Security Platform Engineer

Attest is seeking a Platform Security Engineer to join their platform squad and contribute to the stability, scalability, and efficiency of Attest's platform infrastructure. The role involves planning, designing, and improving infrastructure as code relating to security, as well as delivering tactical improvements and developing technical solutions based on DevSecOps principles. The Platform Security Engineer will also collaborate with leaders across the business to define security direction and ensure compliance with security regulations. The ideal candidate will have previous experience in a similar role, familiarity with AWS and Kubernetes, and knowledge of security tools and techniques.

• Plan, design, and improve infrastructure as code (IaC) relating to security
• Deliver day to day tactical improvements, mostly for the security area
• Develop technical solutions based on DevSecOps principles to help address security issues and automate repeatable tasks
• Partner with leaders across the business to define security direction and provide security strategy and tooling advice
• Ensure that security policies and practices for cross-disciplinary teams and engineers remain relevant and impactful
• Have previous experience as a Platform Security Engineer or similar roles
• Work alongside others for compliance projects such as ISO 27001 or GDPR
• Have experience working with AWS, Kubernetes, cloud networking, and Linux
• Have basic experience of programming for infrastructure using any procedural language beyond bash
• Have experience of applying DevSecOps techniques and tools
• Be familiar with the main types of security tools and can advise on which types are most appropriate
• Have experience managing security incident responses including blameless postmortems
• Be able to see big picture goals and create actionable roadmaps for security programs, technology, and business initiatives.

• Previous experience as a Platform Security Engineer or similar roles with a focus on security and compliance projects such as ISO 27001 or GDPR
• Experience working with AWS, Kubernetes, cloud networking, and Linux
• Familiarity with Kubernetes manifests and Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, Pulumi, AWS CDK, or CDKTF
• Basic experience in programming for infrastructure using procedural languages like Golang, Python, JavaScript, Ruby, or others
• Knowledge and application of DevSecOps techniques and tools, including threat modeling, "shift left," static analysis, dynamic analysis, policy as code, software supply chain security, tamper-proof audit trails, etc.
• Familiarity with various security tools such as SIEM, SAST, DAST, vulnerability management, etc., and the ability to advise on their appropriateness based on security goals, tech environment, and business context
• Experience in managing security incident responses, including blameless postmortems
• Ability to see big picture goals and create actionable roadmaps for security programs, technology, and business initiatives

• Competitive salary that recognizes experience and potential
• EMI share options in the company
• 25 days (UK) paid holiday per year, increasing with years of service
• Additional 2 days off around the festive season
• Auto-enrollment in group pension plan
• Support with remote and flexible working
• £300 to set up home office
• Career growth and development budget of £20 per month
• £40 a month wellness allowance
• Access to private and confidential coaching or counseling
• 10% time to give back to the community or support favorite charity
• 10 days paid sick leave per year
• 24/7 Employee Assistance Programme
• Choice of equipment and access to great tools
• Open, inclusive, and supportive team environment
• In-person and remote working balance
• Commitment to diversity, equity, and inclusion