Senior Security Engineer

Here at Anaplan, we have reinvented how companies see, plan, and run their businesses. Our platform allows our customers to uncover new insights, connect their strategy to their plans, and work in ways they had not previously thought possible. We’re growing fast, constantly innovating, and couldn’t be prouder to help our customers move forward with confidence in a sophisticated and changing world.

We are looking for forward-thinking people who put customer experience at the forefront of every decision. Individuals who thrive on challenges and are ready to grasp the opportunity of a lifetime. Because we fundamentally believe every colleague brings outstanding value to our whole. We are a workplace where each person feels seen, heard, and valued, and can contribute their unique talent to our collective effort. We believe that for ourselves and for our customers.

Anaplan is looking for a tenacious Senior Security Engineer to join the Infrastructure Security Team in the UK. You'll have the opportunity to support the Chief Information Security Officer, helping secure our Platform and Infrastructure. A key function of your role will be to to help drive down risk by identifying vulnerabilities across all areas of our environment. A vulnerability is any weakness in an IT system that can be exploited by an attacker to deliver a successful attack. As such the scope of this role is broad and targets vulnerabilities wherever they may be found, from configuration errors in the cloud, to outdated OS packages, to penetration tests findings and risky dependencies in containerised applications. You will not be an expert in all these fields, but you will be able to assess risk with a security best practices mindset and then prioritise response activities accordingly.

You will leverage multiple threat sources and tooling to identify these risks, including, but not limited to, cloud security posture management, cloud workload protection, OS level vulnerability scanning, web application scanning, penetration testing, vulnerability scanning within a CI/CD pipeline, IaC scanning and so on. You’ll work with the rest of the Security organisation in helping to secure our delivery pipeline and embed security into our methodology by designing and deploying controls to detect threats and vulnerabilities in our on-premise and public cloud infrastructure, as well as protecting our end users and corporate IT infrastructure.

Your Impact 

• Identify, assess risk and impact, prioritise vulnerability findings, and coordinate vulnerability remediation with service and application teams
• Evaluate penetration test findings and engage appropriate stakeholders and articulate the risk to Anaplan and align on a remediation strategy
• Managing, reviewing, maintaining, improving and monitoring existing vulnerability management tooling
• Translate and implement relevant security standards/policies in restrictive environments (CIS/PCI/FedRAMP)
• Identify and mitigate risks, vulnerabilities, and security gaps, ensuring the confidentiality, integrity, and availability of systems
• Provide subject matter expertise within a number of key cloud security domains
• Collaborate with cross-functional teams to design, implement, and maintain secure cloud architectures and solutions
• Implement and manage security tooling and solutions to enhance the security posture of containerised applications and the underlying Kubernetes infrastructure
• As a member of the Infrastructure Security team you will also be involved in managing existing security tooling, including but not limited to, endpoint security, email security, network security and web application firewalls (WAF), both on-premise and in the cloud.

Preferred Skills

• Experience with Cloud Security Posture Management (CSPM) and cloud workload protection in multi-cloud environments
• Experience deploying and managing security infrastructure using Terraform
• Clear and demonstrable understanding of how to assess the actual risk posed by a vulnerability finding, taken in terms of impact, likelihood, mitigating controls and the environment in which it’s found
• Excellent communication skills and the ability to engage stakeholders at all levels within an organisation
• You will possess strong technical skills and capabilities in technical writing, security architecture, technology implementation and information security standards frameworks.
• Making informed decisions and/or consolidate appropriate information to support informed decision making and strategic direction will come naturally to you too
• You will be a highly organised individual, able to manage multiple work-streams and comfortable collaborating with cross-functional teams in your day to day activities

Nice to Have

• Experience securing Infrastructure as Code (IaC)
• Ability to automate tasks and interface with APIs using scripting languages like Python, Ruby or Go
• Experience with Web Application Firewalls
• Experience with CI/CD tooling, e.g. Jenkins or Harness
• Experience leading security driven initiatives within a large enterprise environment

Our Commitment to Diversity and Inclusion

Build your job in a place that thrives on diversity, inclusion, and belonging. We believe in maintaining a hiring and working experience in which all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your true self to work every day!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.

Fraud Recruitment Disclaimer:

It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondences, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcement is to obtain privileged information from individuals. 

Anaplan does not:

1. Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person. 
2. Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible, and then followed up via written communication.

All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to [email protected] before taking any further action in relation to the correspondence.