Job opening: Lead/Senior Backend Developer (python)

Permanent role, remote (We’re remote-only, but prefer +/- 3 hours GMT/BST)


Hey there. Thanks for stopping by to read our job post :)

We’re building products that help security teams manage the assessment and reporting of security issues (these come from pentesting, red teaming, auditing via frameworks, and more). Our products manage the business processes of security teams in the same way that Salesforce does for sales teams.

Based on recent growth, we’re aiming to grow the team to help us to continue to build upon and improve our core product: Canopy. If you’re looking to make a real impact on the users you write code for, you might have found your next opportunity…

About the role

The Senior Backend Engineer role will focus on improving and supporting our core product. You will be responsible for working with the team on designing and building new features, reducing technical debt, improving performance, and also supporting our clients in resolving bugs they report (although the role is not specifically client facing).

You will spend most of your time implementing pieces of larger features, which you and the rest of the team designed earlier in the release cycle.

Each major feature (or Epic) generally has a single person responsible for it, ensuring that the business requirements for the feature are correctly negotiated with the Product Owner and properly divided up into smaller items/tickets.

Our engineers are given the freedom to work on any of the open tickets for a current release, though they tend to stick to specific Epics to maintain context.

We do ensure that you’ll have the right amount of time to focus on what you’re working on - i.e. if you’re building a new feature, you won’t typically be pulled off that work to address bug reports from users (unless there’s a major incident that we all need to respond to).

Most of our day to day planning and coordination is done via our Monday and Wednesday calls, so no standups as such. If there is a blocker then it should be raised immediately in chat.

We tend to have minimal process and would rather change our process to suit everyone's needs than follow something dogmatically. People over process…

Job Description

To be clear: this is a software engineering role that focuses on backend product development, but there is opportunity for devops/frontend work. We are a small team, and sometimes people may need to assume multiple roles.

Our software stack is predominantly python/django. Experience and skill with python is one of the main attributes we look at. The more the better. Our use of django is backend only - i.e. we’re not using it to “just output HTML”. On the front-end we use react.js (typescript), so if you have experience with that too, great :)

On the database side of things, we prefer PostgreSQL, but we also support Oracle and MS SQL Server for some of our enterprise clients.

We use git. Hopefully you're already very comfortable with it too.

Our backends are designed for Linux. Being comfortable with one or more distributions would be advantageous.

Knowledge of practical security would be a real positive for us, but again, if you don’t have much experience in this area we will help you gain it.

We believe that automated tests form part of the most effective way to write quality maintainable software. As such we try to write tests for almost all code. These are then executed on our CI system, managed by Drone CI.

Let’s talk about seniority: This is a senior role. We are looking for someone with that level of experience. If you have a degree in Computer Science or similar, that’s great and we like people with those backgrounds. If you don’t, but you’ve worked on cool stuff and are a great hacker, there’s also room for you on our team. We value knowledge, (self-)education and experience. A Senior engineer would have successfully led technical projects and stuck around long enough to see the long term effects of their decisions.

As a remote company, we rely on the written word a lot. A high proficiency in both written and spoken English is preferred. We use a mixture of Google Docs and Jira for capturing requirements and defining work tasks. Email isn’t in use that much (except for some client interactions). Our daily comms are mostly via an internal messaging system, and we have two planned video calls per week (Monday and Wednesdays) for planning, and also for informal coffee chats.

What do we offer

The salary range for the position of Senior Backend Engineer is £55,000 - £66,000.

You will have 25 days of paid leave, on top of your national holidays. Non-paid time off can also be requested.

The working week is typically 40 hours. We’re happy for you to manage that in a way that works for you, although we do have an overlap on Monday-Thursday.

Hiring internationally is hard and introduces many complexities for small companies. As such, we employ people as contractors with a contract that mimics UK employment contracts. We do this as most countries do not have the concept of international employees. Even though you will be employed as a contractor, you will be very much treated as an important part of the team. When CheckSec grows to a specific size, we may look at using hiring companies like

Note: If you’d prefer to be employed by a hiring company like that, please let us know. Many of the people we’ve worked with previously have preferred to self-manage. Our people generally outsource their tax/legal responsibilities this introduces, at minimal cost.

Our interview process

To apply, please send an email to with the subject: “Afternoon tea for two” (so we know you’ve actually read this - reading is an important requirement on a remote team). A short email explaining why you’d like to chat to us, and why we might like to chat with you, would be appreciated. Feel free to include your CV/Resume, also. We prefer .txt files …

The goal of the interview process is to figure out if we’re a good fit for each other.

  • Step 0: contact us (see above)
  • Step 1: 30 minute “Afternoon tea for two” chat with Dave (getting to know you chat, for both sides)
  • Step 2: technical interview … or interviews. These tend to be discussions around relevant technologies, theoretical aspects of software engineering and involve some kind of pair programming.
  • Step 3: offer/no-offer.

FAQ - yes, there's even more info!

Here are some of the common questions that come up in the interview process, which we think we should answer up front.

Is CheckSec VC backed?

CheckSec is a bootstrapped, non-VC backed, revenue generating, cashflow positive and non-debt based #notaunicorn business. Don’t confuse that for lacking ambition. We’re just convinced that one can create a successful business that builds great products without taking external investment, or without a sales model that is disconnected from the rest of the company’s culture.

How many people work at CheckSec?

CheckSec is a small (<10 people, but growing) fully remote company.

You say remote, but will I have to come to the office?

We don’t have a main office. We're fully remote :)

So there’s *no* travel?

No, not really! We try to meet up 1-2 times a year, and some of us also attend hacker and software engineering focused conferences. In general, we don’t require travel, but there may be some travel opportunities. We also offer flexible working hours (although we do have an overlap).Currently we’re all based in a +/- 3 hour timezone, which makes having an overlap easier.

What types of clients does CheckSec work with?

Our clients range from small boutique security consultancies to some of the security teams at the largest companies you’ve heard of (and maybe some you haven’t). We’re Business-2-Business (B2B) focused.

How do you support your clients?

For external support we use Zendesk and Slack, though we generally don’t expose developers to these unless they want to be customer facing.

What is the security industry, pentesting and all that stuff?

Information security focuses on the protection of digital assets. The security industry is one of the fastest growing technology sectors. Pentesting, red teaming, security auditing and so on relate to assurance activities within the security industry. These activities help businesses identify security issues, which are then used to help improve the company’s security. If you’re not familiar with any of this, don’t worry :) We’ll help you get up to speed quickly!

About CheckSec

Note: CheckSec is an equal opportunity employer. We aim to hire the best people for each role that we can. We will never discriminate based against candidates, and aim to support each individual and nurture diverse cultures, perspectives, skills and experiences within our team

We build Canopy, a web-based end-to-end solution for managing security assessments. Canopy is to security and audit teams, what Salesforce is to sales teams. Canopy gives you the tools for tracking assessments, capturing and triaging results, and reporting as efficiently as possible. Whether you report through traditional document generation, want web-based results delivery, or need to integrate data feeds with other systems, Canopy can help you.

We're helping small boutique security teams, along with some of the largest enterprises that you've heard of, to bring efficiency, increase quality and reduce costs across their security assessment and auditing practices.

We are a bootstrapped company. No VC backing/influence. We are revenue positive. We have no debt. And we’re #notaunicorn (yet).

Would you like to work with us? Get in touch