When the hack on Moonpig, the popular gift card site, was revealed this morning, it didn’t take too long for web sleuths to uncover a somewhat embarrassing online advert for, err, security staff at the somewhat embarrassed online retailer.
“This is an exciting opportunity to join the growing IT function at Moonpig. We are looking for a versatile Security Officer with strong web-orientated skills, alongside a proven track-record managing an e-commerce focused security programme at a senior, consultative level,” burbles the advert.
“The challenge is multi-channel. Our websites are developing fast and will soon be fully responsive to tablet and mobile devices. In addition we already have over 1.5 million downloads of our app.
“The role requires the ability to collaborate with development and operational areas of IT to ensure secure coding and operational practices are maintained and constantly improved upon. This is with a view towards Moonpig’s ongoing commitment to adhere to PCI DSS standards and other associated security requirements and industry best practices,” it continues.
An ability to answer emails from security professionals highlighting glaring security shortcomings would probably also be an advantage, although the mention of the PCI DSS payment security standards is also interesting, in view of the common complaint that organisations only pay lip-service to them.
However, it’s good to know that the team at Moonpig is “talented”. The advert continues: “The Security Officer will be tasked with producing, maintaining and helping to implement security policies affecting both corporate and consumer components of Moonpig’s IT landscape. Previous, active engagement with PCI DSS QSA’s and external ASV and Penetration Testing vendors is an expectation.
“You will have a strong understanding of web-based technology, network and systems administration – with the ability to draw from this knowledge when identifying issues and formulating plans, policies and remediation work that may be required to ensure the security of application platforms at Moonpig.”
It concludes: “Keeping up with industry InfoSec developments and technologies, and demonstrating the positive business impact of secure working practices are a critical part of the role.”
Anyone interested in this exciting role should email Michelle Flynn at Moonpig before the advert is taken down. Errrrr. Oh.