Moonpig

About the Company

At Moonpig Group our mission is to help people connect and create moments that matter.

We’re an international group made up of two brilliant brands – Moonpig in the UK, US and Australia, and Greetz in the Netherlands.

We’re a technology platform at heart, but our customers know us as the leading eCommerce destination for greetings cards, gifts and flowers. Last year we delivered over 70 million personalised cards, gifts and flower bouquets in over 50 million orders, helping our customers celebrate all the occasions that matter to them, from milestone birthdays and anniversaries to new arrivals and all of those just-becauses.

We have awesome people and a caring company culture: We give teams autonomy while supporting personal growth at all levels. Plus, we know how to have fun! Don’t just take our word for it, though; in Feb 2022, Moonpig was officially recognised as an outstanding company to work for by Best Companies and we earned a 2-Star accreditation, which is Best Companies second-highest standard of workplace engagement and represents organizations striving for the top.

Head over to our careers site for more company info and our current opportunities - https://www.moonpig.com/uk/blog/moonpig-careers/moonpig-careers/

Listed Jobs

Company Name

Moonpig

Job Title

Product Security Engineer

Job Description

We’re currently looking for a Product Security Engineer to join our Security Team.


What you’ll be doing:

As a Product Security Engineer you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. We’re a small team, so the role is a hybrid of engineering work along with vulnerability and risk management, with a focus on automation and collaboration with our wider Technology team to drive secure development processes within our software development life cycle.

Key Responsibilities:
Contribute to the development of the product security roadmap and strategyBoost, build and innovate upon our security tools in our DevOps pipeline/processes.
Educate and empower those around you on security topics, helping to increase understanding of security issues and how to prioritise and remediate them.
Design preventative and/or detective controls for specific security issues alongside our engineering teams within an agile environment.
Drive security testing (individually, with third parties, and by encouraging adoption within engineering teams) of our products using both structured and explorative approaches, helping to identify vulnerabilities earlier in our product lifecycle.
Provide SME support during incidents and crisis management meetings.

You'll be a great addition to the team if you have:
Strong knowledge of application security best practices (such as OWASP).
Familiarity with cloud infrastructure (such as AWS, Azure, or Google Cloud).
Strong grasp of infrastructure-as-code and configuration tools (such as Terraform or AWS CloudFormation) for the purpose of deploying security tooling.
Knowledge of extracting metrics and events from security tooling.
Experience working with and securing microservices, and API’s.
Advanced understanding of secure coding principles, the Secure Development Lifecycle, and how to drive acceptance and integration into engineering teams.
Experience implementing and managing SAST and/or DAST within a CI/CD environment.
Understanding of security tools such as WAFs, and vulnerability scanning tools.
Understanding of cryptography, authentication, and authorization.
A positive, collaborative, and pragmatic attitude.
Great communication skills, both verbal and written.

We are also keen to speak to candidates currently in software engineering roles looking to move into Cyber Security. If this is you, please apply!

London, United Kingdom

On site

05-02-2025