Security Engineer at Pleo
This role focus solely on the security side. We are talking about both the security side of our application but also ensuring our internal IT practices won't come back and bite us (to put it mildly). We are happy to have strong individuals and teams when it comes to their domain's security side, but we feel that as we scale this alone won't be enough. What we're looking for is someone to be part of owning all of this - and to bring the overview and abstraction level when it comes to addressing the topic of security itself.
- You recognize that communication is a core part of your job as a security engineer at Pleo.
- You are eager to discuss complicated security topics with technical and non-technical colleagues.
- You are pragmatic in your approach to security - a door that no one can unlock is very secure, but it's also no longer a door.
- You agree security isn't black magic but is a matter of understanding complex systems and applying creative thinking to interesting problems.
- You love learning new things and enjoy working with problem areas you aren't an expert in (yet).
- You are honest and unafraid to state things exactly like they are - acknowledging and communicating what's broken is the first step to fixing things.
The nitty gritty skills
- You are an excellent programmer and have a strong foundation within application development. Ideally, you think of yourself as "full stack" and would be able to contribute to any area within application development (front-end, back-end, infrastructure, databases, etc.).
- A holistic understanding of everything security. You have a broad interest in information security, and bring experience from a wide selection of security related problem areas.
- Application security. Pleo is a typical client-server application, with multiple front-ends (web, iOS, Android) talking to a REST API backed by microservices. You should be familiar with:
- the usual problem areas for this kind of application.
- web app security, and probably also know a thing or two about mobile app security.
- Cloud Networking Knowledge. You understand all the "meshy" things from sidecars, microservices to service mesh and you are familiar with the cloud shared responsibility model. You're comfortable balancing the tradeoff decisions with regard to cost, security, and deployment complexity.
Your colleagues say that you
- Could easily be a hacker in your free time
- Never forget to lock your Laptop
- Often send encrypted emails
- Dropped an unattended USB-drive and wait for someone to pick it up.
Your mom says that you
- Loved to pick locks as a kid
- Force her to change her passwords every now and then
- Installed Signal on her phone
- Java or Kotlin proficiency and experience with securing applications running on JVM.
- Experience with PCI DSS, GDPR, or PSD2. Maintaining compliance for financial applications like Pleo requires living up to a variety of formal security requirements and completing audits and certifications from time to time.
We don't really care about certificates, degrees, and all that jazz. However, we won't penalize you for talking about your super relevant degree in computer science or showing off your brand new certificate. We also don't need you to have x years of experience in information security, but would of course love for you to tell us about any experience that you think is relevant for the job.
Show me the benefits
- Your own Pleo card (no more out-of-pocket spending)
- Ability to work remotely (anywhere between east coast of the Americas to European timezones)......or onsite if you want to (Copenhagen, London, Berlin, Stockholm, Madrid Montreal)
- Quarterly trips to somewhere for team camps (both company-wide ones and team-specific ones).
- The last one was in Northern Ireland last December.
- Investment in learning & developing (just check with your team for what's reasonable, we don't have set budgets)
And here are some other nice gestures that we do
- Catered lunch in our HQ and London offices when you're here
- 25 days holidays (annual)
- Loads of weird and wonderful niche communities to join in the company (we're talking guerrilla gardening, liquids tasting, the Pleo band, learning to code initiatives, beer brewing, skiing, that type of thing)
- Wild enthusiasm and encouragement from us if you want to host MeetUps, events, etc - we'll help (venue, food etc)
Working at Pleo means you're working on something very exciting: the future of work. Through fintech we've seen a way to impact how people work; we think company spending should be delegated to all employees and teams, that it should be as automated as possible, and that it should drive a culture of responsible spending. Based on some pretty amazing Series C-round investment in 2021 we think we're onto something big.
So, in a nutshell, that's Pleo. Today we are a 380+ team, from over 54 nations, sitting in our Copenhagen HQ, London, Stockholm, Berlin, Madrid, Montreal, or Lisbon offices – and quite a few full-time remotes in 22 other countries! Being HQ'd out of Copenhagen means we're inspired by sensible things like a good work-life balance. If you don't work in the office with us we'll help you get up the best remote setup possible, and will fly you in once a quarter for team camps.