Explore roles
Description
Hybrid requirements: 3 days per week in the office.
Application questions:
Are you a British citizen? If you are not a British citizen, please state your current visa status.
Do you currently require visa sponsorship?
Will you require visa sponsorship in the future?
What are your salary expectations for this position? Please state your gross, annual salary expectations in GBP.
Please inform us of your notice period.
Aurora Energy Research is based in Oxford and currently we are benefiting from a hybrid working model, working three days from the office and two days from home, as per our policy. Would you be open working in a hybrid basis?
May we consider your application for a different role within Aurora Energy Research?
Are you ready to raise the bar on cyber security and contribute to making our flagship products cyber resilient?
We are looking for a Security Engineer to join our Information Security team at our inclusive and beautiful Oxford headquarters. You will be working across software engineering, modelling, and data science bringing your full self, including your security knowledge and expertise to the business.
As a Security Engineer at Aurora Energy Research, you will enable our colleagues to improve our secure software development lifecycle, ensure secure operational practices, and support compliance. You have a curious mindset, thrive in collaboration, and are passionate about new technology. You are solution oriented and focus on getting smart ideas into the hands of your colleagues. You enjoy working simultaneously on various initiatives and moving between teams.
You will become part of a top-notch information security team who love solving difficult problems. By joining our Information Security team, you will be part of something big and meaningful: help protect our brand and our company so that we can continue to provide vital support to the global energy transformation.
Key Responsibilities
Cultivate security culture. Work with colleagues in internal technology, be the security champion that strives to prioritize sustainable controls and drives real risk reduction outcomes.
Build secure products. Ensure security is considered throughout the product and software development life cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
Ensure we are deploying solutions into a secure environment. Ensure we build solutions in alignment with our control requirements. Support on-going business-as-usual and champion vulnerability management. Provide internal security consultancy and lead on audit engagements, risk activities and project initiatives. Work closely with colleagues to ensure effective technology risk management.
Work together. Collaborate and work with product and engineering teams. Help to solve problems and not just calling out issues. Take ownership of operational duties. Operate across the business to create alignment with security objectives.
Ensure security thought leadership. Keep up on security best practice and be a continuous learner. Guide and define our security policies, procedures, and standards end-to-end, be recognized as a point of escalation and subject matter expert for software and data risk.
What we are looking for
Required qualifications, capabilities, and skills:
Degree in a computer science related subject or comparable working experience related to the role.
Working knowledge of best-practices for securing micro-service architectures.
Working knowledge of modern secure SDLC practices with a focus on embedding security into CI/CD pipelines.
Working experience of the above concepts in the context of at least one major public cloud provider (AWS, GCP, or Azure).
Understanding of global security standards (like SOC2 or ISO 27001) and regulatory requirements and experience in maintaining compliance with these.
A desire to teach others and share knowledge. We want you to coach other team members on secure coding practices, design principles, and implementation patterns.
Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly.
Ability to see the long term. We don’t want you to sacrifice the future for the present.
Clarity of thought. We operate quickly and efficiently, and we value people who are economical with their time and clear with their opinions.
Desirable qualifications, capabilities, and skills:
Experience in a software engineering role, ideally with focus on security.
Working knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS).
Understanding of security vulnerabilities and remediation options in codebases & containers.
Working knowledge of methods for authentication and authorization (ODIC, OAuth 2, FIDO 2, etc)
What we offer
Some of the benefits we include are:
Private Medical Insurance
Dental Insurance
Parental Support
Salary-Exchange Pension
Employee Assistance Programme (EAP)
Local Oxford Discounts
Cycle-to-work Scheme
Flu Jabs
At Aurora we will consider all requests for flexible working. For most roles, the following types of flexibility are usually possible: a hybrid model of remote and in-office working and flexible start and finish times. Please talk to us during the interview about the flexibility we could offer and we will be happy to explore the best available option for you.
The Company is committed to the principle that no employee or job applicant shall receive unfavourable treatment on grounds of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage or civil partnership, pregnancy and maternity.
The successful candidate would start as soon as possible. The team will review applications as they are received. Salary will be competitive with experience.
To apply, please submit your Résumé / CV, a personal summary, your salary expectations and please inform us of your notice period.
Culture overview
Our culture is entrepreneurial, dynamic, and progressive. Underpinned by strongly-held values and based on a passionate commitment to independent research, we always strive to go to the next level in our analysis and service for our clients.
Our values speak to our mindset, our approach, and our direction. As a company, we thrive on open feedback, and we take on a trial-and-error approach to achieve rapid progress in building great things.
With this, we take our work very seriously, but we maintain a friendly and laid-back atmosphere in the office where you can go over and have a conversation with anyone in the company. Despite our successes, we have a long journey ahead to fulfil our potential.
A rapidly growing organisation creates unique and powerful development opportunities for our team, so we are always looking at what’s next!
We want to hear from you if you:
-> thrive in a fast-moving, collaborative environment.
-> love to discover and pursue new paths to improvement. -> are devoted to securing great results with an international team.
-> are driven to achieve positive change in global energy.
Employee benefits
Cycle To Work
Enhanced parental leave
Enhanced sick leave
Flexible Working
Free Food
Laptop
Learning/Development days
Pension
Wellbeing Programme
Office vibe
Clubs & Meetups
Free Coffee
Friday Drinks
Open Plan
Social Events
Team Building Days
Location
Leadership
Stuart Tricklebank
Director Software Engineering
Engineering principles
Continuous delivery
Refactoring
Unit testing
Company tech stack
