Information Security Engineering Specialist

We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments.

In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas cloud security; infrastructure security; and/or data security.

You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe.

• Define security policies that can be used to improve our cloud, infrastructure or data security posture.
• Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps.
• Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes.
• Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks.
• Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments.

• Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization.
• Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments.
• Firm foundation of information and cyber security principles and standard processes.
• Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus.
• Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.)
• Exposure/experience with full stack development.
• Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration).
• Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc.
• Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX)
• Continuous learning and improvement approach.

This position is a hybrid of office/remote working