Security Architect

Octopus Energy

To apply for this job please visit octopus.energy.

We are a tech-focused energy supplier for the UK market and we’re are looking for diligent and thoughtful software engineers, of any level of experience, to join our growing team.

Specifically, we’re looking for a Security Engineering Lead to join the team and help us protect “Kraken”, a cloud-based energy platform for interacting with both consumers (via the web, mobile and smart-meters) and the industry (eg data flows, consumption forecasting, trading on the wholesale market). We’re an innovative and customer-focussed company, helping to drag the energy industry into the 21st century.

 

Our team

All technology is written and maintained by a multi-discipline engineering team of around thirty people. This includes server-side, client-side and mobile engineers working closely with UX experts, copywriters and designers.

We follow a Kanban-like approach, using Google docs and Trello to specify and manage work; Github, CircleCI and Terraform Enterprise as part of an immutable-infrastructure, continuous delivery pipeline; and Loggly, Sentry and Cloudwatch to measure performance and monitor production.

 

Our technology

On the server-side, we mainly use Python. Most of our websites are powered by Django and the Django-REST-framework. We also use Pandas, Numpy and Jupyter for analysis and forecasting, plus Celery, RabbitMQ, SQS and Airflow for background processing.

We use AWS heavily, employing most of the “Hashistack” (eg Packer, Consul, Terraform) as part of a continuous deployment pipeline. See, for example, Django, ELB health checks and continuous delivery.

Client-side, we use React, Redux and SASS; our mobile apps are built using React Native.

 

What you’ll do

  • Using a strong knowledge of our tech stack you will help design and help implement appropriate safe guards & controls, whilst not impeding the team environment or culture of trust.
  • Responsible for examining the external landscape to understand and mitigate any threats to our platform or business
  • Expert knowledge on appropriate security competencies and controls in order to provide assurance to the tech team and customers; such as C5 and ISO/IEC 27000-series.   (We are currently audited to an industry standard but likely to seek accreditation in one of these external standards)
  • Support our infrastructure with hands-on technical design, implementation, and management of core security platforms, and play an integral part in all information security related projects
  • You will work with developers across Kraken Technology to ensure that security is built in from the start and integrated into our CI/CD pipelines without restricting team efficiency or innovation

What you’ll have..

  • Detailed understanding of AWS and security architecture
  • Good experience with python & Django (or equiv. web framework)
  • Experience with ‘Haskistack’ as part of a continuous deployment pipeline (eg Packer, Consul, Terraform)
  • Have a clear understanding of modern development environments
  • Strong knowledge of C5 and ISO/IEC 27000-series

What you’ll get

  • Equity Scheme (own part of the business)
  • Pension Scheme – Employer 5% Employee 3% – you can opt to contribute more!
  • Flexible working environment
  • Cycle to Work Scheme
  • Fruit, breakfast and hot drinks
  • Weekly free Friday drinks
  • Regular social events (3 parties a year including a Summer festival)
  • Access to Hatch – Financial advice and planning for employees
  • Childcare Vouchers
  • Maternity and Paternity pay
  • Support to help with development (courses, learning, development)