Information Security Engineer

Summary

Join our cybersecurity team as a Security Engineer and enhance our security posture. You will implement, configure, and maintain security solutions, providing technical guidance across departments. Ideal candidates possess experience securing various environments (internal products, third-party apps, cloud, virtualization, containers) and conducting security assessments. You'll review code, educate teams, and communicate security risks effectively. This role involves collaboration with diverse teams and requires strong communication skills. We offer a hybrid/remote work arrangement with flexible hours and various benefits.

Requirements

• Hands-on experience with security solutions such as SIEM, AV/EDR, DLP, IDS/IPS, IAM, WAF, and cloud security services (AWS, Azure, GCP)
• Knowledge of how vulnerabilities impact containers and virtualization environments
• Experience conducting security code reviews and identifying vulnerabilities in modern programming languages
• Strong understanding of cloud security principles, IAM hardening, and secure CI/CD pipeline practices
• Past experience in performing penetration tests, vulnerability assessments, and risk analysis
• Knowledge of OWASP Top 10, MITRE ATT&CK, and secure development practices
• Ability to assess third-party software and cloud services for security risks
• Experience working with cross-functional teams, including developers, IT, business, and executives and able to present complex security topics to non-technical stakeholders in a clear and concise manner
• Strong ability to document findings, write technical security guidelines, and create training materials

Responsibilities

• Assist infrastructure teams in deploying, configuring, and maintaining security solutions such as SIEM, EDR/AV, DLP, IDS/IPS, WAF, IAM, and cloud security tools
• Ensure seamless integration of security tools across the company and assess third-party integrations and vendor solutions for security risks
• Tune and optimize security monitoring solutions to reduce false positives and enhance detection capabilities
• Act as a security advisor for developers, DevOps, IT, business teams, and other stakeholders, ensuring security best practices are integrated into their workflows
• Conduct security code reviews for internal applications and third-party solutions
• Perform security assessments on virtualization environments, containers, cloud platforms, APIs, and network architectures
• Identify and mitigate vulnerabilities related to OWASP Top 10, misconfigurations, insecure integrations, and emerging threats
• Work closely with engineering teams to remediate identified security risks efficiently
• Assist in developing and delivering security awareness training for employees
• Train development and infrastructure teams on secure coding practices, security automation, and vulnerability mitigation techniques
• Stay up to date with current threats, vulnerabilities, and attack techniques
• Help the company improve its security posture and ensure compliance with industry standards (ISO 27001)
• Clearly communicate technical security findings to non-technical stakeholders, leadership, or regulatory bodies
• Document PoCs (Proof of Concepts) and security tests effectively

Preferred Qualifications

Google Professional Cloud Security Engineer, AWS Security, Azure Security, or Container Security certifications are a plus

Benefits

• Private health insurance
• Bi-Monthly company wide social and team building activities
• Hybrid & Remote work arrangements
• Flexible working hours
• Daily paid meal
• Training and Development opportunities