Senior Security Engineer
  • United Kingdom Oxford
  • Oxbotica
1 year before
31.12.2023
Securely Provision
Systems Architecture
Job Description

Who are we?

Based in Oxford and with offices in Canada and the US, Oxbotica is an international startup founded in 2014 and scaling up rapidly (300+ Oxbots and growing).

As the global leader in our industry, we’re fuelled by a bold purpose: to make the Earth move better. From passenger shuttles to industrial vehicles, our operating system for Universal Autonomy™ is transforming the way people and goods are transported by enabling any vehicle, in any environment, to operate autonomously — safely, securely and efficiently.

Our technology is capturing investors’ imagination. To date we’ve raised $140 million in our Series C investment round. Accommodating growing demand from new and current shareholders, this funding is driving our expansion in North America and EMEA , and accelerating the deployment of our technology in domains where there is both urgent need and potential to scale.

Your Role:

As a Senior Security Engineer, you will be responsible for leading and driving security initiatives across the business. This is a senior-level position that requires extensive expertise in both Application and Cloud Security. Your primary responsibility will be to ensure that our engineering teams integrate security best practices into their workflows and deliver secure products and services.

This is a hands-on role that requires a unique blend of security thought leadership and the ability to develop and implement security tooling and automation. As a key member of the Engineering Experience team, you will work closely with other engineering teams to ensure that security remains a top priority throughout the development process.

Your Responsibilities:

Lead security initiatives and develop and implement security best practices across the organisation.
Provide hands-on technical guidance and expertise in Application and Cloud Security, including vulnerability management, threat modelling, security automation (DevSecOps), identity management and SIEM/SOAR.
Develop, deploy, and maintain security tooling and automation to support continuous integration and continuous delivery (CI/CD) pipelines.
Drive security awareness and education initiatives, ensuring that all engineering teams understand the importance of security and are equipped to address potential threats and vulnerabilities.
Develop metrics and reporting to measure the effectiveness of security initiatives and drive continuous improvement.
Mentor and guide team members in security best practices, fostering a culture of security excellence.
Stay current with industry trends, emerging threats, and best practices in Application and Cloud Security to ensure the company's security posture remains robust.

Requirements

What you need to succeed:

Bachelor's or Master's degree in Computer Science, Cybersecurity, or equivalent experience
Extensive experience in information security, with a recent focus in a cloud-first organisation.
Deep understanding of secure software development practices and experience.
Strong knowledge of cloud security best practices, including experience working with major cloud providers (AWS, Azure, GCP).
Hands-on experience with security tools and technologies.
Proven ability to develop and implement security policies, processes, and procedures.
Excellent communication and interpersonal skills, with the ability to influence and lead cross-functional teams.

Extra kudos if you have:

Relevant security certifications, such as CISSP, CCSP etc.
Applicable AWS certifications or accreditation

Benefits

We provide:

Competitive salary, benchmarked against the market and reviewed annually
Hybrid and/or flexible work arrangements
An outstanding £3,000 flexible benefits including private medical insurance, critical illness coverage, life assurance, EAP, group income protection
A salary exchange pension plan
25 days’ annual leave plus bank holidays
A pet-friendly office environment
Safe assigned spaces for team members with individual and diverse needs

Our Culture:

We promote an open and inclusive culture that empowers our Oxbots to bring their whole, authentic selves to work every day. Oxbotica is proud to be an inclusive organisation and, as such, we require all team members within our recruitment process to understand and deploy best practices focused on de-biasing the whole recruitment cycle.We also apply a neuro inclusive lens to our recruitment process and want each potential Oxbot to enjoy the best experience possible for them. Please share with us any individual needs or reasonable adjustments we may need to make in advance of commencing the interview process with us.

Learn more about our culture here.

Why become an Oxbot?

Our team of experts in computer science, AI, robotics and machine learning is world-class, and together they’re solving the most exciting and important technological challenges of our times.

But as well as smarts, Oxbots have heart. Our diverse, multi-cultural crew is guided by a shared vision to bring the myriad benefits of autonomy to our customers and partners. And in a company that celebrates uniqueness as much as skill and experience, they do it with energy, conviction and a healthy dose of excitement, too.

If you are bold, creative and hyper skilled, come and create the future of autonomy with us at Oxbotica.


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0027   Knowledge of organization's enterprise information security architecture.
  • K0056   Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0075   Knowledge of security system design tools, methods, and techniques.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0299   Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0487   Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • K0007   Knowledge of authentication, authorization, and access control methods.
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Required Abilities
  • A0027  Ability to apply an organization's goals and objectives to develop and maintain architecture.
  • A0038  Ability to optimize systems to meet enterprise performance requirements.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0148  Ability to serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.
  • A0149  Ability, in close coordination with system security officers, advise authorizing officials, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities).