-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Sidebar changes
- Loading branch information
Showing
8 changed files
with
14,382 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| --- | ||
| title: AppSec Engineer – Job Description | ||
| --- | ||
|
|
||
| At Glasswall, we are doing things a bit differently. Good different. And we're not just talking about it; we're walking the walk. The amount of learning, growth, progression, and positivity that we are experiencing right now makes me excited and privileged to be here and be part of our evolution. | ||
|
|
||
| We are on the hunt to add exceptional talent to our team. The next generation of talent who will be as excited as we are by modern thinking, ways of working and engineering practises. Visit our [Engineering Blog](https://medium.com/glasswall-engineering) to read up on some of the things we're doing! New team and organisational structure, Wardley Maps, thinking in Graphs, are but a few. There's a lot of cool things happening here coupled with incredible opportunities for learning, contribution, ownership, evolution and delivering world class products that genuinely make handling digital documents safer for all! | ||
|
|
||
| A big part of our culture is openness, transparency, and diversity. We are driving to publish more of our work to the wider community. Have closer engagement and collaboration with our customers and partners. We aim to find diverse and talented individuals, from all parts of the world, walks of life and previous industry experience. Bringing different perceptions to the work we do, we do it better! | ||
|
|
||
| The talented candidate will work in our Information Security Team. The Application Security Engineer will help analysing the security of software design and implementation and on identifying and resolving security issues. The engineer will also be involved at all stages of a Glasswall Product Life Cycle, from design to secure coding and development, testing and development stages and involved with all our security champions to make sure our products are secure. | ||
|
|
||
| Tech Stack: Threat Modelling, Risk Assessment, Dynamic and Static code Analysis, Compliance management, Python, Vulnerability scanning, Pentesting. | ||
|
|
||
| **Duties and Responsibilities** | ||
|
|
||
| A mix of product and operation engineering to facilitate: | ||
|
|
||
| - Threat Modelling and Risk management | ||
| - Monitoring of application and cloud infrastructure. | ||
| - Static and Dynamic code analysis | ||
| - Pentesting and vulnerability scanning | ||
| - Maintain Projects and technical documentation | ||
| - Develop a familiarity with new security tools and best practises | ||
|
|
||
| The role will report directly to the Head of IT and InfoSec | ||
|
|
||
| **Skills you may have, or will learn** **😊** | ||
|
|
||
| - Static and Dynamic code analysis | ||
| - AWS and Azure Technologies | ||
| - Threat modelling, Risk Assessment | ||
| - Strong software engineering principles | ||
| - Automation | ||
| - Python, Jupyter, GitHub | ||
|
|
||
| **Helpful Knowledge and Experience** | ||
|
|
||
| - Familiar with Cloud Security issues, MUST have deep understanding of OWASP Top 10 with proven track record and experience in implementing and integrating remediation strategies | ||
| - Ability to educate Developers on application security best practises and secure coding techniques | ||
| - Drive security into the software development lifecycle by performing security threat modelling, risk assessment, and vulnerability management and working with our cloud and core teams to implement mitigations and resolutions. | ||
| - Knowledge of compliance standards GDPR, NIST, ISO27001, | ||
| - Monitoring and Logging – Data dog, Azure security centre | ||
| - Python, Go, Powershell, Bash. | ||
| - Strong Azure or AWS knowledge and Azure (at least one of them) | ||
| - Comfortable with Agile development practices and have strong programming ability in at least one programming language, and one scripting language. We use Python, , Javascript/, GIT | ||
|
|
||
| **Salary and Benefits** | ||
|
|
||
| - Glasswall offers a competitive salary and benefits package. | ||
| - Some benefits include private health care, pension contribution, and our options programme. | ||
| - We offer flexible and remote working options. | ||
| - Salary for this role is from £40k | ||
|
|
||
| **How to Apply** | ||
|
|
||
| Please read our blog post on the job, complete the challenges, then email us at [[email protected]](mailto:[email protected]) | ||
|
|
||
| Blog Post: | ||
|
|
||
| [https://medium.com/glasswall-engineering/were-hiring-calling-devops-sre-and-team-leads-407d02151abb](https://medium.com/glasswall-engineering/were-hiring-calling-devops-sre-and-team-leads-407d02151abb) | ||
|
|
||
| **Reference Materials:** | ||
|
|
||
| - Glasswall Engineering Blogs - [https://medium.com/glasswall-engineering](https://medium.com/glasswall-engineering) | ||
| - Glasswall Engineering Site - [https://engineering.glasswallsolutions.com/](https://engineering.glasswallsolutions.com/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| --- | ||
| title: Rules of Engagement | ||
| id: rules-of-engagement | ||
| sidebar_label: Rules of Engagement | ||
| --- | ||
|
|
||
| For recruitment agencies wanting to work with Glasswall and provide us with an exceptional talent pool for FTE hires, here are our Rules of Engagement. | ||
|
|
||
| Rules of Engagement | ||
|
|
||
| Any prospective agency would need to: | ||
|
|
||
| - Direct their candidates to one of our blog posts, we'll have different write ups for different types of roles. E.G: [Blog Post](https://medium.com/glasswall-engineering/were-hiring-calling-devops-sre-and-team-leads-407d02151abb) | ||
| - Have them read the blog and complete all the challenges. The blog has guidelines on how to submit their application. | ||
| - Have your cadididate apply to our role via http://careers.glasswallsolutions.com/. | ||
| - You or your candidate can email us at [[email protected]](mailto:[email protected]) to inform us of your relationship to connect the finders fee. | ||
|
|
||
| What Glasswall will do: | ||
|
|
||
| - Review the candidate's application and respond accordingly to their email | ||
| - Should we like the application, we will arrange to meet with the candidate | ||
| - Have them present to us the slideshow they created | ||
| - Interview questions around the role, organisation, candidates' goals and expectations, cultural fit. | ||
| - Should a further technical assessment be needed we will arrange this. | ||
| - Provide offers to successful candidates. | ||
| - Including the agency on the digital offer. | ||
| - Request payment details from the agency at the time of offer. | ||
| - On acceptance of the offer, pay the agency a 10% finder's fee. | ||
|
|
||
| What we will not do: | ||
|
|
||
| - Review CVs being emailed to us. | ||
| - Spend overhead time engaging with agencies to further discuss the opportunities available and alter terms. | ||
|
|
||
| Reference Materials: | ||
|
|
||
| - Glasswall Engineering Blogs: [https://medium.com/glasswall-engineering](https://medium.com/glasswall-engineering) | ||
|
|
||
| - Glasswall Engineering Site: [https://engineering.glasswallsolutions.com/](https://engineering.glasswallsolutions.com/) | ||
| - Glasswall SRE site: [https://sre.glasswallsolutions.com/](https://sre.glasswallsolutions.com/) | ||
| - SRE Hiring Blog: [https://medium.com/glasswall-engineering/want-to-be-an-sre-join-glasswall-a4b10ab94220](https://medium.com/glasswall-engineering/want-to-be-an-sre-join-glasswall-a4b10ab94220) | ||
| - Current Hiring blogs with open positions: | ||
|
|
||
| [Medium blog post - Dev Team Lead, SRE Team Lead, DevOps Engineer](https://medium.com/glasswall-engineering/were-hiring-calling-devops-sre-and-team-leads-407d02151abb) | ||
| [Medium blog post - AppSec Engineer](https://medium.com/@absi81/were-hiring-calling-appsec-engineer-c1616a0639bd) | ||
|
|
||
| ### FAQ: | ||
| Question: | ||
| With regards to 'We offer flexible and remote working options.' - Would you consider someone who will work absolutely 100% remote or would they have to spend time in the Chelmsford office each week/month etc? | ||
| Answer: | ||
| Yes we will, as long as the work is getting done, location is not important. Our Chelmsford office will be remaining closed for the most part until 2021 in any case. | ||
|
|
||
| Question: | ||
| Does the presentation have to be about Glasswall or about me, like the example presentations are? Also can I include the wardley map in the same presentation? | ||
| Answer: | ||
| The presentations are about the person. It’s an opportunity for them to present themselves, who they are, what their passions are, how they think. etc. | ||
| It's for us to learn about them the things we never could through a CV. Yes, they can include the map in the presentation :) | ||
|
|
||
| Question: | ||
| One of my contacts was interested in the SRE Team Lead position. However, he was put off by the 'on-call' element. Is that mandatory for the role or can it be worked around? | ||
| Answer: | ||
| 100% mandatory for any SRE position. We compensate our SRE staff with an addiotional £5K per annum on top of their base salary. They will then be on a rota with the rest of the SRE team to handle any out of hour incidents of our Production Cloud products. We use PagerDuty to handle these p1 incident call outs. | ||
|
|
||
| Question: | ||
| Can you elaborate on your company benefits? | ||
| Answer: | ||
| Some benefits include private health care, pension contribution, and our options programme. We provide 25 days annual leave. All staff have access to online training platforms. | ||
| We have a quarterly training budget for study materials, conferences, certifications, productivity tools etc. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.