Full time Remote
Our client is looking to hire an experienced security professional to join their growing engineering team.
This position directly involves leading information and cyber security efforts, including the implementation and maintenance of security policies, organization of certification efforts, definition and execution of security procedures and plans, implementation of vulnerability scans and more.
- Maintain and refine company security policies.
- Implement the security strategy as defined in relevant company policies.
- Organize and complete security-related certification by implementing necessary security practices and coordinating with auditors and advisers.
- Create and maintain lists and plans dictated by security policies as well as implement workflows for their execution. This would include incident response plans, disaster recovery plans, risk assessment reports, etc.
- Organize and and execute periodic security audits and tests required by security policies. This would include security training, disaster recovery simulation, business continuity simulation, audits of access rights, etc.
- Set up systems for vulnerability scans across our organization and ensure found issues are addressed.
- Implement a transparent system for elevating and decreasing access privileges of employees as required by security policies.
- Track and audit third party services used by the company.
- Participate in customer support in relation to any security-related customer needs and enquiries.
- Help with onboarding and offboarding tasks related to account setup, permissions, workstation configuration, etc.
- Advise engineering teams on security-related architectural decisions.
- Coordinate with the marketing team around security-related content (blog posts, website, webinars, etc.).
- Report directly to CTO.
The Candidate Should Ideally:
- Have 3+ years of experience in information security, cyber security, software engineering, information technology auditing, or other related information technology field.
- Have extensive knowledge of current cybersecurity technologies as well as emerging capabilities.
- Have a deep understanding of information security engineering and design concepts, best practices, security solutions, and methodologies for risk management.
- Be familiar with current information security compliance standards such as SOC 2, HIPAA ISO27001, FISMA, etc.
- Have prior experience with AWS and Docker containerization technologies.
- Be familiar with software development processes and tools.
- Have good communication skills and a good command of English for writing documentation, communication with customers and occasional blog posts.
- Work independently and have a high sense of responsibility.
- A remote-first focus that allows you to set up working hours that best fit your daily routine.
- A family-friendly work environment.
- Room for personal and professional development through the encouragement of learning and experimenting.
- The time to help you improve upon your personal goals (through regular 1on1s and mentoring).
- Post-COVID, two planned company events during the year (for example, in Croatia, Italy, Spain, Greece, and Vienna).
- Working with a motivated team that enables you to do your best.
- A generous vacation policy of five weeks, plus an additional allowance for conferences.
- A comprehensive onboarding process to get you up to speed.