Permanent - Full Time
Who we are:
Airwallex is one of the most exciting and well-capitalised fintech start-ups. We have built an end-to-end cross-border payments platform that allows businesses of all size to scale in the increasingly global marketplace. Our solutions enable businesses to manage their cross-border flows programmatically at the lowest costs possible.
Backed by industry icons including DST Global, Tencent, Mastercard, Sequoia Capital China, Hillhouse, Square Peg Capital, Gobi Partners and Horizon Ventures, we have raised over US$200 million with a valuation in excess of $1B which makes us one of Australia's Tech Unicorns.
Headquartered in Hong Kong, we have 8 global offices across China, Australia, Singapore, London and San Francisco.
Airwallex is seeking qualified Security Engineer to join our innovative, high-energy team. The Security Engineer will respond to security events, conduct technical analysis and response to threats such as malware and intrusion attempts, and provide security services to protect highly sensitive data like customer information. They work hands-on with monitoring and detection systems and vulnerability analysis tools to respond to potential threats to Airwallex systems. The Security Engineer is going to be a unique individual prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.
1. Implement and review controls to protect Airwallex data and systems;
- Enduser security - user and access management review process assurance and platform hardening for different cloud SaaS (e.g. Google Gsuite, Slack, Email security, Data Loss Protection).
- Endpoint security - security baseline hardening for OS. Antivirus and ransomware protection maintenance. Context-aware access management fine tuning. Network gateway hardening. Office information assets hardening.
- Platforms - vulnerability management. Security baseline for IaaS and PaaS sitting in GCP, AWS and Alibaba Cloud.
- Customers - security posture improvement on identity and access management for customers.
2. Provide front-line response to detection systems and alarms; Investigate targeted attacks, intrusion attempts, and vulnerabilities;
- Continuously assess logs to detect anomalous behaviours. Lead the technical aspects of an incident response to ensure they are communicated in a manner that allows for a timely and effective response.
- Perform periodic vulnerability scanning on Iaas and PaaS environments. Coordination of 3rd party performed penetration tests. Assess log of events for investigation.
3. Evangelize security within Airwallex and be an advocate for customer trust;
- Always adopt a risk-based approach to all IS related solutions to allow the business units to manage security and optimise investments.
4. Drive continuous improvement of response capabilities.
- Promotion of constant process improvement: do more with less.
Who you are:
- You love being on the front line of defence - Providing response to detection systems and alarms;
- You are an investigator - you look into targeted attacks, intrusion attempts, and vulnerabilities;
- You are proactive - Working with software development teams to assess risk, fix security issues, and provide policy guidance;
- You are a security evangelist - being the voice for Airwallex and advocating for customer trust;
- You have the constant need for improvement- you implement, then review controls to protect Airwallex data and systems and are always driving improvement of response capabilities.
Skills and Experience you will bring:
- BA/BS in a related discipline with at least five years of experience in a related role;
- Security certifications (1 or more): CISSP, CCSP, SSCP, GSEC, GIAC GISP;
- 3 years experience in a senior security engineer role;
- Experience triaging security alerts and incident response;
- Experience with network and computer security and web protocols;
- Knowledge of network, system, and web application attacks and mitigations;
- Strong verbal and written communication skills;
Bonus points for:
- Experience with GCP, Amazon Web Services and Alibaba Cloud;
- Experience with G Suite administration;
- Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support.
- Proficiency in at least one high-level coding language.
· Collaborative open office space
· PlayStation and Table Tennis for when you want to unwind
· Fully stocked kitchen (Snacks, fruits, beers, you name it!)
· Regular team building events
· Freedom to be creative
· Casual work environment
· Fast and agile team where your voice will be heard