Reviewing web/mobile applications, source code, operating systems, and network security architectures; finding vulnerabilities and defining effective strategies for remediation and hardening.
Identifying gaps in controls and vulnerabilities in our Cloud infrastructure with containerised environments and GitOps deployment pipelines.
Ability to think critically and identify areas of technical and non-technical risk.
Research and develop tools, techniques and exploits specific to Tide.
Help with the triaging and perform validations of external security submissions whenever required.
Communicate effectively findings and remediation actions with both technical and non-technical teams.
Coaching engineers across both Security and broader technical teams in the principles and practices of offensive security.
Partner with internal security and engineering teams on collaborative engagements that uncover vulnerability and detection opportunities across systems.
Identify weaknesses in product security controls - including vulnerabilities, misconfigurations, and gaps in processes and procedures
Work with the Tide engineering teams to plan and scope internal/external pen-testing.
Bring your red team hat to support Incident Response
WHAT WE ARE LOOKING FOR:
First and foremost you will be passionate about security and secure application design. You will love helping engineers create more secure web and mobile applications.
You will be comfortable explaining security issues and concerns to product owners, engineers, area VPs and executives and love the feeling you get when this results in them releasing a more resilient product.
You have experience working within the Fintech or tech sector.
You have worked within a fast-scaling business.
You have experience in attack simulation and vulnerability research.
You are comfortable with writing tooling in Python, Java, go etc.
You have strong Experience in performing security assessments on the following: