Senior Application Security Engineer

Whereabouts

Remote distributed (GMT+0 to GMT+3) or based in our Riga hub.

Your mission

To build on our security culture at Juro.

You will focus on using your knowledge and experience to help our product teams move faster, bringing security to the forefront of everything we do — using security best practice and processes to protect our infrastructure, applications and services, improving security in every possible way.

We are looking for an experienced AppSec Engineer, to help define, develop, operate and improve the security across the implementation and management of Juro’s application, infrastructure and backend services.

When you join our Tech Scaling team:

Day to day, you will face non-trivial tasks and problems that require creativity and critical thinking to solve. Some of the items and projects that you’ll be involved in:

• Reviewing and improving our current security policies, best practices, access and tooling and increasing their awareness across the organisation.
• Improving the use and automation of our security analysis toolset, including tools like OWASP ZAP, Sqreen and Snyk.
• Be a key contributor for our automated compliance tooling. We use Drata for automated compliance monitoring and SOC2 readiness checks.
• Manage, validate, prioritise and act on the findings from our independent security audits and Juro’s bug bounty program.
• Work with the technical teams to increase the security stance across our applications, infrastructure and services, collaborating on design and implementation.

This might be for you if

• You have previously worked as an Application Security Engineer, collaborating with engineering and business teams to improve security across the organisation.
• You have used a variety of AWS services such as EC2, S3, Route53, and Lambda in your day-to-day role and are familiar to using them to build, secure and run SaaS-oriented solutions.
• You have an in depth understanding of attack patterns and use this knowledge to help shift + left to become more secure by design, test and in the specification and operation of tooling to help identify and mitigate risk.
• You are comfortable communicating across all levels, from technical IC to Senior business stakeholders. Security can be difficult to understand, and you will help to make it easy.
• A practical understanding of data privacy.
• You have used tools like Falco to alert and act on security events.

Research shows that while men apply to jobs if they meet ~60% of criteria, women and those in traditionally underrepresented groups tend to apply only if they check all boxes.

So if you think you have what it takes but don't meet every single point above, please still get in touch. We'd love to have a chat and see if you could be a great fit.

Bonus points if:

• You have worked with network and application firewalls.
• You have used security automation tooling such as OWASP ZAP or Burp Suite to analyse application security and Scout Suite to analyse and improve application and infrastructure security.
• You have worked with other NoSQL databases: Redis, Mongoose, ElasticSearch.
• You are familiar with JS frameworks.

Your progression with Juro:

You will join us on IC3 level in our career map and, with time, grow as either an Individual Contributor (IC) or Team Lead (MN). More about this in career framework for progression at Juro. We will offer support for whichever route suits you best in your future.

Why join us

• You decide what is best.

You will have the autonomy to make decisions, define tooling and contribute to processes that lead to the best outcomes. You can propose new tools and systems for solving problems.

• No legacy technologies.

We use a modern stack including TypeScript, Node.js, MongoDB, Redis. As a bonus, you will have debugging tools such as Sentry, Loki, Grafana and a geek tool for task tracking — Linear.

• Make an impact.

We are still a small team — ca. 5 engineers per workstream. As a result, your impact on what we build will be significant: you will see the results of your work not in months, but weeks.

• Code review to help you grow.

Our PR’s are rigorous, but that’s because we believe in them as an opportunity to keep improving and for wider knowledge transfer. Of course, where appropriate, we will also pair or mob to get the best results.

• Join the best London startup to work for in 2022.

We're immensely proud of being voted #1 of the top 50 London startups to work for in 2022. This is the result of hard work, to show not tell, and make Juro the best place to work for. This spans from setting concrete steps to become a truly diverse, inclusive workplace, to investing in a culture of growth, to offering flexibility to everyone and more.

For 2022, we plan on expanding on all of these areas — what benefits we offer, how we give and receive feedback and how we foster a genuine sense of belonging for all Jurors to bring their full and best selves to work.

Our values

#BeMoreHuman:

Mentoring: You use your technical expertise to teach / guide others patiently.

#TrustAndDeliver:

Autonomy: You are empowered to find the right solutions to our customers needs. You are comfortable working independently, but also work well and trust others in your team and the teams around you.

#LoveTheDetails:

Caring: You take responsibility for what you build because you care. You proactively seek / give feedback to suggest improvements.

#KeepItSimple:

Focus on results: You deliver the tasks and projects that you promise, and you don't invent new solutions if an appropriate one already exists.

Interviews

3 stages totalling around 3 hours over 2 weeks.

The salary is paid in euros, and you will need a European / Georgian / Armenian bank account to receive it.