Security Engineer

At Deputy, we empower businesses to build thriving workplaces - ones where staff are engaged, customers are served well, businesses are legally compliant, and companies’ profits thrive. Our reach extends across 70+ countries worldwide, serving more than 320,000 workplaces.

Deputy is a global SaaS workforce management company headquartered in Sydney, San Francisco, and London, backed by top investors and recently surpassed 100m ARR. We've helped millions of workers across industries and aim to empower 60% of the global workforce.If you're passionate about i mproving the world of work, one shift a time, join us at Deputy and help shape the future of hourly employment!

You do not need to match every listed expectation to apply for this position. Here at Deputy, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.

The Role

The role encompasses several security domains covering application security, cloud & infrastructure security, security orchestration, security assurance, corporate security and incident response. Our Security Engineer is familiar with two or more of these security domains and has knowledge of other domains at a high-level.

The Team

The Deputy Trust team is responsible for ensuring that the Deputy platform lives up to the high expectations of the millions of people using it every day. We work to continually minimise risk while ensuring that customers and employees have an excellent experience. All team members have an opportunity to help build and maintain a strong and healthy team culture where collaboration and camaraderie are encouraged. We also support and encourage Diversity and Inclusion and welcome a broad variety of perspectives and experiences into all our roles.

You

You may currently be in a security engineering or operations role and are passionate about automation and designing secure products and solutions. You might have an IT/systems administration background and are keen to specialise in security, or you might have experience in at least two of the listed domains looking to explore multiple facets of an end-to-end security program.

Responsibilities

• Ownership and delivery of identifying, testing, mitigating, and/or responding to security issues/incidents is required for this role.
• Own and deliver projects to meet monthly, quarterly or yearly roadmap objectives.
• Define security solutions and collaborate with the team to select the best approach.
• Identify and implement necessary short and long-term risk-reduction measures
• Implement controls to address vulnerabilities in our applications.
• Assist with penetration testing exercises
• Triage bug bounty submissions
• Perform code reviews for security remedial work and fix code-based vulnerabilities
• Participate in discussions regarding web/mobile application vulnerability remediation
  
  

Skills & Experience

• You have experience in information security fundamentals, have been working in the industry for 2+ years, and are looking to use your skills and expertise to build and influence a new security practice.
• You are highly effective at collaborating with other areas of the business and leading with influence rather than relying on authority.
• You have strong presentation and written documentation skills, working together requires telling a story everyone can understand.
• You are comfortable with taking on a “builder” mindset, you are ready to learn, aren’t afraid to ask questions and execute with a high agency.
• Understanding of cloud security best practices (we use AWS), their tools around security, risk mitigation, etc.
• Experience with distributed web-based applications services (we use PHP, Go & JS) and their security posture, risk, etc.
• Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, GitLab, Jenkins, etc).
• Secure SDLC (Software Development Life Cycle), DAST (Dynamic Application Security Testing), and SAST (Static Application Security Testing) experience.
• Experience in web application penetration testing, secure coding and source code analysis.
• Experience with Bug Bounty programs
  
  

Employee Perks

• Share Options
• Paternity/Maternity Leave Policies
• Flexible Work Policy
• Company wide Development & Coaching
• Hackathons
• Awards - "Your Time to Shine & Celebrate Success"
• Social Events & variety of social clubs (Books, LGBT, Games, Sports)
• Mental Health Support
• Munch & Learns
  
  

Deputy believes in equal opportunity and that inclusiveness and diversity promotes innovation. Our global team members are from a variety of cultures. And we welcome different perspective and skills.