Listing Description

The Opportunity

We're on an impressive journey to make the world a better place for pet-parents.  We're expanding our Engineering, Product and Design ("EPD") team and looking to hire our first ever Staff Security Engineer to support our global business. We have ambitious growth goals and as such, this role will be a pivotal part of our continued success as a crucial enabler for our growth in the UK, Sweden, the US and beyond. 

As our new Staff Security Engineer, you’ll be responsible for identifying and mitigating our risk of cyber-attacks.  You'll spend your time monitoring where we might have vulnerabilities - and championing a "secure by default" approach to our product.  We're looking for someone with the right technical know-how to conduct technical assessments and threat modelling - plus share your knowledge and expertise across our squads, so we make sure our engineering environments are the very best (and most secure) that it can be.

Your Focus

• Partnering with our EPD squads to identify cyber-attack risks and define tactical and strategic mitigation plans.


• Conducting complete security lifecycle architecture and technical assessments, including but not limited to design requirements assessment, threat modeling, and risk assessment.


• Building - and championing - a standardised set of security requirements and design patterns for internal systems and product offerings.


• Maintaining SLAs by watching for new vulnerabilities, monitoring existing vulnerabilities, working on false-positives and detection logic changes.


• In partnership with Risk and Compliance, monitoring current and proposed laws across the UK, Sweden and USA - including regulations, industry standards and ethical requirements related to privacy and information security.


• Influencing our security strategy - driving global initiatives in line with our broader EPD strategy.


• Representing Bought By Many and ManyPets within the security community - sharing your knowledge related to the security of our products and services.


• Keeping up with new SaaS services, techniques and tools, migrate our infrastructure forward as these develop.


• Actively participating in company's Software Development Lifecycle (SDLC)


• Contributing to R&D through our hackathon weeks.

What Leads to Success

Here are a few of the skills we are looking for in this position. Don’t worry if you don’t tick every box as it’s important for us to support you in your role and help you to develop along the way.

• Engineering is your heart and soul. You're the sort of person who needs to know that everything is organised, optimised and humming along beautifully.


• You have the mindset of "secure by default" and you like to get things right first time around.


• You value diversity and are sensitive to different environments and cultures.


• You've got nose for problems: you have a sixth sense for issues before they happen.


• Your colleagues say you're the sort of person who likes to move fast, pragmatically seeking problems and thinking about the wider Impact to the business.


• You make changes happen by working with others.

What's Important

• Significant commercial experience working in a security focused role - ideally, you’ll have worked in Financial Services or Insurance and understand a regulated business.


• Expert level knowledge at all layers of the information security stack with hands-on security engineering experience on AWS Serverless, GCP, etc.


• Experience of designing and integrating security controls in cloud-based architectures.


• Significant experience conducting threat modeling and risk assessments of cloud services, demonstrating your ability to identify unique vulnerabilities.


• Working knowledge of the MITRE ATT&CK, NIST CSF, and CIS Critical Control frameworks


• Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC)