Skilled and proactive Information Security Engineer to lead the development, implementation, and governance of security practices across our global enterprise. This role is pivotal in managing risks of information assets. The engineer will collaborate closely with cross-functional teams, including developers, to integrate security into the software development lifecycle, conduct code reviews, and manage DevSecOps tools. The ideal candidate will also drive cloud security initiatives and ensure compliance with industry standards and regulatory requirements.
*This role will be hybrid in either the San Jose, Costa Rica office OR Gurgaon, India - Candor Tech Space IT office.
RESPONSIBILITIES
- Lead and support information security projects including planning, execution, documentation, and reporting.
- Collaborate with development teams to embed security into the software development lifecycle, including secure coding practices and code reviews.
- Provide oversight and strategic guidance in the design, implementation, and continuous improvement of DevSecOps tooling and secure development pipelines.
- Provide oversight and strategic guidance in the design, implementation, and continuous improvement of DevSecOps tooling and secure development pipelines.
-
Conduct risk assessments, develop mitigation strategies, and track remediation efforts.
Ensure compliance with security frameworks and regulations such as NIST, ISO 27001, SOX, and PCI DSS.
-
Design and implement security controls for cloud platforms including AWS and Azure
Perform threat modeling and vulnerability assessments to identify and mitigate risks.
-
Communicate security risks and recommendations effectively to both technical and non-technical stakeholders.
TRAVEL REQUIRMENTS :
Domestic Travel: 25% International Travel: 25%
MINIMUM REQUIREMENTS
EDUCATION: Bachelor's FIELD OF STUDY: Computer Science, Information Systems, or Information Security
EXPERIENCE: Minimum 5 years in Information Security Architecture, Engineering, or Auditing
KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES:
- Strong understanding of security countermeasures for web applications, networks, databases, IT systems, and cloud environments
- Hands-on experience with cloud security architecture and controls in AWS and Azure
- Proficiency in managing and tuning DevSecOps tools and CI/CD security integrations
- Knowledge of security frameworks such as NIST 800-53, ISO 27001, and CIS Controls
- Experience in threat modeling, cryptography, and application security
- Ability to conduct secure code reviews and provide actionable feedback to developers
- Excellent communication, collaboration, and project management skills
- Ability to lead projects and provide direction to junior staff
- Ability to complete day-to-day activities independently
- Ability to articulate complex security concepts to diverse audiences
- Strong attention-to-detail
- Working knowledge of securing cloud environments (AWS/Azure/GCP)
PREFERRED QUALIFICATIONS
EDUCATION: Master's or Advanced FIELD OF STUDY: Computer Science, Information Systems, or Information Security
EXPERIENCE: Minimum 7 years in Information Security Architecture, Engineering, or Auditing
CERTIFICATION(S): CISSP, CCSP, AWS/Azure Security, CEH, OSCP, CISA, or equivalent
KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES:
- Strong understanding of security countermeasures for web applications, networks, databases, IT systems, and cloud environments.
- Hands-on experience with cloud security architecture and controls in AWS and Azure
- Proficiency in managing and tuning DevSecOps tools and CI/CD security integrations
- Knowledge of security frameworks such as, NIST CSF, NIST 800-53, ISO 27001, and CIS Controls
- Experience in threat modeling, cryptography, and application security
- Ability to conduct secure code reviews and provide actionable feedback to developers
- Excellent communication, collaboration, and project management skills
- Ability to articulate complex security concepts to diverse audiences
- Ability to lead projects and provide direction to junior staff
- Ability to complete day-to-day activities independently
- Strong attention-to-detail
- Working knowledge of securing cloud environments (AWS/Azure/GCP)
- Knowledge and experience of application penetration testing
- Application development background
