hero

Left Lane Portfolio Jobs

companies
Jobs

Security Engineer (Blue AppSec)

Wayflyer

Wayflyer

Europe · Remote
Posted 6+ months ago
Locations we are currently able to hire from include Ireland, the UK, Germany, Portugal and Sweden.
About Wayflyer
Our mission is to empower eCommerce stores to unlock their full potential. Join us!
Wayflyer is revolutionising eCommerce by levelling the playing field for founders across the world. Our first product, the Merchant Cash Advance, solves a major pain point for brands: access to short-term finance to fund inventory and marketing spend.
Since launching in April 2020, we’ve deployed over $1.5bn in funding to 1,000’s of eCommerce founders across 10 countries.
We’ve helped companies like Wild, Dock & Bay and Branch take their businesses to the next level. Check out this video from Davie Fogherty, another one of our brilliant customers, giving a great explanation of what we do and how we helped The Oodie go from strength to strength.
We’re a fast-growing, venture-backed startup that serves a critical need for eCommerce entrepreneurs. You'll be joining an ambitious, collaborative team that's working on a huge opportunity.
We have a leadership position in a fast-growing and exciting market. We announced our Series B in February 2022 raising $150m in funding at $1.6bn valuation; backed by world-leading VCs including QED and DST Global.
Teams at Wayflyer are truly cross-functional. Regardless of your role at Wayflyer, you'll work with a variety of different disciplines and teams from around the world on a multitude of challenging projects and game-changing products to revolutionise the eCommerce landscape.
The Security Engineer (Blue AppSec) is part of the Security Engineering function of the Information Security department. The “Blue Team” domain focuses on establishing secure engineering practices and ensures that the practices are used throughout the organization.
Experience & Qualifications
You have a passion for security engineering and you want to share this passion with as many like-minded colleagues as possible. You have worked for 3-5 years in an Information Security team, or you have championed security within engineering teams, you are a proponent of DevSecOps and you want to deal with interesting problems.

Key Responsibilities (Blue Team)

  • Establish an Application Security champions program by working with the engineering teams to define an effective strategy for for embedding security practices into the product teams.
  • Facilitate the integration of security tools with the CI/CD pipeline making them self-service for the engineering teams.
  • Run and scale security activities in our DevSecOps lifecycle, including but not limited to threat modeling, code scanning, web app scanning, and threat detection.
  • Provide subject matter expertise on topics such as secure design, security controls, programming practices, encryption, and web security standards.
  • Lead and coordinate external penetration testing activities.

We would expect you to have experience in the following:

  • Web application security principles and have worked hands-on with the OWASP Top 10, the OWASP ASVS, and the OWASP CheatSheets.
  • Working with a Secure Development Lifecycle model (e.g. OpenSAMM, BSIMM).
  • Working with Python / Django and Javascript.
  • Working with vulnerability assessment / management tools (e.g. Tenable, Qualys, Detectify).
  • Working within the context of an Information Security framework (e.g. ISO 27001, SOC 2, PCI DSS).
  • Creating and maintaining appropriate documentation.
  • Presenting to groups in a clear, concise, and educational fashion.

When it comes to technologies, we expect you to have experience in the following:

  • Working with security in the cloud (AWS).
  • Working with Github (especially CodeQL).
  • Working with security assurance software (e.g. GitHub Advancer Security, Snyk).
  • Working with penetration testing tooling (e.g. Burp Suite, OWASP ZAP).

We would also appreciate:

  • A university degree in Computer Science, IT, Systems Engineering, or a similar field.
  • Any relevant Information Security certification, e.g GIAC GWEB, or CSSLP.
How we work
You are part of the Information Security department and you report to the Director of Information Security.
We are agile, and we use technology and tooling to facilitate our work and our communication with the rest of Wayflyer. We use Slack and Google Meet to communicate, Github to store our code, Notion to document and Jira to track our progress.
Lastly, we are pragmatic and we manage Wayflyer’s information security risks in a way that aligns our department’s risk tolerance with the organization’s without being blindly driven by compliance checklists. Our department’s motto is “Trust, but verify”.
What is important to point out is that you can do most or all of the above mentioned and can point to your real experience doing it. You’ve probably done it at companies of different shapes, sizes and industries. Given what we do, experience in financial services, fintech and business-to-business organisations is particularly interesting to us.
On top of that, you’re amazing at prioritisation. You make sure you’re not spread too thin while also giving teams the support they need. You spend your time on the things that make a positive difference. People get why you’ve chosen to say ‘yes’, ‘no’, or ‘not yet’, and are ok with it.
What you’re like as a person and how you treat people is a big deal for us. People love working with you. You’re helpful and generous with your time and knowledge. People love helping you back. People know where they stand with you.
You’re always looking to learn and grow, on a personal and professional level. And you’re always looking to help others learn and grow by sharing your own knowledge and experience.
You know why diversity, equality, inclusion and belonging matters, and speak up when we can do better.
What happens next
We’ll review and respond to every application we receive. If we’re interested in taking your application further, we will be in touch to find out more about you and what you’re looking for.
What perks and benefits do we offer?
Equity scheme
Private healthcare
Generous paid leave + public holidays
Home working equipment
Supportive parent policies
Flexible working
Offices in Dublin, London, and Sydney