Senior Security Engineer
Oyster
✨ One platform, a whole world of opportunity
Right now, the best jobs are limited to people in a handful of the world’s wealthiest cities, yet brilliant people are everywhere. Driven to overturn the status quo and distribute opportunities equally around the world, Oyster launched its global employment platform to help companies hire, pay, and care for talent anywhere.
When it comes to global employment, we walk the walk. We’re proof that companies don't need an office to create a highly-engaged culture. Since the company’s inception in January 2020, Oyster has:
Our momentum speaks to the power of global employment—and we’re just getting started! If you want to change the world with Oyster and be empowered to work remotely while doing so, we’d love for you to apply!
👩💻 The Role
Location: While this position is posted in a specific location, all of Oyster’s positions are fully remote and you can work from home. Forever. To create the best experience for our new hire, this role requires you to be based within +3 / -5 UTC.
We are looking for a high-performing Senior Security Engineer to join the Engineering Team at Oyster. In this role, you will work closely with the Data Protection/Privacy Team, IT Team, and Product Development Team to ensure that our applications are secure throughout the development lifecycle. You will be responsible for identifying and mitigating security risks, implementing best practices, and collaborating with cross-functional teams to enhance our security posture. Working in a fully distributed company, you will work synchronously and asynchronously with team members all over the world. We are looking for someone with strong technical skills, a collaborative mindset, and the ability to thrive in a dynamic, fast-paced environment.
Key Responsibilities
- Embed Security in SDLC:
- Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC).
- Conduct security assessments, code reviews, and threat modeling exercises to identify and mitigate security risks.
- Provide guidance on secure coding practices and remediation strategies.
- SaaS Application Security:
- Conduct security assessments and audits of both in-house and third-party SaaS applications.
- Ensure proper security controls and access management are implemented for SaaS tools.
- Stay updated on emerging threats and vulnerabilities specific to SaaS environments and address potential risks proactively.
- Security Tools and Automation:
- Implement and manage security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
- Integrate security tools into CI/CD pipelines for continuous security testing.
- Monitor and analyze security tools' outputs to identify and address potential security risks.
- Collaboration and Compliance:
- Work with the Data Protection/Privacy Team to ensure applications comply with relevant data protection regulations (e.g., GDPR, CCPA).
- Collaborate with the IT Team to ensure secure infrastructure configurations for hosting and deploying applications.
- Partner with the Product Team to incorporate security requirements into product features from the design phase.
- Training and Awareness:
- Develop and deliver security training and awareness programs for developers and relevant stakeholders.
- Promote a culture of security awareness and best practices throughout the organization.
Core Requirements
- 5+ years of experience in application security, with a strong focus on SaaS environments.
- Strong knowledge of security assessments, audits, and best practices for SaaS applications.
- Experience in configuring and managing security controls and access management within a SaaS-centric environment.
- Proficiency in using security testing tools such as SAST, DAST, and SCA.
- Experience integrating security tools into CI/CD pipelines and automating security processes.
- Familiarity with data protection regulations (e.g., GDPR, CCPA) and their implications for application security.
- Understanding of identity and access management
- Strong problem-solving skills and the ability to communicate complex security concepts to technical and non-technical audiences.
You'll also need
- A drive to learn, and help the development team to progress.
- Fluent English language skills.
- A reliable internet connection (or be able to get one).
🦪 How we work together at Oyster
Our values guide the work we do, the decisions we make, and the culture that makes us special. We elevate talent. 🙌 We build trust. 🤝 We thrive together. 🌍
Our mission is to create a more equal world—one global hire at a time. Everything we do ladders up to our mission—and that doesn’t just mean building software. We develop programs, participate in workshops, and create dedicated teams to ensure we successfully support companies and knowledge workers in this new world of work.
We embrace asynchronous communication and collaborative work—and we share how we work in the Oyster Public HQ —to help other global teams learn from our experiences.
💌 How YOU work
Different countries have different statutory benefits, different cultures have different norms, and different people have different needs! In order to best support and encourage our diverse team, we’ve created How YOU Work; a program of policies, practices, and perks to support your whole human experience as an employee at Oyster.
- Work from anywhere: Oyster is a borderless, HQ-less company. As long as your work gets done on time, your team has the support they need, and you're authorized to work where you live, the world is truly your Oyster.
- Paid time off: We’re all about taking breaks—we all need it. Oyster provides employees with 40 days off each year, which includes public/bank holidays and vacation/holiday leave (unless your country mandates more).
- Mental health support: We consider your mental health a top priority. We offer access to Plumm, a mental well-being service, to support your mental health.
- Wellbeing allowance: Each month, Oyster will top up your ThanksBen wallet with a wellbeing allowance. You can get pretty much anything that your heart desires! ThanksBen offers a wide array of options for spending your wellbeing allowance. Check out their benefits catalogue here for inspiration.
- Flexible parental leave: Families are created in lots of different ways. Our parental leave policy applies to all employees who are becoming parents, regardless of how they become a parent. Oysters are eligible for a minimum of three months of paid parental leave and your job will be held for 12 months (or longer if required by local jurisdiction).
- WFH stipend: Stipend to spend on your laptop and any other equipment you need for your home office; we'll get you up and running in no time!
✨ The best jobs should be available to everyone
At Oyster, we celebrate a variety of perspectives and experiences and we’ve intentionally built our product and our company with an inclusive, global mindset. We know from experience that people from underrepresented groups often don’t apply for roles they don’t feel they meet all the criteria for. We’re committed to elevating talent by creating a trust-based environment where we can all thrive together. So if you think you have what it takes, but don’t necessarily check every single box, please consider applying. We’d love to hear how you might contribute to our mission and our team.
Oyster is committed to ensuring equal opportunity of employment for qualified persons with disabilities and actively fosters an inclusive work environment. If you require reasonable accommodations throughout the recruiting process, please email jobs@oysterhr.com with the subject line: Interview Accommodations.
Our available positions are published on our careers page and should you be invited to interview with us, our recruitment team will only ever contact you directly from an @oysterhr.com email address. We will never ask you to send us money as part of a job offer. If you receive a suspicious email relating to opportunities at Oyster from any other email domain where someone is claiming to be a part of our recruitment team, or are directed to anywhere other than www.oysterhr.com/careers to view our available jobs we encourage you to submit a report through our Compliance and Ethics Helpline.