security software engineer jobs



** PLEASE NOTE WE CAN ONLY HIRE IN THE UK AND NL DUE TO TAXATION REASONS **


Security Software Engineer

Ready to shape tomorrow?

This is somewhere where innovative thinking and the power of technology know no limits. We know that the success of the business depends on the people who keep it moving, which is why we are looking for exceptional talent to join our international payments revolution.  

We’re bringing simplicity, transparency & scale to cross-border payments - a $120 trillion market.

About the role



Our software engineers are responsible for implementing an industry-leading API that has already processed over $50 billion of cross-border transactions for over 5 million end users, and is available to our clients 24/7. But we’re not stopping there, and our engineers are at the forefront of taking us forward to meet the demands of even greater scale.



From our monolithic datacenter beginnings we’ve moved wholesale to AWS where our system runs as a set of distributed applications. We’re currently in the process of migrating those applications over to Kubernetes and Jenkins-X as we further embrace a microservices architecture.



As a Security Software Engineer you’ll play a key role within the Security and Architecture team; taking responsibility to ensure secure connectivity with customers as well as our platform security.



Our architecture is based on Amazon AWS with both EC2 and AWS EKS based services access via an API Gateway. You will play a key part in owning the platform security model and ensuring we put in place the correct security foundations in place, and help us take Currencycloud to the next level of scale. 



We’re particularly interested in 
  • Strong Java developers with some polyglot experience.
  • Experience of exposing public facing APIs using the OpenAPI specification
  • Solid knowledge of implementing Webhook and RESTful API security frameworks (e.g. OAuth2, JWT)



The Details



Day-to-day you’ll work with a variety of tools, technologies, capabilities and processes.
  • Highly-scalable, highly-available, cloud-native applications are key to our next phase of growth, are written to 12-factor principles and fit into our microservices architecture.
  • Cloud-related security tools and services support these applications, such as Cloudflare, Sumo Logic SIEM, WSO2 API Gateway, AWS Lambda, AWS IAM, AWS EKS, AWS KMS, Datadog APM, to name but a few.
  • API specifications, conforming to the OpenAPI (Swagger) standard, the Architecture and Security team ensures we provide a clean boundary which enforcing best practice security controls between our customers and our product, as well as internally between our microservices. Our public API specification is published on Github.
  • Object-oriented programming forms the bulk of the codebase we support, currently in Java. We also have specialist scripts written in Python, as well as our Public SDK’s we support in Ruby, Python, Java, Javascript, .NET and PHP
  • Large SQL databases provide the persistence layer for our services. You’ll be working with (and know the limitations of using) such large datastores.
  • Infrastructure automation will form a key part of your daily duties, and familiarity with AWS and Terraform is highly beneficial.
  • Testing approaches, including TDD, BDD and Contract Testing, all form an important part of our approach to quality assurance; ensuring that the code that we write forms products that are fit for use.
  • Agile development, with teams broadly aligned with the Spotify - Squads & Tribes - model, helps us deliver incremental improvements to our products in an iterative manner. Advocating this model, and joining us on a journey of continuous improvement, is a key attribute of members of our teams.
  • Continuous Integration and Continuous Delivery pipelines allow us to “automate all the things”, providing repeatable builds and consistent deployments.
  • GitHub, and the GitHub PR review process, forms a core part of our developer workflow, and peer reviews help share knowledge and improve quality.
  • Support security event investigations where necessary to respond to regulatory requests for evidence.
  • Teamwork, and cross-team collaboration, is fundamental to the delivery of our applications. Whilst each application has an independent path to production, there will always be some activities and initiatives that span multiple teams and require cross-team collaboration. 

None of these on their own are a must-have to apply for the role, but it would be useful to share with us any knowledge or experience that you have in these areas.

Anything extra to add?



Along with a no dress code policy & flexible working arrangements we also provide all of our employees with a prepaid debit card each month to spend on Wellness, or a contribution to a gym membership.

We offer a comprehensive range of employee benefits which include 25 days paid leave, 5% pension, BUPA health insurance, life insurance, long term sickness protection, a day off for your birthday and socials every Friday. 


About Currencycloud



Currencycloud is a global payments platform built on smart technology that takes the complexity out of moving money. Developers use our API building blocks to build customised payment solutions. Whether you want to embed our payments infrastructure into your products or services, or build on top of it, we’ll fit into your business in a way that works for you. 



We take care of all the intricacies and regulatory hurdles involved with cross-border payments, giving you the tools to globalise your business.



Our cloud-based platform removes that complexity from international transactions, giving you clarity and control over your business so you can focus on the things that matter: your customers. With enterprise-class solutions for clients and partners such as Visa and Starling Bank, Currencycloud understands your needs and can help with market-leading products.