Information Security Engineer at Zwift
London, GB

Who we are:

Zwift is a digital destination for fitness enthusiasts that are redefining indoor exercise. We took the boring indoor routine and game-ified it, by developing an at-home training experience that connects cyclists and runners with each other around the world. We’re on a mission to make more people, more active, more often.

Launched from the sunny beaches of Long Beach, CA with offices in NYC, London, Rio de Janeiro, Tokyo, and Melbourne, the Zwift community is active in 195 countries (yup - more countries than the United Nations) and growing. We’re endlessly positive, relentlessly inventive, and always looking to improve…wanna join?

About the team:

The Zwift InfoSec Team is responsible for the security and availability of all services offered by Zwift, as well as providing security support for teams leveraging those services. The Zwift InfoSec team works with service teams to design and build secure solutions, participate and coordinate cross-organization security initiatives, and solve security challenges at scale. This is an exciting and visible role – you will directly influence the security postures for Zwift products and services.

Responsibilities Include:

    Work with Engineering teams across Zwift to provide scalable vulnerability management and assessment procedures and provide application security reviews.
    Advise and consult internal customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
    Collaborate with Engineering teams across Zwift to build secure and scalable containerized architectures in the cloud.
    Implement information security controls and patterns that support risk assessments and the development of secure architectures.
    Collaborate with engineering teams to drive product roadmaps, by providing security requirements that map security controls to service features.
    Identify and mitigate risks throughout our corporate and production environments.
    Provide continuous technical support and escalation management for security related issues throughout Zwift.
    Identify opportunities for process improvement, including the development and implementation of internal security tools, tactics, and procedures.
    Provide security awareness training and outreach to internal development teams.
    Provide security guidance documentation.
    Help define and measure key performance metrics for the team.


Who we’re seeking:

The Zwift InfoSec Team is looking for a Security Engineer to help build and grow security operations within acquired service teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. This individual will lead security due diligence efforts, plan security integration, and execute efforts for M&A acquisitions. The role requires partnering with key project stakeholders to define key security issues, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention. Security Engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security concepts are considered.

Successful Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and not fazed by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, the ability to influence people from customers to managers through technical solutions, and the desire to be an individual contributor to securing Zwift’s platform and system/services technology.

What we’re looking for:

    Bachelor's Degree in Computer Science or a related field (or 5 years equivalent experience)
    Minimum of 2+ years of progressive security architecture experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.
    2+ years of application security experience designing, building or testing web and API-based architectures.
    2+ or more years of related experience in Information Security, Cybersecurity, Identity and Access Management (IAM) and/or Information Technology to include accountability for complex tasks and/or projects.
    2+ years of experience working with stakeholders across many functions.

    2+ years of experience in Security Engineering, DevOps or IT Operations roles, strong familiarity with the principles of DevOps and Agile development.
    2+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).
    Understanding of security vulnerabilities, attacker exploit techniques and methods for remediation of such.
    Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.) is a strong plus.
    Excellent understanding of docker and container orchestration with kubernetes and experience running production kubernetes clusters in Amazon EKS, Google GKE, or similar managed platform.
    Experience implementing and leveraging centralized logging and monitoring solutions such as elasticsearch, kibana, fluentd, influxdb, grafana, pagerduty, etc.
    Experience communicating technical concepts to a non-technical audience.
    Prior working experience in or with a Software Development Team is a plus.
    Demonstrated experience in areas such as system security, network, and/or application security experience.
    Understanding of best practices in one or more security engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
    Experience developing and interpreting security compliance standards and guidance.
    Scripting skills (e.g., Python, Go, JS, C, C++, Java, Ruby, or PowerShell)
    Socially confident with good organization, communication and presentation skills.
    Self-starter with good analytical skills and a proactive approach to problem-solving
    Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.

Top Five Reasons Why We Think You’ll Love It Here

    Great Employee Fitness Program… earn a bike or other fitness equipment!
    Amazing office location on the 18th floor with a killer view
    Competitive Benefits (including Medical, Dental, and Vision)
    Awesome team of diverse individuals who solve complex technology problems at scale and love what they do
    Did we mention that we ride bikes at work and run at work?