Company:
Runna
Location: London
Closing Date: 08/11/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Cloud Security Engineer
We're putting together a talented team to build the #1 training platform for Runners
We help everyday runners become outstanding by providing world-class training, coaching and community for everyone, whether you're improving your 5k time or training for your first marathon. To date we have built iOS, Android and Apple watch apps that help people achieve their goals by coaching them through the full journey and syncing to their favourite fitness devices.
We’re growing extremely fast and in November 2023 closed a new £5M funding round led by JamJar with participation from Eka Ventures, Venrex and Creator Ventures. We want to grow as fast as we can into the future and are looking for individuals who will help us get there. For more about our background and growth check out our Careers Page !
We’re now looking ahead to the future and the people who want to help us build and scale Runna. Our aim is to reach millions of subscribers in the next 5 years and be the go-to training platform for any runner. Now is a magical time to join, we're still small, and everyone makes a foundational difference.
Who we’re looking for
We are looking for a talented, creative, and proactive Security Engineer to join our highly skilled cross-functional engineering team and take ownership of security across the entire organisation. As the first security engineer, you’ll lead efforts to ensure our cloud infrastructure, applications, and internal processes meet the highest security standards. You’ll work closely with the engineering, product, and leadership teams to establish a strong security culture while also ensuring compliance with relevant regulations.
You will partner with our CTO and founders to shape the future of security at Runna and play a critical role in safeguarding our product as we scale. As our first dedicated security hire, you’ll have the freedom and support to build a security roadmap from the ground up.
As a Security Engineer, your role will include:
Lead the effort to secure our cloud infrastructure, ensuring secure deployments, access controls, and robust incident response strategies.
Establish security monitoring and alerting to detect, respond to, and mitigate potential threats in real-time.
Own and drive compliance initiatives (such as GDPR, Cyber essentials) to ensure our organisation meets the required standards.
Implement and enforce best practices for encryption, identity and access management (IAM), and network security across the platform.
Partner with product, engineering, and business teams to ensure security is embedded in all stages of development and product lifecycle.
Create and manage a bug bounty program to incentivise external researchers to identify and report security vulnerabilities.
Educate and train the wider team on security best practices, fostering a security-first mindset across the organisation.
Stay ahead of emerging threats and technologies, ensuring we adopt the latest tools and practices to maintain a secure environment.
Collaborate with external security firms for audits, penetration testing, and other assessments to validate our security posture.
What experience we’re looking for
If you don’t quite meet all of the below skills, we’d still love to hear from you as we might be able to tweak the role slightly or offer you a position better suited for you. You can apply directly below or contact us if you’re still unsure.
Your key experience:
3+ years in a Security Engineering role or similar
2+ years working with cloud infrastructure (preferably AWS) or as a platform engineer
You’ve led the development and implementation of key security projects
Experience with security frameworks, policies, and compliance standards (e.g., SOC 2, GDPR, ISO 27001)
Familiarity with penetration testing, vulnerability assessments, and incident response gained through practical experience
Your key skills:
Experience with securing cloud infrastructure, ideally within AWS (e.g., VPC, IAM, Security Groups, CloudTrail, GuardDuty).
Experience with encryption, key management, and identity and access management (IAM).
Hands-on experience with infrastructure as code tools (e.g., CloudFormation, Terraform) and CI/CD pipelines.
Experience with security monitoring and observability tools (e.g., AWS CloudWatch, Aikido, Datadog).
A pragmatic mindset, with excellent communication and collaboration skills
Able to work within a highly-skilled engineering team in a fast-paced, iterative environment
Bonus points if you:
Have implemented or managed a bug bounty program.
Have experience with serverless architectures
Are familiar with DevSecOps principles and integrating security into the CI/CD pipeline.
Have a strong interest in health/fitness technologies or have worked in a similar tech environment.
Our tech stack
Below you can find a small reflection of our current tech stack:
Frontend:
React Native (iOS and Android)
Typescript
GraphQL (Apollo Client)
Fastlane
SwiftUI (Apple Watch)
Maestro E2E tests
Backend:
Serverless (AWS)
Lambdas (NodeJS & Python)
AWS AppSync
DynamoDB, S3, SQS, SNS, EventBridge, SageMaker
Postman API tests
All the other good stuff:
Sentry
GitHub Actions
Intercom, Mixpanel
RevenueCat
App Store Connect / Play Store
Figma
Cloud Security Engineer Interview Process
Our aim is to keep the interview process as straightforward and enjoyable as possible, and will consist of the following stages:
Kick off! (apply below)
Please let us know if there’s anything we can do to better accommodate you throughout the interview process - this can be from scheduling interviews around childcare commitments to accessibility requirements. We want you to show your best self in the process ❤️
Introductory chat (25-minute video call)
50 min technical interview
Once the process is finished, we promise to let you know our decision as soon as possible.
Share this job
Runna
Useful Links