Security Engineer (AppSec) - Wayflyer Remote (Europe) Bookmark Share Print 190 0 0

Listing Description

What does Wayflyer do?
Wayflyer’s mission is to revolutionise the eCommerce space by supercharging online businesses and their founders across the world. We provide MCAs (Merchant Cash Advances) to eCommerce businesses to allow them to pay for inventory and marketing for a low-cost flat fee, which they repay to us through revenue-based financing. We also use data to provide founders with insights which empower them to make decisions that will help them acquire new customers, scale and unlock their store's full potential.

We’ve helped companies like Wild, Dock & Bay and Branch take their businesses to the next level. Check out this video from Davie Fogherty, another one of our brilliant customers, giving a great explanation of what we do and how we helped The Oodie go from strength to strength.

Why Wayflyer?
Since launching in April 2020, we’ve deployed over $550m in funding across 8 countries to 1000+ eCommerce founders. In 2021 alone, the amount of funding we deployed to customers grew by 900%.

We announced our Series B in February 2022 raising $150m in funding at $1.6bn valuation; backed by world-leading VCs including Left Lane Capital and DST Global. This valuation helped us reach unicorn status making us one of only 6 in Ireland. In May 2022, we secured a $300m credit facility from J.P. Morgan. And in August, we locked in a $253million debt financing facility from Credit Suisse.

'The early team you build is the company you build'. We’re still in our early days so you'll play an integral part in defining the culture at Wayflyer.

Careers at Wayflyer are truly cross functional. Regardless of your role at Wayflyer, you'll work with a variety of different disciplines and teams from around the world on a multitude of challenging projects and game-changing products to revolutionise the eCommerce landscape.

The Security Engineer (AppSec) is part of the Security Engineering function of the Information Security department and the function is split into 2 main domains.

The “Blue team” domain focuses on establishing secure engineering practices and ensures that the practices are used throughout the organization.

The “Red team” domain focuses on internal quality control and ensures that the Wayflyer products are tested and vetted before becoming available to our Wayflyer colleagues, partners and interested parties.

Key responsibilities (Blue Team)
  • Establish an Application Security champions program by working with the engineering teams to define an effective strategy for for embedding security practices into the product teams.
  • Use and integrate the security tools we acquire, making them self-service for the engineering teams.
  • Inspire a security culture through education and awareness campaigns targeting the engineering teams.
  • Run and scale security activities in our DevSecOps lifecycle, including but not limited to threat modeling, code scanning, web app scanning, and threat detection.
  • Provide subject matter expertise on topics such as secure design, security controls, programming practices, encryption, web security standards.

  • Key responsibilities (Red Team)
  • Partner with the engineering teams to assess the security of our product, performing architectural and code reviews, threat assessments, and security testing.
  • Design and execute internal penetration testing activities targeting applications, infrastructure, endpoints, or even physical locations.
  • Lead and coordinate external penetration testing activities.
  • Lead exposure assessments when vulnerabilities are discovered.

  • Experience & Qualifications
  • You have a passion for security engineering and you want to share this passion with as many like-minded colleagues as possible. You have worked for 2-3 years in an Information Security team, or you have championed security within engineering teams, you a proponent of DevSecOps and you want to deal with interesting problems.

  • We would expect you to have experience in:
  • Web application security principles and have worked hands-on with the OWASP Top 10, the OWASP ASVS or the CWE Top 25.
  • Working with a Secure Development Lifecycle model (e.g. OpenSAMM, BSIMM).
  • Working with Python / Django and Javascript.
  • Working with security in the cloud (AWS).
  • Working with Github (especially CodeQL).
  • Working with security assurance software (e.g. Github Advancer Security)
  • Working with vulnerability assessment / management tools.
  • Working within the context of an Information Security framework (e.g. ISO 27001, SOC 2, PCI DSS).
  • Creating and maintaining appropriate documentation.
  • Presenting to groups in a clear, concise and education fashion.
  • We would also appreciate:
  • A university degree in Computer Science, IT, Systems Engineering, or a similar field.
  • Any relevant Information Security certification, e.g AWS Certified Security, GIAC GWEB, GIAC GSA, or CSSLP. If you are interested in joining the Blue Team, then a OSCP certification would go a long way.

  • What perks and benefits do we offer?
  • Equity scheme
  • Private healthcare
  • 25 days leave + public holidays
  • 26 weeks paid leave for primary caregiver and 12 weeks paid leave for secondary caregiver
  • 5% pension contribution
  • Free access to Bippit, a financial planning platform
  • Udemy for Business
  • Fully remote (EU) working
  • Offices in Dublin, London, Atlanta and Sydney
  • How we work
    You are part of the Information Security department and you report to the Director of Information Security. We are a team of 6 people and each one of us has their area of expertise but we also support each other to ensure that we achieve our department’s and Wayflyer’s goals.

    We are agile, and we use technology and tooling to facilitate our work and our communication with the rest of Wayflyer. We use Slack and Google Meet to communicate, Github to store our code, Notion to document and Jira to track our progress.

    Lastly, we are pragmatic and we manage Wayflyer’s information security risks in a way that aligns our department’s risk tolerance with the organization’s without being blindly driven by compliance checklists. Our department’s motto is “Trust, but verify”


    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided



    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765