Are you our new Security Engineer?

Do you want to work with securing one of the most popular websites in Norway?

FINN.no is visited by more than 2 million unique visitors every week, and our marketplace is built and run by over 180 engineers. These engineers deploy production changes to our 850+ applications running in Kubernetes on Google Cloud Platform over 1800 times per week. We move fast and have a diverse and modern technology stack, which means we have many unique security engineering challenges.

We are looking for a Security Engineer to join our growing Security Engineering team. This team works across all engineering teams in FINN, providing guidance and help in all the phases of the DevOps lifecycle. Our goal is to enable other teams to ship new features securely and fast. This can be a challenge when we have thousands of production deployments per week, and we believe in using and building tools that give us high-quality results that do not block teams. To scale this, we are looking to automate the tools we have to build security into our platform and create secure defaults so that all teams can get security wins. This means that the security engineering team is working on both securing application code and infrastructure.

Who are you?

The ideal candidate has both application security expertise and development experience. You are passionate about building secure software and infrastructure, and more importantly, you are someone who makes things happen and accepts responsibility for results. You cooperate well with others and gladly share knowledge and information, and you are skilled in understanding the needs of different groups.

What you will be up to

• Use and automate the tools we acquire, making them self-service for developers.

• Help developers understand bug classes and how they can fix them.

• Enabling secure defaults by contributing with code on tools, libraries and infrastructure.

• Run and scale security activities in our DevSecOps lifecycle, including but not limited to threat modeling, code scanning, web app scanning, threat detection.

• Run and evolve our private bug bounty program

• Follow up on reported vulnerabilities.

• Provide subject matter expertise on topics such as secure design, security controls, programming practices, encryption, web security standards.

Some of the skills we are looking for

• Good knowledge about vulnerability classes

• Strong background in software development (Our dev teams are mostly JVM/Javascript based, but we have a lot of other languages used in-house from Python, Go to Haskell)

• Experience with Kubernetes and cloud providers, preferably Google Cloud Platform.

• Deep understanding of industry security standards including but not limited to OWASP frameworks, Web security standards, Authentication and Authorization standards, and more.

• Collaborate with engineering teams and provide guidance on security topics.

Is this interesting? You can apply by sending us your CV or the URL to your LinkedIn-profile and answering the questions in the application form.

More about FINN tech and the way we work

One of FINN's absolute strengths is that we have a strong in-house engineering community, with over 30 autonomous teams.

Developers in FINN have the competitive advantage of being able to quickly launch new products, redesign their portfolio, effortlessly release to production, scale deployments up and down, watch and search logs, and make dashboards.

We probably take some things for granted in FINN, but we are proud of the fact that we do a lot of the things other companies only talk about doing, like:

• Be a 100% cloud-based company

• Running all applications in Kubernetes

• To effortlessly release 200 application changes to production every day

• Having thousands of applications communicating near real time over a pub sub bus

• “Going microservices”

• Running a private bug bounty program

Want to get a feel for the FINN vibe?

Read more about our culture and what we can offer on our careers page.

In FINN.no we believe sharing is caring, so check out presentations we have held on tech conferences like JavaZone and we share open-source code in Github.

You can also find us on social media: Instagram, Twitter, Facebook & LinkedIn and read more on our Tech Blog.

In FINN.no we believe sharing is caring, so check out presentations we have held on tech conferences like JavaZone and we share open-source code in Github.

You can also find us on social media: Instagram, Twitter, Facebook & LinkedIn and read more on our Tech Blog.

I 2021 ble FINN 21 år. På den tiden har nesten alle i Norge prøvd tjenesten vår. Hvert år tilbringer hver nordmann i snitt 30 timer på FINN, og til sammen surfer brukerne våre gjennom mer enn 15 milliarder sider. Snakk om engasjert gjeng! En jobb i FINN sikrer deg mange gode historier på fest. Det er en merkevare 96 % av Norges befolkningen kjenner til, og omdømmet vårt er et av Norges sterkeste (nesten til å bli svett av å skulle forvalte). I FINN går vi på jobb hver dag for å hjelpe folk til å ta smarte valg for seg selv og samfunnet.

FINN eies av Schibsted og våre mer enn 400 trivelige kolleger holder til i Grensen i Oslo. For tiden jobber nesten alle våre ansatte fra hjemmekontor. Vi er stolte av at FINN har blitt kåret til en av Norges beste arbeidsplasser flere år på rad i kåringen Great Place to Work. De som kjenner oss vet at vi har et sett med verdier som preger oss i alt vi gjør: SULT, PRESISJON, TAKHØYDE og HUMØR.

Vi har Tech blog!

FINN UX er på Instagram https://www.instagram.com/finnuxdesign/

For å få et nærmere innblikk i hva vi driver med, har vi delt tech lunch og UX kveld det siste året.

Tech lunch: How did we manage to get everyone onboard to migrate to cloud?

UX kveld mai 2021: Brukerreisen har blitt voksen