Beacon is a digital supply chain and freight platform. Our mission is to help businesses simplify and optimise their supply chains with end-to-end visibility, payments, and insights.
In addition to our supply chain visibility platform, we provide door-to-door freight services across all modes of transport through a growing carrier network which includes more than 100 partners in over 30 countries around the world.
As many of the problems our customers face have persisted for decades, we’re looking for problem solvers, big thinkers and curious optimists to help us build the future of logistics and finance. Since we started in 2018, our London-based team has grown at scale and we’ve opened our first international office in Hong Kong.
What you’ll do:
- Performing application security design evaluations and code reviews, and providing subject matter expertise around these topics
- Owning and defining Beacon's threat modelling methodology, and embedding this across Beacon's engineering community
- Owning and nurturing the relationship between Information Security and Engineering, and developing good working practices between the two teams
- Improving Beacon’s engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle
- Evaluating, implementing and managing 3rd party application security tools that complement Beacon’s existing technology stack
- Developing a repository of tailored application security training content for consumption by Beacon’s engineering community
- Balancing information security risk with product feature advancement, and incorporating the use of best-practice risk management methodology within the development process
What you’ll need:
- You have software engineering experience in an agile environment
- You are able to intuitively find flaws in software and can effectively communicate how to fix them
- You have the ability to think like an attacker and use that context to develop threat models
- You can enable other engineering teams to find flaws before they are introduced into production
- 2+ years of scripting/coding (Python, Java, NodeJS etc)
- You are able to act as a cheerleader and champion for security
- You have a passion for information security