Did you know that about 10% of all insurance payouts are flowing directly into
the pockets of fraudsters? The future of insurance starts with Decisions Made
Better.
Shift Technology harnesses the power of AI to enable the world's leading
insurance organizations to make better decisions. Our products automate and
optimize decisions from underwriting to claims, resulting in increased
operational efficiency, reduced costs, and superior customer experiences for
millions of people around the globe.
Our culture is built on innovation, trust, and a drive to transform the
insurance industry by imagining and innovating solutions that impact insurers
and their customers - like you! We come from more than 40 different countries
and cultures and together we are creating the future of insurance.
The security team is a critical component of Shift Technology as no
organization is immune to cyber-crime. The team is responsible for protecting
information throughout the security infrastructure, edge devices, networks,
and data. We strive to stay up to date with the latest tactics hackers are
employing in the field in order to prevent data breaches by monitoring and
reacting to attacks but the first step is finding the most qualified
professionals to lead the way.
What you'll do...
As a Sr. Application Security Specialist within Shift, you will own, maintain
and promote the security tools of the CI/CD pipeline, continuously test
(manually and automatically), and monitor software security from design to
production and supervise part of the SOC while handling security incidents
too. You'll join a team and a company where you can own and drive, and
progress your career to the next level. As part of the information security
department, this role reports to the CISO.
RESPONSIBILITIES
Working with data scientists and software development teams to ensure
technical security standards and architectures are well understood and
best practices are followed so the software is developed with Security and
Privacy by Design and by Default in mind.
Support, share your expertise and advise the DS and Software development
team with the proper security practices, act as a mentor
Raise the awareness of our developers about security best practices
Automation of security testing (SAST, DAST, SCA, Vulnerability
management, threat modelling, etc.) and acquaintance with relevant
tooling eg. ThreadFix, DefectDojo, Veracode, ZAP, Burp, Bug Bounty, etc.
Interest in Data Science and Engineering and ML Security on Azure and AWS.
Membership of Application Security Chapters helping define technical
policies and guidelines for security relating to software development and
championing these through the organisation.
Working with engineering leads on identified security risks and software
vulnerabilities.
Operate a software vulnerability management program.
Occasional security auditing of software developed by the company and its
partners.
Oversee security managed services and outsourced security capabilities
Create, maintain, and execute appropriate incident response processes to
enable timely escalation, containment, and recovery of cyber security
events
Work with other teams to identify recurring patterns and propose strategic
actions to reduce risk
Provide clear, concise, and easily consumable communication with key
technical and non-technical stakeholders so that incidents are understood
and appropriately addressed
Ensure accurate and clear communication with all stakeholders
Provide appropriate KPIs and KRIs to key stakeholders
Technical liaison with third parties on application security related
discussions related to security.
SKILLS & BACKGROUND
3 years experience with a degree in Computer Science, IT, Systems
Engineering or a related qualification.
Familiarity with applicable standards, methods, models, and approaches
(OWASP, CWEs, etc.).
Knowledge of common development language frameworks C#, .NET, Python is
crucial while others are a plus.
At least one scripting language knowledge (Python, Ruby, Rust, etc.).
Strong knowledge of API and Web Apps security.
Collaboration - Engagement with the tech teams and other stakeholders,
especially in a remote setting.
Good understanding of software security principles and top 10s.
Excellent communication skills; comfortable to represent the cyber
security team at all levels of the organisation, and with partners and
vendors.
Good awareness of cybersecurity trends.
Strong attention to detail, a can do attitude, and an analytical mind and
outstanding problem solving.
Recruitment Process
HR Screening
Security team interview
Technical interview
CISO interview
CTO interview
#LI-BA1
#LI-ONSITE #LI-HYBRID
To support our employees at every stage of their careers and lives, we are
always assessing the benefits we offer to ensure we are competitive. Here are
some we'd like to highlight:
Flexible remote and hybrid working options
Competitive Salary and a variable component tied to personal and company
performance
Company equity
Generous PTO and paid holidays
Parental leave opportunities
Extensive mental health benefits provided via our global Employee
Assistance Program
Paid volunteering time - 16 hours annually
We offer many benefits in various countries - ask your recruiter for more
information.
At Shift we strive to be a diverse and inclusive workforce. We hire and trust
people without regard to race, color, religion, marital status, age, national
or ethnic origin, physical or mental disability, medical condition, pregnancy,
genetic information, gender identity or expression, sexual orientation, or
other non-merit criteria.
Shift Technology is committed to providing reasonable accommodations for
qualified individuals with disabilities in our application and employment
process. Should you require accommodation, please email [email protected]
technology.com and we will work with you to meet your accessibility needs.
Shift Technology does not accept unsolicited CVs from recruiters or
employment agencies in response to the Shift Technology Careers page or a
Shift Technology social media post. Any unsolicited CVs, including those
submitted directly to hiring managers, are deemed to be the property of Shift
Technology.