Are you a software engineer who’s always had an interest in stepping into the security domain, or already a security practitioner? If you have previous security background (could be from hobby or side projects) - we’d love to hear from you 👀
There’s a few things that make our Security team at Wolt quite unique:
- ⭐️We’re a cross-disciplinary team which makes us strong: looking after not only security but also privacy and physical security and safety
- ⭐️ We work across the whole company, not siloed in a specific function
In this role you’ll get to:
- Solve security-related questions and implement requests related to our cloud services, such as their secure configuration and access controls.
- Learn as you go: over some time, you are expected to acquire a solid understanding and experience of our cloud environment, and its secure configuration and operation.
- Manage the complete lifecycle of incoming vulnerabilities and incidents, from identification to resolution.
- The sources of these include our bug bounty program, reports sent to our externally facing email address, security tools we use, security testing results, and our development teams - and maybe yourself.
- Communicate with, and guide our engineering teams in fixing the issues and handling the vulnerabilities and incidents.
Over time, your role can evolve depending on your interests and skills. Future directions could include, for example, security testing, SRE and more general cloud engineering, or building security solutions for in-house use. Wolt is a large place and there’s a lot to do!
📍The role can be based in Helsinki or Stockholm - or remote/hybrid anywhere in Finland or Sweden.
Our humble expectations
This position is ideal for people with many different engineering backgrounds. We are looking for 3+ years of full-time equivalent experience total. This experience can span any combination of the following areas:
- hands-on technical information security, such as security testing, vulnerability management or security research, and/or
- setting up or maintaining cloud native dev-related tools, such as Kubernetes, Terraform and CI/CD pipelines, and/or
- cloud engineering, administration, or SRE and/or
- software development with a modern deployment (along the lines of DevOps, containers, and an API driven microservice architecture).
You’ll be successful in this role if you:
- Have a good working knowledge on key technologies - whether through hobbies, studies, or actually getting paid:
- Cloud IaaS, especially AWS.
- Modern web application security risks, such as the OWASP Top 10.
- Internet protocols, Linux and their security aspects.
- Are quick to learn nuances in a wide variety of services: AWS, Google Workspace, various SaaS services, Github, Kubernetes, Terraform, and our own platform.
- Have a strong work ethic, are organized and follow things through.
- Can communicate clearly and provide good visibility to issues as they progress.
- Can see through issues that have many aspects and different - often also non-technical and business-related - considerations.
- Have the skill of becoming friends with developers and the occasional product owner.
- Are not scared of submitting and reviewing Pull Requests.
If you want to check up on your application or have any further questions about the position you can turn to Talent Acquisition Partner, Anna (firstname.lastname@example.org) at any given time.