Scratch Financial · Apr 17th 2019
What we're building
Scratchpay provides pet parents with simple friendly payment plans. We help pet parents to provide the care their pets need, easing the financial barrier. We are growing fast in the veterinary space and Veterinarian, Pet owners and pets across the US and Canada love us! Come help us help more pets!
About the position
This position is about building the Scratchpay's ecosystem and securing it. It is about providing pet parents and clinics with the payment solution they need and working really hard in the background to protect their data, without them even worrying about it. It's about giving the business what it needs to grow safely, smoothly, and with as little surprises as possible when it comes to data and operational cyber security.
It's also about working with the engineering and operational teams to research, design, implement, deploy and maintain the best tools and practices there are to achieve our goal and mission and train all teams to make the best of it.
This is about pushing the edge of what has been done in Finance and Lending to build a scalable platform that can serve all-the-pets. However many (but the more the merrier). This is about working with a brilliant team that's been growing from 0 to 1 in 3 years and that is helping pets in all states in the US and Canada.
This job is for you if you recognize yourself in this:
I am a good mind
I can think for myself
I am critical of myself and others
I am always respectful
I ask questions when needed
I can understand the boundaries but have a lot of fun within them
I take my work seriously and never let down people
I work hard because I want to do the best that I can right now
I always observe and reflect on how to do better tomorrow
I like animals
I want everyone to be and feel safe
Ideal Location: Europe (Portugal / Mid/Eastern Europe)
Ideal Experience: 3-5+ years
Ideal Background: Security consultant or working in Cyber Security at a Security Start-up, Financial start-up or data provider company
Bachelor’s degree in IT security or similar competency, with CISSP, CISA, CIS strongly preferred
Experience in the IT Field with at least 3 years emphasis on security
Experience planning, researching, and developing security policies, standards, and procedures
Experience developing and managing Business Continuity, Disaster Recovery, and Incident Response Plans and associated training programs
Experience with Next Gen security design and management
Solid network knowledge focusing on security
IDS monitoring and management including building necessary reports and alerts
Proficient in auditing and testing security
Implement advanced network threat protection tools
Manage IDS/IPS, SIEM, and EPP
Assist with Security Information and Event Management implementation
Assist with all security issues
Assist with web security gateway/internet proxy implementation and tuning
Research security issues, 0-day attacks and vulnerabilities and define remediation plans through risk ranking and scoring
Analyze threat intelligence, and serve as a SME for enterprise security operations
Monitor all security logs and events
Generate daily, weekly and quarterly reports that will be presented to manager
Create, implement and work in collaboration with the teams (DevOps, SysOps, Engineering, Operations) new initiative using security best practices
Perform internal pen-test and phishing attacks and trainings, coordinate quarterly independent pentesting
Mitigate security lapses found by external security company during vulnerability assessments and pen-tests and train users on security aspects in regard to any necessary IT security topic.
How to know if you are a good fit?
++ = strongly desirable
! = required
!! = strongly required
Devotion to quality (!!)
Creating Support (+)
Listening Skills (!)
Providing Feedback (!)
Social Skills (+)
Personal Development (!)
Willingness to change (!)
Analysing and forming opinions (!!)
Helicopter View (+)
Situational Awareness (!)
Strategic Insight (!!)
In other words, you will have to:
Understand the position of others is critical. It is necessary to navigate through communication, mitigation and the culture
Yet know when to raise a point or ask for a clarification or escalate a potential issue
Speak your mind and expect others to. Engage in respectful and mindful conflict. Quality > quantity;
Know your stuff and know what you don't know;
Understand that no one is perfect but everyone can learn if they chose so. Be humble enough to know your weaknesses. Be open minded and hard working enough to be able to fix them;
Take constructive critics;
Ask yourself "how to know if I'm wrong?". You may not, but not challenging your thinking is unhealthy. We challenge each other a lot @Scratchpay;
We care about the human aspect of work and we expect others to. Excellence is also an important keyword @ Scratchpay. While everyone makes mistakes, we learn from them. We are conscious about efficiency and effectiveness in the positive way. We don't do things that bring low-to-no value short or long term. We also do hard things that bring a lot of value. Quality, attention to detail and respect are some of the traits you must have and expect others to have.
We are a team of dedicated, hard working, friendly individuals
We move fast, sometimes break things with measure, we give a second chance
We give constructive feedback, we challenge each other
We are open-minded and we care for each other
Everyone is striving towards excellence. Mediocrity isn't our cup of tea. But we always work hard to help those that are willing to get there!
Everything goes fast and the ultimate goal is to move the business fast. There can be disconnects in the communication at times. We all need to navigate through this and push whenever it is critical to do so.
We are open-minded but things need to be moving forward.
We say what we have to. So expect to hear some unpleasant - but true - things sometimes. Don't hesitate to argue back - with respect - if you disagree.
Like any startup, It can be a mess some days. You also will likely have to do things that aren't in your scope sometimes. Part of the fun, right? ;)
The most important is: We are always looking at improving. All the time, step by step. If you feel mediocre and don't see a path to improvement or can't listen to others' voice to, please do not apply.