Senior Security Engineer (m/w)
Your tasks:
Securing our cloud infrastructure:
Design and implement a secure architecture for our cloud infrastructure (AWS) that follows industry and IaC best practices.
Select and maintain our security tools stack.
Implement and maintain secure access to our cloud infrastructure.
Implement security monitoring tools to detect and respond to security events in real time., either through third-party tools or custom scripts.
Identity Management:
Implement an identity management solution for secure RBAC to all our infrastructure
Ensure the IAM solution strikes the right balance between automation, security, and frictionless work.
Champion secure development practices:
Educate developers on security best practices.
Conduct code reviews of Terraform scripts and high-risk segments of application code.
Vulnerability and risk assessments:
Conduct regular assessments of which of our assets are at risk.
Perform penetration testing to simulate cyberattacks (or work with external parties).
Collaborate with DevOps to introduce DevSecOps best practices.
Incident Response:
Put in place comprehensive EDR tooling and continue to ensure our endpoints and infrastructure are well-protected
Develop and manage our incident response plans and related policies.
Investigate security incidents, analyze root causes, and recommend corrective actions.
Compliance, audits, and requests:
Ensure regulatory compliance from a security perspective to SoC2, ISO27001, GDPR, and HIPAA.
Help in preparing for external audits.
Help in answering security-related questions as part of procurement processes.
Cross-team collaborations:
Collaborate with anyone from top-level management to engineering, to IT on our internal security posture.
Collaborate with the product team, to help us shape the AI Security landscape.
Participate in our InfoSec research of LLM applications.
Your profile:
You are a battle-hardened security engineer with 5+ years of experience in a security role and an excellent overview of the threat landscape.
You are comfortable with Infrastructure as Code (Terraform, CloudFormation).
You are comfortable with Python (or Node.js) and Bash to develop custom scripts to automate tooling, check infrastructure configurations, and log analysis.
You have 3+ years of experience working on AWS with a solid understanding of AWS security best practices, experience with other cloud platforms is a bonus.
You have worked in a fast-growing startup or scale-up before.
Your role will be cross-functional, collaborating with top-level management, engineering, and IT, so you have to be an excellent communicator.
You’re comfortable evaluating new tools and vendors to find the right fit for our company today and where we will be in the future.
- Compliance
- Security
- Senior
- Testing
- CLOUD
- Monitoring
- Python
- Bash
- JavaScript
- IAM
- Node.js
- DevOps