Security Platform Engineer

The job overview for the Platform Security Engineer role at Attest is to plan, design, and improve infrastructure as code relating to security, while also delivering tactical improvements in the security area. The role involves developing technical solutions based on DevSecOps principles, partnering with leaders across the business to define security direction, and ensuring that security policies and practices remain relevant and impactful. The ideal candidate should have previous experience in platform security, compliance projects, and working with AWS, Kubernetes, and Linux. They should also have experience in programming for infrastructure and applying DevSecOps techniques and tools.

• Plan, design, and improve infrastructure as code (IaC) relating to security
• Deliver day to day tactical improvements, mostly for the security area
• Develop technical solutions based on DevSecOps principles to help address security issues and automate repeatable tasks
• Partner with leaders across the business to define security direction and provide security strategy and tooling advice
• Ensure that security policies and practices for cross-disciplinary teams and engineers remain relevant and impactful
• Have previous experience as a Platform Security Engineer or similar role
• Work alongside others for compliance projects such as ISO 27001 or GDPR
• Have experience working with AWS, Kubernetes, cloud networking, and Linux
• Have basic experience of programming for infrastructure using any procedural language beyond bash
• Have experience applying DevSecOps techniques and tools
• Be familiar with the main types of security tools and advise on their appropriateness
• Have experience managing security incident responses including blameless postmortems
• Be able to see big picture goals and create actionable roadmaps for security programs, technology, and business initiatives.

• Previous experience as a Platform Security Engineer or similar roles
• Experience working on compliance projects such as ISO 27001 or GDPR
• Experience with AWS, Kubernetes, cloud networking, and Linux
• Familiarity with Kubernetes manifests and Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, Pulumi, AWS CDK, or CDKTF
• Basic programming experience in procedural languages like Golang, Python, JavaScript, Ruby, or others
• Knowledge and experience in applying DevSecOps techniques and tools, including threat modeling, "shift left," static analysis, dynamic analysis, policy as code, software supply chain security, tamper-proof audit trails, etc.
• Familiarity with various security tools such as SIEM, SAST, DAST, vulnerability management, etc., both open source and commercial components
• Experience in managing security incident responses and conducting blameless postmortems
• Ability to create actionable roadmaps for security programs, technology, and business initiatives
• Strong understanding of security goals, tech environment, and business context

• Competitive salary that recognizes experience and potential
• EMI share options in the company
• 25 days (UK) paid holiday per year, increasing with years of service
• Additional 2 days off around the festive season
• Auto-enrollment in group pension plan
• Support with remote and flexible working
• £300 to set up home office
• Career growth and development budget of £20 per month
• £40 a month wellness allowance
• Access to private and confidential coaching or counseling
• 10% time to give back to the community or support favorite charity
• 10 days paid sick leave per year
• 24/7 Employee Assistance Programme
• Choice of equipment and access to great tools
• Open, inclusive, and supportive team environment
• In-person and remote working balance
• Commitment to Diversity, Equity, and Inclusion