Senior Product Security Engineer

ABOUT THE TEAM

The Tide Security Engineering team is made up of three core areas: Product Security, Threat Detection & Response, and Identity.

Product Security (this role!) consists of application and cloud security experts. Their mission is to protect the products we build, covering everything from secure design reviews to threat modelling and penetration testing, ensuring security is embedded from the ground up.

Threat Detection & Response (this role!) focuses on protecting the company by building a robust detection and automation platform. We’re proactive in our defence, constantly hacking ourselves to improve our security posture and staying ahead of emerging threats. Our goal is to make Tide resilient against the ever-evolving threat landscape.

Identity is responsible for managing Tide's staff identity platform, ensuring that access to systems and infrastructure is secure, seamless, and aligned with modern security practices. The team uses strategies like zero trust, multi-factor authentication, and granular role-based access controls to safeguard our internal operations.

While each area has its own focus, collaboration is key - it's why we share the same Slack channel and hold our standups together as one cohesive team, ensuring alignment and seamless communication across all security functions.

ABOUT THE ROLE

First and foremost you will be passionate about security and resilient software development processes. You will enjoy hunting for vulnerabilities in our web and mobile applications and working with our engineering teams to remediate them strategically. You will be comfortable explaining security issues and concerns to product owners, engineers, VPs and executives and love the feeling you get when this results in them releasing a more resilient product. You will be a keen follower of all things Infosec and constantly be on the lookout for ways to apply new industry trends, tools and automations to your day-to-day role.

As a Senior Product Security Engineer you’ll:

• Regularly dive deep into mobile, web app technologies in order to understand feature development and proactively hunt for vulnerabilities
• Be proficient in securing cloud-native applications, ensuring that security best practices are applied consistently across our cloud environment
• Be proficient in threat modelling and guide developers in secure design principles to prevent vulnerabilities from being introduced in the first place
• Help remediate vulnerabilities through strategic initiatives, writing patches, or creating understandable and actionable vulnerability tickets.
• Be the subject matter expert across a wide range of security areas, particularly in Application Security.
• Make security invisible when possible, believing that gatekeeping and blocking product teams should be avoided in favour of enabling secure development.
• Mentor and coach junior engineers, sharing your knowledge to help raise the security bar across the organisation
• Leverage automation and security tools to seamlessly integrate security into our CI/CD pipelines, ensuring vulnerabilities are caught early without disrupting development.

WHAT WE ARE LOOKING FOR

• You have a breadth and depth of knowledge across AppSec; you’re expected to understand topics like why private keys should be stored in the Secure Enclave, the differences between URL Schemes and Universal Links, what presigned URLs are in the context of S3 and the safest storage mechanisms for modern browsers.
• You know Burp Suite (or your favourite attack proxy) inside and out; bonus points if you’ve written or contributed to an extension that enhances its functionality.
• You have excellent spoken and written communication skills to articulate vulnerabilities clearly and persuasively, advocating for their remediation even when faced with competing production pressures.
• As a passionate senior security engineer, you have a blog, public speaking engagements, bug bounty profile, or a Git repository showcasing your work.
• You’re comfortable writing proof-of-concept (POC) scripts to demonstrate your findings and their potential impact, as needed.
• You have hands-on experience with securing cloud-native applications, ensuring that best practices are consistently applied.

TIDEAN WAYS OF WORKING

At Tide, we champion a flexible workplace model that supports both in-person and remote work to cater to the specific needs of our different teams. 

While remote work is supported, we believe in the power of face-to-face interactions to foster team spirit and collaboration. Our offices are designed as hubs for innovation and team-building, where we encourage regular in-person gatherings to foster a strong sense of community.

#LI-CC1 #LI-Remote

TIDE IS A PLACE FOR EVERYONE

At Tide, we believe that we can only succeed if we let our differences enrich our culture. Our Tideans come from a variety of backgrounds and experience levels. We consider everyone irrespective of their ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity or differently-abled status. We celebrate diversity in our workforce as a cornerstone of our success. Our commitment to a broad spectrum of ideas and backgrounds is what enables us to build products that resonate with our members’ diverse needs and lives. 

We are One Team and foster a transparent and inclusive environment, where everyone’s voice is heard.

At Tide, we thrive on diversity, embracing various backgrounds and experiences. We welcome all individuals regardless of ethnicity, religion, sexual orientation, gender identity, or disability. Our inclusive culture is key to our success, helping us build products that meet our members' diverse needs. We are One Team, committed to transparency and ensuring everyone’s voice is heard.

You personal data will be processed by Tide for recruitment purposes and in accordance with Tide's Recruitment Privacy Notice.