Descrizione del lavoro:
It's true, people in startups tend to wear many hats. However, with great growth comes great responsibility and it's sometimes for the best if people lose some of the hats they wear.
Meet Nicco for example, our co-founder and CTO. Less than a year ago, Nicco was also our IT manager but to his delight we now have an IT-team. Nevertheless, he still essentially acts as our CSO and considering our recent and projected growth we believe that this is the right time to invest more in our overall IT Security, unless we want to turn him into a CPO as well (in this case P would stand for paranoia). Well, this is where you (hopefully) come in!
This will be a new role at (COMPANY NAME), solely focusing on the security side. We are talking about both the security side of our application but also ensuring our internal IT practices won't come back and bite us (to put it mildly). We are happy to have strong individual and teams when it comes to their domain's security side but we feel that as we scale this alone won't be enough. What we're looking for is someone to own all of this - and to bring the overview and abstraction level when it comes to addressing the topic of security itself.
To be more specific, the data our customers trust us with is one of our biggest assets, and also contains some inherent risks. We expect that you'd understand this and will help us organize around data management's best practices. Moreover that you have the experience to identify the risks, communicate them and lead the ways to mitigate them. Like any other individual in (COMPANY NAME), you'd be expected to jump into the action and get dirty with the operational tasks. Despite some very practical elements, this role is very strategic. We want to be able to present a global overview of our systems and help the management team to focus their attention. We need someone who deeply cares about protecting (COMPANY NAME) while embracing the empowerment and trust values that are dear to the future of work.
As you reading these you might be thinking:
-Wait a minute, that sound like a whole-lotta hats!
-Am I expected to do all these by myself??
-"A Soonicorn looking for a security unicorn" would be a more appropriate intro!
Yes, you'll be asked to wear many hats in the beginning, but as we grow and build a team around you some of those will be transferred to your new colleagues. Even in the beginning, you won't be alone, though. You will work closely with our SRE team to become familiar with our infrastructure as well as our IT team in order implement company-wide security practises. Finally, since our application security would be your top priority, you'd spend much time with our engineering leads to identifying potential security risks and mitigating them.
And sure, this may all sound that we are looking for a mythical all-rounded security focus but we are not delusional. We'd expect that you are highly skilled in certain areas (ideally application security) and not in the whole security-verse. What's important though, is that you have a passion for the field, you are willing to expand your knowledge and that you enjoy the responsibilities that come along with such a role.
If you have been smiling in excitement while reading these, we probably want to meet you, click apply!
You know your way around:
* Handling company-wide risk assessments
* Building a secure product from the ground up
* Application security - understanding risk coming from user permissions, user flow etc
* Infrastructure Security- system architecture, service setup, network setup (identifying potential threats in a service setup)
* An aggressively expanding startup across Europe with varying security requirements
* Compliance checklists and broad audit planning organization
* Leading initiatives that you're passionate about
The nitty gritty skills needed:
* Comfortability in cloud-based infrastructure, especially AWS.
* You can manage a bounty hacker program with hundreds of hackers attempting to penetrate our network
* You're proficient in PCI, GDPR and other compliance and security certifications
* You've run a cluster-wide segmentation scan, probing for exposed networking vulnerabilities
Your colleagues say that you:
* Could easily be a hacker in your free time
* Never forget to lock your Laptop
* Often send encrypted emails
* Dropped an unattended USB-drive and wait for someone to pick it up.
Your mom says that you:
* Loved to pick locks as a kid
* Force her to change her passwords every now and then
* Installed Signal on her phone
Show me the benefits!
* Your own (COMPANY NAME) card (no more out-of-pocket spending)
* Flexible working remote options (we want you to be based in Copenhagen but we are flexible regarding WFH days or stints working remotely from another location)
* Quarterly trips to somewhere for team camps (both company-wide ones and team-specific ones). Last one was in Northern Ireland in December
* Investment in learning & developing (just check with your team for what's reasonable, we don't have set budgets)
Nice things we do:
* Catered lunch in HQ
* Loads of weird and wonderful niche communities to join in the company (we're talking guerrilla gardening, liquids tasting, the (COMPANY NAME) band, learning to code initiatives, that type of thing)
* Wild enthusiasm and encouragement from us if you want to host MeetUps, events, etc - we'll help (venue, food etc)
Working at (COMPANY NAME) means you're working on something very exciting: the future of work. Through fintech we've seen a way to impact how people work; we think company spending should be delegated to all employees and teams, that it should be as automated as possible, and that it should drive a culture of responsible spending.
Being HQ'd out of Copenhagen means we're inspired by sensible things like a good work-life balance, whether our office is in Copenhagen or not.
Sometimes, people write nice things about us
No one says it quite like our customers. Hear what they have to say this week on Trustpilot here: https://wxx.xxxxxxxxxx.xxx/xxxxxx/xxxx.xo
Or check out TechCrunch's latest article on (COMPANY NAME) here:
What am I in for?
We're pretty transparent about how we hire, you can read all about it here:
Also, always check out Glassdoor if you'd like to hear it from other people: https://gxxxxxxxx.xxx/xxxxxxx/xxxx-xxxxxxx-xxxxxxxx.xxm