Expression of Interest - Afterpay Security

Last updated 31 minutes ago
Location:Melbourne
Job Type:Full Time

Afterpay Security

About Us

Howdy! We’re the Afterpay security team. We’re here to help make sure that Afterpay does the right thing by our customers by keeping their data safe. Doing that requires us to do three things:
1. Make a work environment where brilliant security professionals can thrive
2. Build a company-wide culture that values and understands security
3. Run an effective security program made up of smart security controls

We’re passionate about building security into everything that Afterpay does in a way that doesn’t feel burdensome, bureaucratic or boring.

TL;DR: We’re growing quickly and we’re always looking to build relationships with other passionate information security professionals. Use the link at the bottom to drop us a note if you think you may be a good fit for our team.

Our Values

We will work hard to live these values as we believe they give us the best possible chance of achieving our goals.

We are partners - we understand the business and technical priorities and work to support them. We link our initiatives to the needs of the business
We are respected - we aim to build respect in each interaction by being subject matter experts, by communicating clearly and by being human
We are empathetic - we know that people have competing priorities and we try to put ourselves in their shoes
We are pragmatic - we’re making progress and not aiming for perfection
Our work is measurable - we focus on measuring our work so we can show the impact we’re having and so we can continually improve

Teams
Our security function is made up of five teams.

Product Security
Help product and engineering teams to secure the products that we create for our merchants and consumers.

Enterprise Security
Help technology and business teams to secure the technology that the Afterpay team uses to get their jobs done.

Governance, Risk and Compliance
The glue between our security departments. Provide a common language for information security risk, own our policies & coordinate our certifications.

Detection and Response
Ensure that we know who our adversaries are, how to detect them and that we know how to respond.

Security Community
Ensure that people know and care about information security, and that they are empowered with the information they need to act appropriately.

We’re (always) Hiring!
Our team is based in Melbourne (Australia), San Francisco (USA), Manchester (UK), Barcelona (Spain) and Shanghai (China). We’ll be hiring these roles in the coming months.

Product Security Engineering
Our product security engineers provide the technology, knowledge and visibility that our product and engineering teams need to create products that are safe for our customers.

We’re looking for people who enjoy:
*Partnering to build great products
*Building tools that help make it easy to make safe products
*Using visibility to incentivise the right behaviours
*Working as part of a team

People who will be a good fit have likely done one or more of the following:
*Worked in a product security function in another tech-focused organisation
*Done offensive security work, like penetration testing
*Been a software engineer and read about security on the side

Enterprise Security Engineering
Our enterprise security engineers provide the technology, knowledge and visibility that make it safe for Afterpay to use technology to go fast.

We’re looking for people who enjoy:
*Improving our employee experience
*Automating repetitive tasks
*Building resilient systems
*Working as part of a team

People who will be a good fit have likely done one or more of the following:
*Hardened enterprise endpoints and cloud applications
*Worked closely with Enterprise Technology teams
*IT systems engineering and read about security on the side

Governance, Risk and Compliance (GRC)
Our GRC managers support the operation of a number of our key GRC controls like third-party risk management and continuous compliance.

We’re looking for people who enjoy:
*Using compliance to drive security
*Automating the collection of compliance artefacts
*Finding smart and efficient ways of educating partners about security
*Working as part of a team

People who will be a good fit have likely done one or more of the following:
*Worked in security consulting services
*Deployed tooling to help automate compliance and artefact collection
*Maintained an interest in security governance

Detection and Response
Our detection and response engineers work on both detection engineering and incident response. By covering both sides of the detection and response puzzle, we create an incentive structure that leads to continuous improvement.

We’re looking for people who enjoy:
*Working on a modern, cloud-native tech stack
*Balancing building and responding
*Building resilient systemsWorking as part of a team

People who will be a good fit have likely done one or more of the following:
*Worked with a SOC responding to alerts
*Done other blue-team style work, with a focus on building tooling
*Been a DevOps-style engineer and read about security on the side

Reach Out!
If you are a good fit for any of these roles, or think that you’ve something to add to a team like ours, please apply below. Include a brief cover letter explaining what motivates you and what type of security role you are currently interested in. We’d love to hear from you.