Software Engineer - Third-Party Risk Management Platform
SupplyDIO builds security assessment software that helps organisations evaluate and manage the security posture of their suppliers and vendors. We are seeking a Software Engineer who understands that when you build tools that assess others' security, your own security, architecture, and code quality must be exemplary.
What You'll Build:
- Security questionnaire and assessment workflows used by security teams
- Risk scoring algorithms and compliance tracking systems
- Audit trails, evidence management, and reporting for security reviews
- Authentication systems (SSO, MFA) and role-based access controls
- Tools that handle sensitive security data from hundreds of organisations
Why Security Expertise Matters Here: This isn't a typical web app with some security features. You'll be building a platform that evaluates other companies' security. Our customers trust us to handle confidential security assessments, vulnerability disclosures, and compliance data. If we're not secure, we have no product.
Core Requirements:
- 2-3+ years full stack development experience
- Security-first engineering mindset - you think about threat models, attack surfaces, and data protection by default
- Framework Versatility: Solid hands-on experience with modern Full-Stack Frameworks (Next.js, Nuxt.js, etc.) or strong experience with established MVC frameworks such as Ruby on Rails, Laravel, etc.
- Database Management: Ability to design efficient and scalable data structures using both PostgreSQL (relational) and MongoDB (non-relational)
- Experience building secure web applications: authentication, authorisation, session management, input validation, rate limiting
Cloud & Infrastructure:
Cloud Services: Operational knowledge of cloud infrastructure (AWS S3, RDS, ECR, etc.)
- Docker containerisation and CI/CD (GitHub Actions or similar)
- Infrastructure as code practices
Security & Compliance:
- Understanding of RBAC (role-based access control) implementation
- Experience with OAuth, SSO, MFA/2FA implementation
- Awareness of compliance frameworks (SOC 2, ISO 27001, etc.) is valuable
- Audit logging and evidence tracking
Team & Process:
- Ability to mentor engineers and contribute to security-conscious code reviews
- Strong communication - you can explain security tradeoffs to non-technical stakeholders
- Experience in agile/sprint-based development
- Comfortable in a fast-paced startup environment
Nice to Have:
- Security Awareness: Understanding of common vulnerabilities (OWASP).
- Testing Excellence: Experience with Test-Driven Development (TDD), unit, and integration testing.
- Background Processing: Familiarity with managing asynchronous tasks and background job processing.
Job Type: Full-time
Pay: $80,000.00 – $90,000.00 per year
Work Location: In person
