Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.
As our Security Engineer, you’ll be working with the team to perform ongoing operations, administration, and development of security systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.
Required nature of experience:
- 3 years in any of: Scala, Go, Java, NodeJS/JavaScript/Typescript/Ruby
- Extensive exposure to CI/CD frameworks: (Jenkins, Code Pipeline + CodeBuild)
- AWS’ ecosystem
- AWS Well Architected Framework
- Trusted Advisor
- GuardDuty / SCP / SSM / IAM / WAF
- Container services such as ECS/EKS.
- Experience deploying auto-scaling and load-balanced Highly Available applications.
- Hands-on experience with Infrastructure-As-Code tools to automate infrastructure and deployments in AWS, preferably CloudFormation and CDK.
- Experience reviewing and evaluating development concepts to identify gaps in business processes and controls to assist in the design and documentation of the processes.
- Experience drafting and implementing security policies, security procedures, security design and implementation
- Experience with incident detection and management
The following experience/knowledge would be advantageous:
- ISO 14971 (risk management) compliance
- ISO 27032 (cybersecurity) compliance
- SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)
Skills and Knowledge (essential):
- Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design
- Familiarity with operational observability, including log aggregation, application performance monitoring, etc
- Be familiar with CI/CD pipelines and use of tools such as Github Actions..
- Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture
- Solid knowledge of IT security (FortiGate firewalls, EDR, IDS/IPS, SOAR(Rapid7), vulnerability scanning (InsightVM,) forensic and Threat Hunting)
- Understanding of Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
- Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain
- Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and ISO-27001
Desired Skills:
- Cyber security
- Scala
- Go
- Java
- NodeJS/JavaScript/Typescript/Ruby
- log aggregation
- application performance monitoring
- AWS Well Architected Framework Trusted Advisor GuardDuty / SCP / SSM / IAM / WAF Container services such as ECS/EKS.
Desired Work Experience:
- 2 to 5 years
Desired Qualification Level:
- Degree
About The Employer:
Join an award-winning medtech scale-up as a Cyber Security Engineer. This is the team who thrives on challenging Ideas, eagerly embrace feedback, and adopt practical approaches. Uphold standards while fervently pursuing goals, all while maintaining composure. This Company is in the business of examining Information, following procedures, and always thinking positively to interpreting data.