We Got POP Ltd: Security Developer at We Got POP Ltd () (allows remote)

Posted: May 13, 2021

Be part of the magic of the silver screen with POP as a Security Developer


Location: London or Remote UK (must be UK based)


We Got POP is part of the magic behind productions like Star Wars, The Avengers and Wonder Woman, as well as an extensive list of high-end TV drama series. We work to provide a smarter, fairer future to the entertainment industry. And we have a lot of fun doing it!


This is a brand new role for us and represents the start of our journey into automating compliance, security monitoring and auditing. We currently use a mix of third party services, consultancy, internal best practice and manual auditing but we want to be able to provide evidence of practices being implemented, tamper-proof systems, automated reports for clients and all without impact the pace and quality of our delivery of value to our clients.


You will be an important part of this journey as you will be the first person in the team to be able to work on these issues full time and will also have a chance to feed into the strategy and delivery of the key early pieces of work. We are therefore looking for someone who loves the idea of not being a security silo but collaborating effectively across the company as an advocate for security.


While there will initially be a focus on continuous delivery, infrastructure, internal auditing and training, this is not a pure operations or infrastructure role. We want someone who is excited about and capable of engaging in the entire process of value delivery via the software development process.


We are also looking for someone who wants to be very practical and hands-on. We don’t want security or compliance to be a checkbox exercise or a case of setting down rules without taking responsibility for helping fulfil them. We want someone with a “Security says Yes!” attitude who wants to help people figure how to do something securely rather than telling them they can’t do something.


What kinds of things will you do?


This is a new role so nothing is set in stone but when we are thinking about what you might be working on with us this is what is in our minds right now.



  • Implementing integration and automation routines to promote effective security operations

  • Implementing automated on and offboarding procedures and auditing based on our current manual processes

  • Implementing automated security testing to prevent regressions

  • Reviewing vulnerability scans, reviewing results and eliminating false positives

  • Developing reporting tools to provide an aggregate picture of the security situation for our whole estate

  • Researching and assessing new security technologies

    • building proof of concepts to verify potential

    • presenting back to the wider team about how new technologies could be applied



  • Supporting the development team to integrate security best practice and automation into their day to day work including training where necessary

  • Supporting the Senior Vice-President of Technology in refining and developing security plans and threat models

  • Helping respond to client requests for information and evidence

    • ideally automating and standardising where possible to minimise effort and maximise consistency




Relevant experience


We are happy to consider different routes into this role either from development, traditional security roles or operational career paths. We’re looking for someone who can have an impact quickly and bring experience that complements our own; we think you will need to have the following:



  • Experience designing and implementing secure, scaleable, resilient, highly available configurations of infrastructure components

  • Demonstrable knowledge of system security vulnerabilities and remediation techniques

  • Experience with automation of cloud deployments and developing infrastructure as code

  • Experience in simulating failure scenarios outside of production environments

  • Experience with creating low-friction IT security solutions for both technical and non-technical staff members


Key technical knowledge


We currently think that a successful candidate must have experience in the following:



  • AWS

  • Terraform or equivalent infrastructure as code tooling

  • Development pipeline automation


Desirable experience


These are not necessary to apply for the role but we may use this experience to differentiate between successful candidates.



  • Python and Javascript applications

  • Web technologies including security standards

  • Containerisation including securing and verifying containers

  • ISO and SOC certification and auditing processes

  • Security and reliability testing in production

More Information

Source: Stack Overflow


More Opportunities: