DevSecOps Specialist at Luno

About us:

Luno is the crypto investment app you can rely on, enabling you to buy, store and explore crypto securely. We’re committed to putting the power of cryptocurrency in everyone's hands sensibly and responsibly.

Since 2013, we’ve helped millions of people around the world invest safely in crypto. We do this by cutting through the hype and supporting customers at every step of the way. All products and cryptocurrencies on our platform must first meet stringent legal, risk and technical security standards. 

Transparency is key for us. Luno stores all crypto on a 1:1 basis and we have rigorous processes in place so you can be confident your investment is secure. We’re available in more than 40 countries around the world and we work closely with respective regulators in all of these markets to be fully compliant, as we believe this is the best way to help everyone, everywhere, invest safely.

About the team:

The Cloud Security team at Luno is responsible for identifying security threats and improvement areas within our Cloud-hosted resources, and ensuring that we both strive to implement best practices everywhere and detect any deviations. This team works closely with Engineering and IT Operations to ensure the best security practices are followed in both areas of the business. 

The role in a nutshell:

The main focus of this role will be to shift left with security and to aid in the empowerment of engineers in becoming application security champions. This includes using a specialised skill set to design and automate continuous security testing at all pre-deployment stages (where applicable), enable the measurement (and performance) of threat reduction at said stages and work closely with the Agile Delivery team, Backend and Mobile engineers, SREs and other Security resources to achieve our joint vision of making Luno the safest and most trusted cryptocurrency company in the world.

Your mission will be:

• Support and consult with product and engineering teams in the area of application security, including threat modelling and AppSec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support and assist in managing our bug bounty program.
• Author, share and contribute to documentation on application security processes, tooling and other resources to ensure collaboration and transparency within your own team and throughout the greater organisation. 
• Design and implement continuous application security testing mechanisms to aid in assessing our security posture and furthermore, drive down the number of vulnerabilities and threats in our environment.
• Inform, support and empower our software engineers to strive towards becoming more vigilant, aware and capable secure coding practitioners. This includes developing structured and unstructured engagements such as, targeted and general training, one-on-one and one-to-many coaching/information sharing sessions and general enquiry handling around application security.

A little about you:

• Experience in vulnerability management and enhancing and/or contributing to the security within application source code.
• Experience in securing CI/CD pipelines on Cloud platforms. Ideally AWS with the AWS Developer Associate certification being advantageous
• Deep understanding of security best practices on technologies mentioned above
• Team player, willing to pitch in wherever needed
• Keen interest in application security and vulnerability management
• Understanding of the Software Development Lifecycle
• Basic development or scripting experience and skills. Golang, Python, JavaScript, and Java/Kotlin are preferred.
• Familiarity with some common security libraries, frameworks and tools (e.g. static analysis tools, proxying/penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).

Don’t be put off if you don’t tick all of the boxes – they’re a guide based on what we’d love to see but we appreciate that excellent candidates have diverse backgrounds. We value attitude above aptitude. With the right mindset, you can empower yourself.

Life at Luno:

• Remote but reachable work policy gives you the freedom to choose between working from home or the office.
• Plus the option to buy and sell up to 5 days leave
• Improve body and mind, with excellent private medical insurance
• Access to Learnably and our additional learning platforms for your personal and professional development
• 6 months primary care-giver leave
• Paw-ternity leave for your furry friend
• Annual Inspiration Day in addition to your annual leave which increases based on your length of service! 
• A collaborative, friendly work community, with regular social events and virtual cooking, dancing, drawing and house planting classes hosted by our Lunauts
• Free lunch and snacks
• 0 fees up to a certain amount with Luno from the day you start.*

*Offer only available on Luno Instant Buy, not Luno Exchange

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

#LI-DNI