Listing Description

We're looking for a Staff Security Engineer who will be part of the team responsible for defending mx51 users and infrastructure from cyber threats. This is a newly created role giving you the opportunity to directly enhance our preventative, detective and response capabilities. Ideally, you will be security consultant or architect that is keen to get back on the tools to make a direct impact. Alternatively, the role would also suit a seasoned incident responder who wants to step up into a role with more influence on big security control decisions. Or you might be in a role already where you are responsible for both operations and strategy. Either way, we'd love to hear from you!

We’re a bank grade scale-up which means we take security seriously and are able to get stuff done - the perfect environment for a security engineer to thrive.

A bit more detail on the role:

At mx51, you will:

• Represent the security team in SaaS platform architecture and design decisions


• Complete threat modelling for all platform components to determine prevent and detect priorities


• Map our preventative and detective capabilities to Mitre ATT&CK


• Develop proposals for enhancing our prevention and detection capabilities


• Work with our Technology Leadership Team to embed prevention and detection into our core technologies and processes


• Directly manage our security control infrastructure, with a specific focus on our AWS and K8s environment using tools such as Sysdig Secure, Cloud Conformity and Tenable


• Define and implement logging and detection policies across a sophisticated, cloud-native tech stack


• Assist with the investigation, containment and remediation of detected events - with direct access to the security software and tools you need to respond effectively 


• Define and manage the playbooks that underpin our response efforts

What we'd love to see in an applicant:

• Experience working in multiple security disciplines such as event detection, incident response, malware analysis or application security


• Proven experience of engaging with stakeholders such as Product Owners or Customers to review requirements, develop proposals and perform security assessments


• A background in designing and implementing security control strategies within AWS - bonus points for K8s experience 


• Demonstrable experience using scripting languages such as Python, PowerShell or Bash for automation purposes

Nice to haves:

• Ideally, experience of analysing log data using tools such as Splunk


• Ideally, the candidate will hold one or more security certifications such as CISSP, CEH, SANS, etc.