Back

Senior Security Engineer (DevSecOps)

Any of our offices
17 days ago
Full time role

Company

OVO Energy is an independent energy technology company and supplier. The company was launched in 2009. OVO Energy is set ...

View Company Profile

Job Description

We’re making zero carbon happen

We’re OVO Group, a big family of companies united by a single vision: to get to zero carbon, fast. 

We call this Plan Zero – and it shows how we’ll be fighting the climate crisis and transforming the way people use energy over the next decade. To do this, we need the sharpest minds. Are you up for the challenge?

Do great green things with OVO Energy

So much has changed since we launched in 2009.  Our goal remains the same though: make energy cheaper, greener, and simpler. Just as it was on day one.

Everyone belongs at OVO

Our aim is to build a diverse and inclusive movement: teams of brilliant people, with unique talents, skills, passions, and experiences. 

We encourage everyone to join us, whatever your gender identity, race, ethnicity, sexual orientation, age, life experience, or background. So please come as you are – we can’t wait to meet you.

Where in the world of OVO will I be working?

This position supports the Technology Function by working closely with DevOps teams to help them put the 'Sec' into DevOps and ensure that all of our services, applications and tools are secure throughout the software development lifecycle.

This is a varied role where you’ll be exposed to the full stack and will work across technologies including GCP, AWS, Kubernetes and Kafka. You’ll be focusing on projects spanning infrastructure, release engineering and security monitoring.

As part of the Security Engineering team we want to create solutions and insights that will allow us to meet a very high security caliber, while maintaining a fast delivery pace expected in a modern software system. We believe this happens through tight collaboration between Security Engineering and Software Engineering. You will have a strong focus on building relationships across various teams, including design feedback and coaching but most importantly building security improvements in our products.

What will I be doing?

You will be building tools and fostering our security culture to help OVO’s product teams rapidly deliver secure systems. Providing those teams with clear actionable advice on what risks and threats they have to their systems. 

You will also be responsible for defining and evolving security best practices. Helping teams take action on those practices through your expert training or automation will be key to your success.

Key responsibilities include:

  • Actively contributing to the Security Engineering community
  • Pairing with other team members to learn new skills
  • Researching and evaluating emerging Cyber Security threats
  • Keeping up to date with the latest security and technology developments
  • Responding to requests for security advice and guidance from the business

Is this the job for me?

  • You are genuinely passionate about developing products that will positively impact over a million people and also our environment
        
  • You love working in teams and collaboratively building features that impact customers   

  • You are motivated by owning products, from inception to continuous improvement   

  • You believe strongly in test driven development and continuous delivery
       
  • You love building scalable, resilient solutions
      
  • You seek learning opportunities to deepen your expertise or broaden your knowledge

Ideally you will have:

We are looking for excellent security engineers and whilst experience is important, ultimately less so than your demonstrated abilities and attitude.
   

  • Knowledge and experience in secure software practices  

  • Scripting and software engineering skills; we don’t mind what language! (Python, Scala, Clojure, Rust etc.)   

  • Awareness of common software security flaws and web application security best practices (OWASP top 10, CWE/SANS Top 25)   

  • Application security testing    

  • AWS/GCP security best practices 
      
  • Kubernetes security best practices  

  • Container vulnerability management
      
  • Open Source dependency scanning
       
  • Web Application Firewalls, Reverse and Forward Proxies  

  • Logging, monitoring and alerting on security events
        
  • Thorough knowledge of CI/CD and DevOps principles and security considerations   

  • Experience with infrastructure-as-code
        
  • Strong networking fundamentals; IP, TCP, UDP, Routing, DNS

  • Familiarity with Linux

  • AWS, GCP and Azure clouds' hardening to NIST/CIS standards


You could be from a development, infrastructure or testing background with an interest in security; or from a security background with software development interest. Or maybe an AppSec engineer or pen-tester


Handy Links

Interview tips: https://tech.ovoenergy.com/how-to-nail-that-dream-job/

Our tech blog: https://tech.ovoenergy.com/

Our github: https://github.com/ovotech

Our techstack https://techradar.ovotech.org.uk/

Brilliant benefits for a world-changing team

Our people are at the heart of Plan Zero. That’s why we offer plenty of green benefits and progressive policies to make you feel at home.

For starters, you’ll get 34 days of holiday (including bank holidays).

Then there’s Flex Pay. It’s an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits.

Here’s a taster of what’s on offer:

For your health
With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more

For your wellbeing
With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more

For your lifestyle
With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations

For your home 
Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers

For your commute
Nab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loans

Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

 

Oh, and one last thing...

 

We’d be thrilled if you tick off all our boxes yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you!

 

 

 

OVO Energy is an independent energy technology company and supplier. The company was launched in 2009. OVO Energy is set ...

View Company Profile