (30 minutes)
- Screening call with Head of Information Security (45-60 minutes)
- Onsite interviews with management (1 hour)
- Competitive salary
- Remote/Flexible working
- 30 days annual leave (plus Bank Holidays)
- Pension, cycle-to-work scheme and regular socials
- Continuous investment in your career and the latest technologies
At Form3 we embrace equal opportunity and are committed to building a diverse team of exceptional individuals. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status and it is our strong belief that the more inclusive we are as a business, the better our work will be.