We expect Security Engineer to:
- evaluate the security strategies and technical implementations
- gather system requirements, working together with application architects, systems engineers and CISO
- security operations, monitoring, threat analysis, alerting setup and investigation response
- discover security services offerings
- develop technical solutions and new security tools to help mitigate security vulnerabilities, automate repeatable tasks, prevent issues
- ensure compliance with security policies and guidelines
- ensure that the company knows as much as possible, as quickly as possible about security incidents
- organize regular security assessments on new and existing products to find potential vulnerabilities
- provide security guidance on new products, technologies and proposed architecture solutions
- take an active role in driving internal security and privacy initiatives
- communicate directly to software, hardware and cloud vendors on security and vulnerability-related topics
- choose, setup, configure and administer security products and tools
- analyse security alarms and prepare run books / escalation guidelines for on-duty teams
- respond and record results of security incidents, performa post-mortem analysis
- participate in new vendor/supplier on-boarding checks
- assess security policy, run audits
- work together with other teams to secure the Cloud and on-premise/datacenter deployments, setups and ongoing everyday processes
- implement hardening concept for network equipment / operating systems
- create automated security auditing and monitoring tools and enhancements
Requirements:
- experience in setup, review and analysis of security alarms
- security tools administration experience
- understanding of networking, IP addressing and Industry Security standards
- accurate and logical approach to resolving issues
- desire to learn, suggest and implement new solutions
- working on the implementation and maintenance of our security event monitoring tooling
- building our security incident management and forensics capabilities
- working with the Infrastructure team to review and manage our access controls and identity management
- running the vulnerability management tools, analysing results and applying remediations
- managing tooling to effectively detect and respond to security incidents
- evaluating the impact of current security trends, advisories, vulnerabilities
- building tooling for internal use that enable the team to operate at high speed and at scale
- performing and automating in-house network and host security testing
- managing third-party penetration tests
- acting as incident manager and running interactions with external incident response and forensics teams in the event of a major incident
- working with infrastructure teams to ensure that programmatically-driven security policies are correct
- implementing security orchestration and automation on top of existing solutions
- experience in hardening Cloud, Linux and Network concepts/approachs
- be familiar with compliance frameworks or standards (e.g. SOC2, ISO27001, GDPR)
- AWS Security Certified
- mentoring other engineers in security
- scripting/coding experience
- automation and CI/CD experience
- hands-on OS operation skills (Linux)
- good communication skills and fluent in English
We offer:
- flexible schedule
- work-from-home opportunity
- paid vacation on 22 days
- insurance coverage (for you and your children)
- partial reimbursement for fitness memberships
- meal vouchers provided
- snacks and beverages are ways available
- workspaces with modern equipment