Thought Machine

Application Security Engineer

1 month agoLondon, United Kingdom


Thought Machine is solving one of the biggest problems in banking - modernising core systems. Since launching in 2014, our mission has been to liberate banks from outdated, legacy technology which stifles their ability to innovate. Thought Machine's product, Vault, is a cloud native, core banking engine built to run any type of bank - from established Tier 1 banks to new challenger banks. To move closer to achieving our mission, we are looking for highly talented individuals to join the fast growing team. With a founding team drawn from Google, we have a deep culture of engineering excellence and we believe our product focus and pursuit of excellence will engender a seismic shift in the banking industry. Thought Machine was ranked as the most desirable London fintech to work at by Sifted when comparing employee reviews on Glassdoor. AltFi also named us one of the best European Fintechs to work in 2021. We have been awarded the Fintech 50 award by FintechCity and recently named in IDC's Top 100 Fintech companies. We pride ourselves on having an excellent internal culture, where we consider cultural fit as important as technical fit when we make new hires. At Thought Machine, we strive hard to create a fast-paced, supportive and fun working environment to enable the team to produce the best technical work in the industry. This position plays a key role in ensuring Thought Machine teams are taking all required steps in building a secure product set. You will play a major and leading role in protecting Thought Machine product against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. A large part of Thought Machine product security function is a greenfield challenge, we are building the bank of tomorrow with cutting edge web technology, no best-practice/of the shelve security frameworks or tools can solve our security challenge. We are building the best security to enable engineering and impress financial service auditors. Key qualities of the ideal candidate would have experience in OWASP top 10 vulns, DevSecOps, data privacy protection, passion to mentor and enable devs, creativity, autonomy, ability to work and complete multiple projects simultaneously. DUTIES Drive improvements to Thought Machines product security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence. Produce production web scale grade application security design. Review and produce data privacy and financial regulatory functional and nonfunctional designs. Perform design reviews and Threat modelling of Thought Machine services and products. Perform vulnerability assessments and security testing. Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle. Liaison with development teams for design, code reviews & education. To contribute to security strategy, security tooling selection and creation. Conduct regular security assessments and code reviews.

Job ID: Thought-868330CA9B

Perks and Benefits

  • Financial And Retirement
    • 401(k) with company matching
    • company equity
  • Health And Wellness
    • health insurance
    • dental insurance
    • vision insurance
    • life insurance
    • short-term disability
  • Office Life And Perks
    • flexible work hours
    • casual dress
    • snacks
    • some meals provided
    • diversity and inclusion program
  • Professional Development
    • access to online courses
    • lunch and learns
  • Vacation And Time Off
    • paid vacation
    • personal/sick days
    • maternity leave
    • paternity leave