Senior Security Engineer

Your responsibilities

The Senior Security Engineer will be responsible for enhancing the organisations security posture through the development of in-house tools, particularly by leveraging Generative AI for security checks. This role involves creating and maintaining secure development guidelines and policies that align with industry standards, ensuring that these documents are practical and accessible for development teams. The engineer will design reference architectures for the Secure Software Development Life Cycle (SSDLC), integrating security best practices into the design phase of applications to mitigate potential risks. In addition, the Senior Security Engineer will focus on automating security gates within the SSDLC, identifying critical checkpoints and implementing tools that facilitate continuous security testing and validation throughout the development process. This automation will streamline workflows and enhance the overall efficiency of security measures. As a subject matter expert, the engineer will provide guidance to developers on how to design and write secure applications. This includes conducting training sessions and workshops to educate teams on secure coding practices and reviewing application designs and code to offer constructive feedback. The Senior Security Engineer will collaborate closely with cross-functional teams, fostering a culture of security awareness and ensuring that security considerations are integrated into all aspects of the development lifecycle. By staying current with industry trends and emerging threats, the engineer will continuously refine security practices and tools to address evolving challenges in the security landscape.

Our requirements

• Understanding of DevOps Principles: Familiarity the DevOps culture, practices, and tools that promote collaboration between development and operations teams. This includes knowledge of Agile methodologies, continuous integration, continuous delivery, and the importance of feedback loops.
• Demonstrated Experience in CI/CD Tools: Proven ability to implement and manage Continuous Integration and Continuous Deployment (CI/CD) pipelines using tools such as Jenkins, GitLab CI, CircleCI, or GitHub Actions. This includes automating build, test, and deployment processes while integrating security checks and practices throughout the pipeline.
• Infrastructure as Code (IaC): Experience with IaC tools (e.g., Terraform, AWS CloudFormation) and understanding how to secure infrastructure deployments. This includes writing and managing infrastructure configurations in a version-controlled manner.
• Containerization: Proficiency in container technologies such as Docker and orchestration tools Kubernetes. Understanding best practices for securing containerised applications and managing container lifecycles.
• Logging and Monitoring: Knowledge of logging and monitoring tools (e.g., ELK Stack, Splunk, Prometheus) to ensure visibility into application performance and security. Ability to set up alerts and dashboards to monitor security events and system health.
• Development Skills: Proficiency in programming languages such as C# or Java, with a requirement to write code in these languages. Understanding secure coding practices and the ability to write and review code with security considerations in mind.
• Security Best Practices: Familiarity with security frameworks and best practices (e.g., OWASP Top Ten) to identify and mitigate security vulnerabilities throughout the development lifecycle.
• Cloud Security: Understanding of cloud service models (IaaS, PaaS, SaaS) and security considerations for cloud environments (AWS, Azure, GCP).
• Collaboration and Communication: Ability to work effectively with cross-functional teams, including developers, operations, and security personnel, ensuring clear communication and shared goals.
• Problem-Solving: Strong analytical and critical thinking skills to identify, assess, and resolve security issues efficiently.
• Adaptability: Ability to quickly learn and adapt to new tools, technologies, and processes in a fast-paced and evolving environment.
• Attention to Detail: A keen eye for detail to identify potential security flaws and vulnerabilities, ensuring thoroughness in security assessments.
• Continuous Learning: A commitment to staying updated on the latest security trends, threats, and technologies, actively seeking opportunities for professional development.
• Team Player: Willingness to collaborate, share knowledge, support team members to foster a culture of security and mutual growth.

What we offer

• Employment in a stable company with an established position in the market.
• Possibility to work within fast growing world’s 500 Fortune digital infrastructure company.
• Challenging job in a dynamic, professional, international and multicultural environment.
• Possibility to participate in company sponsored trainings package.
• Employee Assistance Program – assess to free counselling legal and financial consultations and crisis intervention.
• Paid employee referral program.
• Opportunity to work in supportive, inclusive environment with People-Centric Culture.
• Competitive salary and yearly bonus as well as a well-defined career path shaped to the individuals career focus & priorities
• Attractive benefits package.