Senior Application Security Engineer

ABOUT TIDEAt Tide we are building a finance platform designed to save small businesses time and money We provide our members with business accounts and related banking services but also a comprehensive set of connected administrative solutions from invoicing to accounting Launched in 2017 Tide is now used by over 1 million small businesses across the world and is available to UK Indian and German SMEs Headquartered in central London with offices in Sofia Hyderabad Delhi Berlin and Belgrade Tide employs over 2000 employees Tide is rapidly growing expanding into new markets and always looking for passionate and driven people Join us in our mission to empower small businesses and help them save time and money ABOUT THE TEAM The Tide Security Engineering team is made up of three core areas Product Security Threat Detection Response and Identity Product Security this role consists of application and cloud security experts Their mission is to protect the products we build covering everything from secure design reviews to threat modelling and penetration testing ensuring security is embedded from the ground up Threat Detection Response focuses on protecting the company by building a robust detection and automation platform We re proactive in our defence constantly hacking ourselves to improve our security posture and staying ahead of emerging threats Our goal is to make Tide resilient against the ever-evolving threat landscape Identity is responsible for managing Tide s staff identity platform ensuring that access to systems and infrastructure is secure seamless and aligned with modern security practices The team uses strategies like zero trust multi-factor authentication and granular role-based access controls to safeguard our internal operations While each area has its own focus collaboration is key - it s why we share the same Slack channel and hold our standups together as one cohesive team ensuring alignment and seamless communication across all security functions ABOUT THE ROLE First and foremost you will be passionate about security and resilient software development processes You will enjoy hunting for vulnerabilities in our web and mobile applications and working with our engineering teams to remediate them strategically You will be comfortable explaining security issues and concerns to product owners engineers VPs and executives and love the feeling you get when this results in them releasing a more resilient product You will be a keen follower of all things Infosec and constantly be on the lookout for ways to apply new industry trends tools and automations to your day-to-day role As a Senior Product Security Engineer you ll Regularly dive deep into mobile web app technologies in order to understand feature development and proactively hunt for vulnerabilities Be proficient in securing cloud-native applications ensuring that security best practices are applied consistently across our cloud environment Be proficient in threat modelling and guide developers in secure design principles to prevent vulnerabilities from being introduced in the first place Help remediate vulnerabilities through strategic initiatives writing patches or creating understandable and actionable vulnerability tickets Be the subject matter expert across a wide range of security areas particularly in Application Security Make security invisible when possible believing that gatekeeping and blocking product teams should be avoided in favour of enabling secure development Mentor and coach junior engineers sharing your knowledge to help raise the security bar across the organisation Leverage automation and security tools to seamlessly integrate security into our CI CD pipelines ensuring vulnerabilities are caught early without disrupting development WHAT WE ARE LOOKING FOR You have a breadth and depth of knowledge across AppSec you re expected to understand topics like why private keys should be stored in the Secure Enclave the differences between URL Schemes and Universal Links what presigned URLs are in the context of S3 and the safest storage mechanisms for modern browsers You know Burp Suite or your favourite attack proxy inside and out bonus points if you ve written or contributed to an extension that enhances its functionality You have excellent spoken and written communication skills to articulate vulnerabilities clearly and persuasively advocating for their remediation even when faced with competing production pressures As a passionate senior security engineer you have a blog public speaking engagements bug bounty profile or a Git repository showcasing your work You re comfortable writing proof-of-concept POC scripts to demonstrate your findings and their potential impact as needed You have hands-on experience with securing cloud-native applications ensuring that best practices are consistently applied WHAT YOU LL GET IN RETURN Competitive salary Self Family Health Insurance Term Life Insurance OPD Benefits Mental wellbeing through Plumm Learning Development Budget WFH Setup allowance 15 days of Privilege leaves 12 days of Casual leaves 12 days of Sick leaves 3 paid days off for volunteering or L D activities Stock Options TIDEAN WAYS OF WORKING At Tide we champion a flexible workplace model that supports both in-person and remote work to cater to the specific needs of our different teams While remote work is supported we believe in the power of face-to-face interactions to foster team spirit and collaboration Our offices are designed as hubs for innovation and team-building where we encourage regular in-person gatherings to foster a strong sense of community LI-NN1TIDE IS A PLACE FOR EVERYONEAt Tide we believe that we can only succeed if we let our differences enrich our culture Our Tideans come from a variety of backgrounds and experience levels We consider everyone irrespective of their ethnicity religion sexual orientation gender identity family or parental status national origin veteran neurodiversity or differently-abled status We celebrate diversity in our workforce as a cornerstone of our success Our commitment to a broad spectrum of ideas and backgrounds is what enables us to build products that resonate with our members diverse needs and lives We are One Team and foster a transparent and inclusive environment where everyone s voice is heard At Tide we thrive on diversity embracing various backgrounds and experiences We welcome all individuals regardless of ethnicity religion sexual orientation gender identity or disability Our inclusive culture is key to our success helping us build products that meet our members diverse needs We are One Team committed to transparency and ensuring everyone s voice is heard You personal data will be processed by Tide for recruitment purposes and in accordance with