Security Engineer

Location: Commutable to London/Bristol with Flexible Working

We launched in 2009 with a mission to change energy for the better. Since then, we’ve welcomed over a million members, planted a million trees, and set our sights on helping save the planet.

As a Group, we’re working to become a net zero carbon business by 2030, while helping our OVO Energy members halve their carbon footprints at the same time. 

Green energy and technology are great tools to fight the climate crisis with. But it’s people power that will rewrite history.  

So we’re building a zero carbon team inside and out. Of people who share our values, feel inspired by our mission, and want to make change happen. When you work for OVO, it’s not just a job. It’s the work of a lifetime. And we want the sharpest minds to help. 

Up for the challenge?

Where in the world of OVO will I be working? 

This position supports the Technology Function by working closely with DevOps teams to help them put the 'Sec' into DevOps and ensure that all of our services, applications and tools are secure throughout the software development lifecycle. 

This is a varied role where you’ll be exposed to the full stack and will work across technologies including GCP, AWS, Kubernetes and Kafka. You’ll be focusing on projects spanning infrastructure, release engineering and security monitoring.

As part of the Security Engineering team we want to create solutions and insights that will allow us to meet a very high security calibre, while maintaining a fast delivery pace expected in a modern software system. We believe this happens through tight collaboration between Security Engineering and Software Engineering. You will have a strong focus on building relationships across various teams, including design feedback and coaching but most importantly building security improvements in our products.

What will I be doing?

You will be building tools and fostering our security culture to help OVO’s product teams rapidly deliver secure systems. Providing those teams with clear actionable advice on what risks and threats they have to their systems. You will also be responsible for defining and evolving security best practices. Helping teams take action on those practices through your expert training or automation will be key to your success.

Is this the job for me? 

• You are genuinely passionate about developing products that will positively impact over a million people and also our environment
• You love working in teams and collaboratively building features that impact customers
• You are motivated by owning products, from inception to continuous improvement
• You believe strongly in test driven development and continuous delivery
• You love building scalable, resilient solutions
• You seek learning opportunities to deepen your expertise or broaden your knowledge

We celebrate diversity and value equal opportunity; the more inclusive we are, the better our work will be. We want to build a team which represents a variety of backgrounds, perspectives, and skills, and we decide employment on the basis of merit and potential.

Ideally you will have skills and experience in the following areas:

We are looking for excellent security engineers and whilst experience is important, ultimately less so than your demonstrated abilities and attitude.

• Knowledge and experience in secure software practices
• Scripting and software engineering skills; we don’t mind what language! (Python, Scala, Clojure, Rust etc.)
• Awareness of common software security flaws and web application security best practices (OWASP top 10, CWE/SANS Top 25)
• Application security testing 
• AWS/GCP security best practices
• Kubernetes security best practices
• Container vulnerability management
• Open Source dependency scanning
• Web Application Firewalls, Reverse and Forward Proxies
• Logging, monitoring and alerting on security events
• Thorough knowledge of CI/CD and DevOps principles and security considerations
• Experience with infrastructure-as-code
• Strong networking fundamentals; IP, TCP, UDP, Routing, DNS
• Familiarity with Linux
• AWS, GCP and Azure clouds' hardening to NIST/CIS standards

You could be from a development, infrastructure or testing background with an interest in security; or from a security background with software development interest. Or maybe an AppSec engineer or pen-tester. 

Want to check out more?

Working in Tech at OVO Energy

Check out our Tech Stack

Watch our video about joining OVO Tech Team

See how we work on our blog and our Tech Blog

OVO tech github: https://github.com/ovotech

From us you’ll get* 

• An annual discretionary bonus
• 4% of your salary to spend on flexible lifestyle benefits
• 5% matched employer contribution to your pension
• 25 days holiday + 1 for your birthday
• And many more... 

(*) Please note that certain benefits kick-in once you have passed probation which can be up to 6 months after your start date.

We want the best people 

At OVO, we empower our people to have choice around where and when they work - flexible working arrangements can be discussed for all of our roles. Please speak to the Talent Acquisition team for more info.

We’re keen to meet people with varied backgrounds - our view is the more inclusive we are, the better our work will be. We want to build teams which represent a variety of experiences, perspectives and skills, and we recognise talent on the basis of merit and potential.

We understand some people may not apply for jobs unless they tick every box. If you're excited about joining us and think you have much of what we're looking for, even if you're not 100% sure… we'd love to hear from you.

Learn more about working in the OVO family of companies on our careers page and Glassdoor. We’re also delighted to have received a Top Employers certificate in 2018, 2019 and 2020!