‍

Role Overview

The Security Engineer / Senior Security Engineer is a brand new position within the organization to enable security engineering capabilities. This person will contribute to the deployment and operation of technical security controls.

The goal is to take ownership of the security solution stack and be the technical security SME within the organization.

The role requires a forward-thinking individual with a strong technical background who can collaborate with software developers and DevOps engineers.

‍

Responsibilities:

• Implementation and operation of our security stack together with the technology team (SAST, DAST, ZTNA, IAM, EDR, WAF, SIEM etc.).
• Manage and perform a variety of technical assessments including source code reviews, security posture reviews, purple teaming, threat modeling etc.
• Working with Engineering teams to secure and uplift CI/CD pipelines, implement automation scripts and tools to streamline security processes and enhance the efficiency of security operations.
• Provide security opinions to the technology team to ensure security requirements are well embedded into the product development lifecycle.
• Own the vulnerability management process and provide technical guidance to other teams for risk treatment.
• Manage and own the penetration testing framework and process within the organization.

Qualifications:

• 4+ years of technical experience in IT, with at least 2 years of experience in security engineering, DevSecOps, cloud security or offensive security.
• Hands-on experience with security solutions and tools, such as WAF (Web Application Firewall), CASB (Cloud Access Security Broker), ZTNA (Zero Trust Network Access), EDR (Endpoint Detection and Response), and SIEM (Security Information and Event Management).
• Hands-on experience with AWS security services, such as GuardDuty, Inspector, CloudWatch, CloudTrail, Security Hub and IAM.
• Hold at least one of the following credentials:
  
  - ISC CISSP (Certified Information Systems Security Professional)
  
  - ISC CCSP (Certified Cloud Security Professional)
  
  - AWS Certified Security - Specialty Certification
  
  - OSCP
  
  - OSEP
  
  - CRTP
  
  - CRTE
• Hands-on experience with IaC, such as Terraform, OpenTofu and AWS Elastic Beanstalk is a must
• Experience in integrating security testing into CI/CD pipelines is preferred.
• Experience in management penetration testing framework and engagements is preferred.
• Experience in security architecture is preferred.
• Proficient in scripting with bash and / or Python.
• Previous experience in a DevOps engineering role or a software engineering role is a plus.
• Excellent problem-solving and analytical skills.
• Excellent written and verbal communication skills.
• Hands-on experience in blockchain technology is preferred