Head of AppSec

Contract Type Location Apply
Permanent London, Paris, Valencia or Munich here
The Role

As the Head of AppSec you will work alongside the Group Security management team and ensure that any software developed by our engineers meets our overall security standards and protects our customer’s data. You will lead all AppSec activities and be the driving force behind activities such as threat modelling, security automation in our continuous integration pipeline, code reviews, security standards and our Security Champions network.

What will you do?
  • Work with many functional teams you will ensure that PhotoBox Group’s applications stay at the highest security level
  • Support development teams to carry out application security reviews
  • Provide expert advice and consultancy to software and platform engineering on risk assessment, threat modelling and fixing vulnerabilities
  • Lead app security projects to ensure timely completion of efforts
  • Drive security into engineering’s systems development life cycle to ensure that security is built in and considered
  • Support security policies and procedures
  • Evaluate new and emerging security products and technologies
  • Collaborate with engineering, testing, and operations groups
Who are you?
  • Strong development background in application engineering/architecture
  • Great stakeholder management and influencing skills
  • Developer training and curriculum development
  • Have a deep understanding and hands on experience of secure software development practices including threat modelling, secure design principles, secure coding, code analysis, security testing and AppSec automation etc.
Tech Stack
  • OWASP, SAST, DAST, IAST, WAF, AWS
  • TDD, BDD, DSLs, AST, REPL,
  • Ability to fix code and work directly with developers

Why else should you be interested?

Quite simply, you don’t like standing still. You are passionate about working on different and ambitious projects from Day 1 - otherwise you’d be bored! You thrive on working with people from different nationalities, different cultures and languages. You want to work within a successful and recognised company, but you also want the freedom to bring forward your own solutions and to make your own impact. You want to work somewhere where people really do know each other by name and where they genuinely want to help and challenge each other to learn, be better and more innovative every day. Most importantly, you want to work in a business where spreading joy is the mission and where we all have fun making it happen.

Photobox Group Security mission and principles

Our mission is to secure the magic moments created by our customers, across all our brands. Our operating principles define what we focus on and how we make decisions. We hold ourselves accountable against these principles.

  1. We are enablers for the organisation, not blockers
  2. We drive transparency and accountability in risk management
  3. We minimise vulnerabilities
  4. We hack ourselves first
  5. We educate and empower our internal stakeholders and developers
  6. We contribute to adding financial value

Why join Photobox Group Security?

PhotoBox Group Security is a trusted, high-energy, empowered, and proactive team. If you are looking for a place to make a difference, learn a lot, be part of a highly productive team, and are able to work collaboratively with all parts of the business, this is the place for you.

We have a great culture, with a very horizonal structure. We expect you to be knowledgeable, trustworthy, empowered, friendly, focused, and responsible.

How to apply

We use Workable to track all our applicants, so your first step is to use the ‘Apply here’ link at the top of this page

In order to provide a fair and objective recruitment process, before we invite you for face-to-face interviews, we ask you to submit a number of answers to theoretical and practical questions (questions based on from quotes taken from your CV).

Until the the 8th of June, the best way for us to meet you and for you to meet us is to participate on the Open Security Summit (https://open-security-summit.org/).

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Contact

Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
England