Senior Information Security Engineer
Software Engineering, IT
Posted on Wednesday, April 19, 2023
Hello there. We’re Zopa.
We started our journey back in 2005, building the first ever peer-to-peer lending company. Fast forward to 2020 and we launched Zopa Bank. A bank that listens to what our customers don’t like about finance and does the opposite. We’re redefining what it feels like to work in finance. Our vision for a new era of banking puts people front and centre — we’ve built a business that empowers everyone to aim high, every day, to move finance forward. Find out more about our fantastic offerings at Zopa.com!
We’re incredibly proud of our achievements and none of it would be possible without the amazing team here. It’s not just industry awards we’re winning, we’ve also been named in the top three UK’s Most Loved Workplaces.
If you embrace unconventional challenges, are unafraid to think differently and are driven to make an outsized impact, you’ll thrive here at Zopa, so join us, and make it count. Want to see us in action? Follow us on Instagram @zopalife
We are searching for a skilled and hands on security enthusiast to become a part of Zopa's Information Security team as a Senior Security Engineer. This role will be working directly with the DivideBuy line of business, acquired by Zopa in February 2023.
You will play a crucial part in implementing and maintaining PCI DSS compliance, spearheading security initiatives and improvements throughout our organisation and supporting our security operations centre (SOC) team as a line of business SME. You'll be working closely with infrastructure, software engineering, and product focused business units to improve our security posture for new and existing products and ways of working. Out of office hours on-call may be required as a point of escalation as a line of business SME to ensure issues are attended to swiftly.
- Implement and maintain security controls in compliance with PCI DSS requirements
- Assist with the implementation of security measures (alongside the wider team) such as; EDR, WAF, SIEM and data loss prevention tools
- Provide guidance, recommendations and hands-on support to business stakeholders, such as engineers and architects, on topics such as technical security best practices, incident response and security awareness training
- Act as a PCI SME, supporting the wider InfoSec team and business on PCI best practices from both an architectural and operational perspective
- Assist in the development of new SOC capabilities, such as new data sources and alert types
- Produce regular reports on operational security status and maintain documentation
- Stay updated with the latest industry trends, threats, and security technologies to ensure the company's services are current and effective
- Strong prior experience in implementing and maintaining compliance with PCI DSS
- Previous experience supporting with and/or leading security incident response activities
- Be a resilient and highly motivated self-starter, with demonstrable robust judgement, decision making and creative problem-solving ability
- Be able to understand and assess the security elements of technical designs/solutions and have a proven ability to constructively challenge to deliver better business and security outcomes
- Have the ability to communicate complex risks/issues to technical and non-technical stakeholders to influence critical business decisions
Nice to have:
- Experience of the risks faced by financial services and credit card businesses
- Experience with Linux containers, Kubernetes and Prisma Cloud
- Experience leading on, or partaking in, certification programs such as ISO 27001 or Cyber Essentials Plus
Flexible working? Yes please!
At Zopa we value flexible ways of working. We understand the benefits of face-to-face collaboration and the importance of a good work life balance. Our teams work in a hybrid manner from our open-plan, riverside London Bridge office and the comfort of their own homes at a frequency that suits the team and the work they do.
Not only that – you'll also have the option of working from abroad for up to 120 days a year!* But no matter where you are, we’ll make sure you’ve got everything you need to thrive, both in your work and home life, from day one.
*Subject to having the right to work in the country of choice
Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to better products for our customers and a unique company culture for our people. We are made up of nearly 50 nationalities, have a DE&I forum made up of Zopians wanting to make a difference and we are proud of our culture where everyone can bring their full self to work. Our approach to DE&I is reflected in our hiring process so please let us know if you require any reasonable adjustments.