Security & Threats Lead (SecOps)

Location: London
Department: Engineering
Employment Type: Full-time

Hello, we’re Tide.

We believe SMEs have been vastly underserviced and overlooked by traditional banks. Something as simple as opening an account can take weeks, mountains of paperwork and too much time. Through a mobile-first platform, we provide modern business banking services to small-business owners, saving them time so they can get back to doing what they love.

Based in central London, Tide is backed by some of Europe’s most notable founders and investors, including Robin and Saul Klein (LocalGlobe) and Alex Chesterman (Zoopla Property Group), as well as top VCs in London and Stockholm (Anthemis, Creandum and Passion Capital).

We’re offering the right person, the opportunity to join our dynamic team to help unlock the next stage of our growth. We’re a rocket ship that’s going places – this looks a little like world domination!

Your day will look a little like this:

As a Lead SecOps Engineer at Tide (fondly referred to as a Tidean, a god like challenger of the

banking world) your role will be a blend of coaching, analysis and hands-on engineering. We are

building an environment where continuous integration, delivery and deployment is a key focus

and where everyone’s common goal is to deliver outstanding software as fast as possible whilst

having fun.

You will be responsible for:

  • Be an advocate of the cybersecurity mindset, through coaching, mentoring and training
  • Have experience of implementing commercial off the shelf tools such as Qualys, Dark Trace, Tenable, Twistlock, Splunk, SonarQube
  • Ability to create, implement, maintain and monitor security and threats frameworks
  • Influence the platform, tools and environment for security in Tide
  • Implement and evolve Tide’s security controls
  • Stay abreast of security Industry trends and emerging threats, spot the risks and liaise with Tide’s risk committee
  • Manage regular penetration tests
  • Take ownership of security incident management and analysis processes
  • Work with the DevOps team to enhance security incident detection and monitoring
  • Advise on improvements to mobile and web application security
  • Help to establish and actively participate in the Tide Security Community of Practice, sometimes taking the lead
  • You will have good persuading & listening skills

Who are we looking for?

  • At least 3 years experience as a SecOps Engineer, Cybersecurity Consultant or Security Engineer
  • Passionate about cybersecurity, penetration testing, threat modelling, defence-in-depth, and all things SecOps
  • Comfortable coaching software engineers in security best practices.
  • You’ve designed or vetted the security for large-scale applications in the cloud supporting hundreds of thousands of customers.
  • Strong experience in Application Security, with deep understanding of OWASP, Secure SDLC processes and how they relate to microservices architectures
  • Broad exposure to a range of security technologies, including WAF, DLP, IDS/IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware and vulnerability management
  • Deep knowledge of key Information Security standards (ISO 27001, OWASP, PCI DSS, SANS, NIST)
  • Ideally you will have recognised security certifications (e.g. CISSP , CCSP , CSSLP)
  • You’ve worked in high-risk environments such as financial services, health care or defence
  • Exposure to Agile principles, processes, and practices

Diversity is what makes our world interesting. Different people bring fresh new ideas, thinking and approaches, which make the way work is undertaken more effective and efficient. If you’re not into diversity, Tide may not be in the right place for you! Tide holds itself accountable against measurable diversity objectives.