Head of Application Security

London, England, United Kingdom · Technology expand job description ↓


Role - Head of Application Security

Location - London, Paris, Valencia or Munich

Company- Photobox

About the Security team at Photobox

We operate transparently and work at pace to match the speed of delivery in technology teams across our business. Our guiding principles are: protect our customers and their experience with our products, hack ourselves first, and collaborate to maximise productivity.

We run a bit of a different structure to most teams, and we’re looking for new team members who can help us evolve and improve in how we operate, and how we integrate with business and technology teams to scale effectively. We have six ‘Heads of’ functions (AppSec, Risk, Detect, Fix, Engineering/Cloud and Operations) and we operate a lean and flexible team model of 6 full time team members and between 10-15 experts supporting us remotely at any given time.

You can have a read on our blog about what we’re up to and how we’re thinking. Most of our team are also on Twitter, so feel free to seek us out and say hello. We share a lot of stuff because we believe open sourcing ideas helps the industry evolve. We are heavily involved in the Open Security Summit, and we run a number of events over the year with our friends in Security teams at other Internet companies.

About the role

  • Be the driving force behind threat modelling, running our Security Champions network and unblocking issues
  • Work with multiple tech teams (from software to platform engineering teams) to discover issues and get fixes into sprints
  • Be the ‘go to’ expert on securing apps across our technology platforms (which range from legacy apps to running Kubernetes clusters in production)
  • Advise on risk assessment, application design, secure development and testing, engaging with everyone from developers to C-level execs
  • Manage code reviews, write application security standards, and select / make the business case for tech we need
  • Do some hacking (if that’s what’s needed) to discover issues in applications or APIs
  • Build automation into review, fix and validation stages of a continuous delivery pipeline

P.S We don’t expect you to be able to do everything listed above. We have a learning environment in the team for skills development, so don’t let this put you off if you think you might not be ‘senior enough’ (whatever that means!)

About the business, our tech journey and current projects

Photobox Group is the umbrella for a number of businesses in the UK, Amsterdam, France, Germany, Spain and France - some of which have been around since the early days of the Internet. All our businesses focus on giving our customers the ability to make magic moments, whether by creating gifts or personal mementos of memories and experiences for those closest to them. Our operations span from e-commerce cloud platforms to physical printing factories. They all operate as separate business entities, so as a Security team we operate like a Services Business to tailor what we deliver to their needs.

We’re on a fast and exciting technology transformation journey (one of our projects is codenamed Rollercoaster!) We’re not just changing parts of our technology stack; we’re in the process of completely re-building it. We’ve just migrated 10 Petabytes of data to AWS in record breaking time (hear our Chief Architect, Chris Astal, talk about it on this Photobox AWS Case Study), and we work very closely with AWS, who have changed their product roadmap several times to help us meet our targets! This means you’ll be working for a firm at the cutting edge of building and scaling e-commerce in the Cloud.


About you

You love working in a fast-moving, innovative environment that’s not constrained by loads of governance, and where everyone operates with a bias for action. You enjoy helping lots of different technical teams (from data engineering to front end UX) find the right approach for their situation. And, because you’ve seen the consequences (and probably the failures) of ‘best practice’, you’re not afraid to try out new things, (even if they might not work out first time round).

You’re looking to join a company that’s already made a great start in turning secure application development into business as usual, and has all the foundations you need to take us to the next level. You have a ton of ideas you can add into the mix, and you’re looking to put your creativity and problem solving skills to use.

Here is our CISO blog post on his Dream Head of Application Security candidate. If this is you, please apply now!

Things we’ll ask you to tell us about in the interview

  • What is your hands on development background in application engineering and architecture?
  • What are your stakeholder management and influencing skills like and what are some examples you can give us of success, failure, and what you learne?
  • What are the playbooks or frameworks you use for developer training and secure coding curriculum development?
  • How hands on can you get with AppSec testing, exploiting vulns, deploying and using technologies and creating secure app dev workflows that work with teams using agile processes?
  • What technology environments are you at home in and what’s your experience in AWS


A taste of what to expect as part of the team

Our awesome new home in Clerkenwell - Herbal House - is a real ‘wow’ moment. It reflects our drive and ambition to make even more moments real for our customers; With loads of natural light, spaces to collaborate that support our ways of working plus great neighbourhood bars & restaurants we’re proud to call it home Regular socials, engagement activities, drinks, treats and plenty more – and you can be as involved in as little or as much as you’d like

  • We’re open & honest, actively listening to employee feedback to help us in our goal to become an Awesome place to work
  • Together we have shedloads of ambition and actively support each other to hit our goals and drive the business forward
  • All sorts of Learning & Development support, including a dedicated budget per team. We’re also launching exciting new development tools in 2018
  • 25 day Annual leave (excluding Bank Holidays)
  • Private Medical Insurance
  • Private Dental plan
  • Contributory pension scheme
  • Family Care
  • Life Assurance that pays out x4 salary
  • Eye Care Vouchers
  • Interest free travel loan
  • Cycle2Work scheme
  • Employee Assistant Program
  • Generous credit to spend on our products (varies per brand)
  • Referral scheme


Since Photobox was founded in 2000 we've worked obsessively to simplify the printing and personalising of digital photos online. From humble origins (a first day's sale of just £2.70 - albeit to a customer we're proud to still serve today) Photobox has grown to become the European market-leader in photo-based products serving millions of customers a year in over ten markets.

Whether it's personalised canvases, calendars, mugs, jigsaws, phone covers, or our classic photo books, Photobox has a wide range of products perfect for every occasion.

We understand special moments deserved to be cherished that's why we treat every order as if it's our own. From births to birthdays, holidays to honeymoons, Christmas to Valentine's Day and everything in between, our teams focus on the delivery of a brilliant end to end experience from the digital journey through to high quality products arriving into our customers hands.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Personal information
Your Profile
Application Details