Who are we?
Hi! We are Ravelin! We're a fraud detection company using advanced machine learning and network analysis technology to solve big problems. Our goal is to make online transactions safer and help our clients feel confident serving their customers.
And we have fun in the meantime! We are a friendly bunch and pride ourselves in having a strong culture and adhering to our values of empathy, ambition, unity and integrity. We really value work/life balance and we embrace a flat hierarchy structure company-wide. Join us and you'll learn fast about cutting-edge tech and work with some of the brightest and nicest people around.
If this sounds like your cup of tea, we would love to hear from you! For more information check out our blog to see if you would like to help us prevent crime and protect the world's biggest online businesses.Role
Our data is a crucial part to our success and of great importance to our clients, our partners and to our team. This is why we are currently looking for someone to help evolve the security function as Ravelin grows. As part of the security team, you will be working closely with product and operations to build security into applications and support processes.
To be successful in this role, you have to be a practical and pragmatic person with security sensibility who knows the difference between implementing an ineffective policy, and something difficult that is worth the additional friction. You need to be able to architect, design and implement reliable, repeatable implementations of security tools and services.Responsibilities
- Identifying and managing security risks across our organisation
- Working with product teams on the design of their services
- Evolving our policies, standards and procedures
- Ensuring that our staff understand and live security
- Developing tooling to help support the goals of the security team
- Be responsible for driving security improvement from design through delivery and into operations.
- Take the lead on finding technical solutions - drawing on your previous knowledge, self-learning and formal training.
- Be responsible for helping to implement, maintain and administer security toolsets used in the software development process.
- Be expected to approve security-based change requests.
- Helping to embed security in the development and operational lifecycle, and showing continued security value by presenting risk from the customer and business perspective
- Perform threat modelling exercises for critical changes
- Ensuring teams have what they need to deliver secure code and applications including the skills, tools and training
- Static and dynamic security testing including code review and manual penetration testing
Nice to haves
- Experience working in a cloud-native organisation
- Documentation of controls, standards and procedures
- Knowledge of at least one programming language
- Knowledge about privacy/data protection
- Relevant certification e.g. CISSP, CRISC, CISM
- Experience in scaling security with automation e.g. including tooling in pipelines instead of manual remediation (guardrails, not gatekeeper)
- Excellent skills in penetration testing of web or mobile applications
- Solid and demonstrable comprehension of cyber and information security including secure coding, security in the SDLC, hacking techniques and the evolving threat landscape
- Experience or working knowledge of a variety of SAST, DAST and SCA security tools
- Experience with web application firewalls
- Working knowledge of infrastructure security scanning software
- Working knowledge of secure development practices such as OWASP and BSIMM
- Knowledge of current information security standards and regulations such as PCI DSS, ISO27000 or ISO27001 series, and GDPR
- Experience with MacOS and Linux OSs
- Experience with Golang and Python
- Experience with Docker containerisation and Kubernetes security
- Competitive salary & equity package
- A minimum of 25 days annual leave + bank holidays
- Flexible working hours
- Individual learning and development allowance of £1,000/year
- Remote volunteer opportunities and monthly company charity donations
- Fortnightly team lunches with different people from across the company (currently via video chat!)
- Virtual quarterly company socials
- Cycle-to-Work and childcare schemes
- Virtual yoga twice per week as well as weekly board game and movie nights