Lead Security Engineer
At RVU, we have the best of both worlds: the excitement of a start-up and the strength of well-established, trusted household names.
- Uswitch is the UK’s top comparison website for home services switching helping consumers save money on their gas, electricity, broadband, TV and phone.
- Money is one of the UK’s leading comparison websites for financial services. Consumers can compare loans, credit cards, bank accounts and insurance from more than 600 providers.
- Bankrate and saveonenergy.com (launched in 2018 and 2019 respectively) are fast establishing themselves as innovative, consumer-centric websites that will help propel our future growth.
Together, we are RVU. Together, we have the power to reach consumers across the UK, and the technology to give them a world class online experience.
The data we hold is important - to our customers, to our partners and to our team. We want to make sure we’re doing our best to treat that information with the respect it deserves.
We need you to help us do this. The security team needs someone to help evolve the security programme as our business grows. We are looking for someone who's blood bleeds blue. Someone from a background of working with product teams, who wants to grow into a broader security role.
We find better answers, not obvious ones. Our goal is to keep RVU moving forward as we explore new opportunities, in a safe, secure and agile way.
What you will work on
- Identifying and managing security risks across our organisation
- Working with product teams on the design of their services
- Evolving our policies, standards and procedures
- Ensuring that our staff understand and live security
- Developing tooling to help support the goals of the security team
Some recent projects:
- Common controls framework: an abstraction that covers controls for self-identified risks along side those required by regulations and contracts
- Ontology: a service that ingests data from various cloud services to build an asset inventory graph
- authnz-http-proxy: a proxy that uses OIDC and OPA to provide a standard for authentication and authorization
What we’re looking for in you
- A background doing application security
- An appreciation of how security can enable businesses
- Experience working in a cloud-native organisation
- Documentation of controls, standards and procedures
- Experience working with or inside of an agile product engineering team
- Knowledge of at least one programming language
- Ability to work with people across the organisation, tailoring your message to the audience
Things that might set you apart
- Taken a business through a ISO 27000 series or PCI DSS audit
- Experience with Golang and Python
- Knowledge about privacy/data protection
- Relevant certification e.g. CISSP, CRISC, CISM
We want to give you a great work environment; contribute back to both your personal and professional development; and give you great benefits to make your time at RVU even more enjoyable. Some of these benefits include:
- A competitive salary and bonus package
- Employer matching pension up to 7.5%
- Excellent maternity, paternity and adoption leave policy, for those key moments in your life
- Health insurance
- A healthy learning and training budget, as well as the chance to go to conferences around the world every year
- In office gym and pilates + yoga classes
- Free breakfast, healthy snacks, coffee and soft drinks