Senior Security Engineer

Summary

Join Envato's Security Operations team as a Senior Security Engineer, leading the organization's IT infrastructure, application, and data security efforts. Reporting to the Senior IT Operations & Technology Experience Manager, you will optimize SIEM rules, lead incident responses, oversee SaaS security configurations, manage endpoint and network security, perform security audits and risk assessments, and collaborate with vendors. This role requires 5+ years of experience in IT security or cybersecurity engineering and proficiency with SIEM tools and SOC operations. Envato offers a flexible work environment, competitive benefits, and opportunities for professional development.

Requirements

• 5+ years of experience in IT security or cybersecurity engineering
• Proficiency with SIEM tools (Sumo Logic) and SOC operations
• Hands-on experience with EDR, DLP, firewalls, VPNs, IAM, and security automation
• Familiarity with a variety of information security standards and frameworks, (e.g PCI/DSS, NIST Cybersecurity Framework, ISO27001)
• Familiarity with current and evolving international privacy obligations (e.g. Australian Privacy Principles, European Privacy principles: DPD, GDPR, EU-US-Shield..etc)
• Experience securing SaaS tools and applications

Responsibilities

• Optimise and fine-tune SIEM rules, policies, and thresholds in collaboration with the MSSP
• Lead incident response efforts, including containment, mitigation, and resolution
• Conduct post-incident analysis, forensic investigations
• Security automation (SOAR) implementation
• Monitor and investigate security alerts from EDR, DLP, and email security tools
• Oversee security configurations for SaaS applications (Google Workspace, Slack, Okta, etc.)
• Manage authentication policies and access controls within SaaS tools and IAM
• Conduct security audits and ensure SaaS tools align with compliance requirements
• Manage and secure endpoint protection (EDR), antivirus, firewalls, and VPN security
• Enforce network security best practices and assist in vulnerability management efforts
• Oversee email security configuration, phishing prevention, and spam filtering
• Perform security audits and risk assessments for systems, vendors, and applications
• Collaborate with leadership to develop and implement risk mitigation strategies, ensure PCI and SOX compliance, and maintain GDPR regulatory compliance through proactive security control monitoring
• Participate in security vendor meetings (MSSP, Crowdstrike, and others) to enhance security posture
• Stay up-to-date on industry trends, security threats, and best practices
• Be aware and accountable to your responsibilities in relation to workplace health and safety obligations

Preferred Qualifications

• Ideally experience in fast growing digital companies, requiring agile planning to manage fast growing operations
• Scripting and automation skills (Ruby, Python)
• Relevant industry certifications (CISSP, CISM, CEH, GCIH, or equivalent)

Benefits

• 30 days - Christmas Bonus
• 12 vacation days (from the first year)
• 100% holidays bonus
• Private Health Insurance (SGMM)
• 5% Grocery Coupons (With legal cap)
• 5% Savings Funds (Fondo de Ahorro)
• Internet/electricity allowance (monthly paid)
• Profit-share, Mexican entity
• Round trip tickets around Mexico to a place you haven’t been twice a year
• Unlimited ebooks
• Paid for educational courses that relate to your work
• Top line equipment
• Support the flexibility to work from anywhere
• Great benefits above the law
• Generous parental leave
• Wellness programs
• Social connection
• Learning opportunities to help you grow