Software Security Engineer

Software Security Engineer

Department: Tech - Security

Employment Type: Permanent - Full Time

Location: Oxford, UK

Description

Are you ready to raise the bar on cyber security and contribute to making our flagship products cyber resilient?

We are looking for a Security Engineer to join our Information Security team at our inclusive and beautiful Oxford headquarters. You will be working across software engineering, modelling, and data science bringing your full self, including your security knowledge and expertise to the business.

As a Security Engineer at Aurora Energy Research, you will enable our colleagues to improve our secure software development lifecycle, ensure secure operational practices, and support compliance. You have a curious mindset, thrive in collaboration, and are passionate about new technology. You are solution oriented and focus on getting smart ideas into the hands of your colleagues. You enjoy working simultaneously on various initiatives and moving between teams.

You will become part of a top-notch information security team who love solving difficult problems. By joining our Information Security team, you will be part of something big and meaningful: help protect our brand and our company so that we can continue to provide vital support to the global energy transformation.

Key Responsibilities

1. Cultivate security culture. Work with product and engineering colleagues, be the security champion that strives to prioritize sustainable controls and drives real risk reduction outcomes.
2. Build secure products. Ensure security is considered throughout the product and software development life cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
3. Ensure we are deploying solutions into a secure environment. Ensure we build solutions in alignment with our control requirements. Support on-going business-as-usual and champion vulnerability management. Provide internal security consultancy and lead on audit engagements, risk activities and project initiatives. Work closely with colleagues to ensure effective technology risk management.
4. Work together. Collaborate and work with product and engineering teams. Help to solve problems and not just calling out issues. Take ownership of operational duties. Operate across the business to create alignment with security objectives.
5. Ensure security thought leadership. Keep up on security best practice and be a continuous learner. Guide and define our security policies, procedures, and standards end-to-end, be recognized as a point of escalation and subject matter expert for software and data risk.

What we are looking for

Required qualifications, capabilities, and skills:

1. Degree in a computer science related subject or comparable working experience related to the role.
2. Working knowledge of best-practices for securing micro-service architectures.
3. Working knowledge of modern secure SDLC practices with a focus on embedding security into CI/CD pipelines.
4. Working experience of the above concepts in the context of at least one major public cloud provider (AWS, GCP, or Azure).
5. Understanding of global security standards (like SOC2 or ISO 27001) and regulatory requirements and experience in maintaining compliance with these.
6. A desire to teach others and share knowledge. We want you to coach other team members on secure coding practices, design principles, and implementation patterns.
7. Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly.
8. Ability to see the long term. We don't want you to sacrifice the future for the present.
9. Clarity of thought. We operate quickly and efficiently, and we value people who are economical with their time and clear with their opinions.

Desirable qualifications, capabilities, and skills:

1. Experience in a software engineering role, ideally with focus on security.
2. Working knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS).
3. Understanding of security vulnerabilities and remediation options in codebases & containers.
4. Working knowledge of methods for authentication and authorization (ODIC, OAuth 2, FIDO 2, etc).

What we offer

Some of the benefits we include are:

1. Private Medical Insurance
2. Dental Insurance
3. Parental Support
4. Salary-Exchange Pension
5. Employee Assistance Programme (EAP)
6. Local Oxford Discounts
7. Cycle-to-work Scheme
8. Flu Jabs

At Aurora we will consider all requests for flexible working. For most roles, the following types of flexibility are usually possible: a hybrid model of remote and in-office working and flexible start and finish times. Please talk to us during the interview about the flexibility we could offer and we will be happy to explore the best available option for you.

The Company is committed to the principle that no employee or job applicant shall receive unfavourable treatment on grounds of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage or civil partnership, pregnancy and maternity.

The successful candidate would start as soon as possible. The team will review applications as they are received. Salary will be competitive with experience.

To apply, please submit your Résumé / CV, a personal summary, your salary expectations and please inform us of your notice period.