Trainline is the leading independent rail and coach travel platform selling rail and coach tickets to millions of travellers worldwide. Via our highly rated website and mobile app, people can seamlessly search, book and manage their journeys all in one place. We bring together millions of routes, fares and journey times from 260 rail and coach carriers across 45 countries. We offer our customers the best price for their journey and smart, real time travel information on the go. Our aim is to make rail and coach travel easier and more accessible, encouraging people to make more environmentally sustainable travel choices.
Introducing the Security Team
The security team works closely with development and operations to build security into applications and support processes. We provide assurance in the application lifecycle in various areas, including; design reviews, supporting automated code scanning, performing targeted application vulnerability assessments, and ethical hacking across systems.
We are responsible for the security of all channels which collectively bring in over £3.2 billion in ticket sales every year. That means at peak times over 300 people per minute are booking Trains.
As an Application Security Engineer at Trainline, you will...
- Join a highly innovative team that ensures the ongoing security of multichannel operations covering ecommerce, mobile and customer services,
- Be responsible for driving security improvement from design through delivery and into operations.
- Take the lead on finding technical solutions - drawing on your previous knowledge, self-learning and formal training.
- Be responsible for helping to implement, maintain and administer security toolsets used in the software development process.
- Be expected to approve security-based change requests.
- Helping to embed security in the development and operational lifecycle, and showing continued security value by presenting risk from the customer and business perspective
- perform threat modelling exercises for critical changes
- Ensuring teams have what they need to deliver secure code and applications including the skills, tools and training
- Static and dynamic security testing including code review and manual penetration testing
- Act as security evangelist and ‘mentor’ to the business and development teams
We'd love to hear from you if you have...
· Excellent skills in penetration testing of web or mobile applications
· Experience working with external pen testers and/or acting as a primary contact for their testing
· Solid and demonstrable comprehension of cyber and information security including secure coding, security in the SDLC, hacking techniques and the evolving threat landscape
· Experience or working knowledge of a variety of SAST, DAST and SCA security tools
· Experience with threat modelling
· Experience with web application firewalls and Akamai
· Working knowledge of infrastructure security scanning software
· Working knowledge of secure development practices such as OWASP and BSIMM
· Knowledge of software security standards such as the BSIMM
· Knowledge of current information security standards and regulations such as PCI DSS, ISO27000 series, and GDPR.
Source : Trainline