Senior Information Security Engineer

Summary

Join Sardine, a leader in fraud prevention and AML compliance, as a highly motivated Information Security Engineer. You will play a critical role in protecting our infrastructure by building, maintaining, and operating security systems. This role involves managing security tools, responding to incidents, ensuring PCI compliance, and managing vulnerabilities. You will also conduct penetration testing, define audit logging requirements, perform threat modeling, and review system architecture. The position offers a remote-first work culture and a competitive compensation package. Sardine values performance over hours worked and fosters a flexible work environment.

Requirements

• 7+ years of hands-on experience in an information security or cybersecurity role
• Demonstrated experience with PCI DSS standards, controls, and audit processes
• Strong knowledge of vulnerability management principles and experience with tools like Nessus, Qualys, or OpenVAS
• Proven experience in security operations, including hands-on experience with SIEM, EDR, and other security monitoring tools
• Solid understanding of network security principles (e.g., firewalls, VPNs, IDS/IPS) and TCP/IP networking
• Experience securing cloud environments such as AWS and GCP
• Familiarity with incident response frameworks and experience handling security incidents
• Proficiency in at least one scripting language (e.g., Python, Bash, PowerShell) for automation and analysis
• Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders

Responsibilities

• Security Operations: Day-to-day management of security tools and systems; monitor security alerts, triage events, and escalate as necessary
• Incident Response & Forensics: Act as a key member of the incident response team, leading technical investigation, containment, and eradication of security incidents. Conduct forensic analysis as needed
• PCI Compliance: Drive and maintain our PCI DSS compliance program, working with auditors and internal teams to ensure all requirements are met
• Vulnerability Management: Manage the lifecycle of vulnerabilities from discovery to remediation, utilizing scanning tools, prioritizing risks, and tracking patching efforts
• Security Control Testing: Design and execute tests to validate the effectiveness of security controls and recommend improvements
• Penetration Testing: Coordinate and/or perform penetration tests against applications, infrastructure, and networks to identify security weaknesses
• Audit & Logging: Define audit logging requirements across our technology stack and conduct regular reviews of logs to detect anomalous or malicious activity
• Threat Modeling: Proactively identify and assess threats to our applications and infrastructure by building and maintaining threat models
• Secure Configuration: Develop and enforce security configuration standards and baselines for servers, cloud services, and endpoints
• Architectural Review: Partner with engineering teams to review system architecture and new features, providing security guidance and ensuring secure-by-design principles are followed

Benefits

• Generous compensation in cash and equity
• Early exercise for all options, including pre-vested
• Work from anywhere: Remote-first Culture
• Flexible paid time off, Year-end break, Self care days off
• Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific
• 4% matching in 401k / RRSP - US and Canada specific
• MacBook Pro delivered to your door
• One-time stipend to set up a home office — desk, chair, screen, etc
• Monthly meal stipend
• Monthly social meet-up stipend
• Annual health and wellness stipend
• Annual Learning stipend
• Unlimited access to an expert financial advisory