Senior Cyber Security Engineer

Remote, (Anywhere)
Product & Engineering – Engineering /
Full Time /
Remote
Apply for this job
We seek a highly skilled, experienced, and self-motivated Senior Cyber Security Engineer. You will play a critical role in fortifying the security posture of Atlan, by implementing cutting-edge security best practices like Policy as Code and Shift Left Security and ensuring compliance with industry standards such as SOC 2, HIPAA, GDPR, and ISO27001.

What you will do?

    • Be the subject matter expert for Information Security matters. Implement and manage security best practices that bolster the security posture of the organization. 
    • Identify security gaps, explore and Identify open source or 3rd party solutions that address the security gaps, and prove the ROI for each solution with a strong business use case.
    • Partner with GRC engineers in driving cyber security initiatives covering : Cloud Security, Application Security, Endpoint Security, Data Security, Email Security etc
    • inline with frameworks like SOC 2, ISO 27001, GDPR, NIST, and other data privacy and cybersecurity frameworks.
    • Partner with GRC engineers in risk assessments and developing relevant policies, procedures, and guidelines for security compliance and support in security audits for various standards and client questionnaires.
      • Vulnerability Management : 
    • Develop internal capabilities to identify vulnerabilities, misconfigurations, and violations of best practices using Vulnerability Assessments, Penetration Testing, Threat Modelling, Security Review /Audits etc.
    • Develop and maintain vulnerability management processes and procedures to streamline the identification, reporting, and resolution of security vulnerabilities.
    • Manage VAPT partner(s) and collaborate with cross-functional teams to ensure that vulnerabilities are remediated in the defined SLA.
    • Create dashboard/reports to communicate the performance of various security initiatives to the entire org such as External VAPT, Secret Scanning, SCA, SAST, DAST, and Internal VAPT.
    • Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management.
      • SOC : 
    • Use data/logs collected from a variety of tools (e.g Audit logs, access control logs EDR, identity provider, MDM, SaaS platforms, AWS, GCP, Azure, WAF, Application Logs, etc) to analyze, identify and mitigate potential threats/anomalies. 
    • Build response workflows and actions that auto-resolve false positives, enabling engineers to focus on relevant threats.
    • Develop and automate security workflows, playbooks, and tools to improve the efficiency and effectiveness of security operations.
      • Policy as a Code: 
    • Drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization.
      • Shift Left Security: 
    • Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
    • Partner with Cloud Infra and IT team in implementing shift left security practices, such as :
    • Embedding security practices in SDLC & Cloud infrastructure.
    • Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance.
      • Security Incident Management : 
    • Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats.
    • Carry out digital forensics as part of security incident investigation.
    • Ensure that engineering teams understand the impact of an incident and derive corrective and preventive actions for themselves.
      • Security Training: 
    • Drive the security mindset across the organization in partnership with the GRC team.
    • Create awareness/training content that forces engineering teams to embed a security shift left approach.

What makes you a match

    • 5+ years of relevant industry experience in a security engineering or cloud infrastructure security team.
    • Strong coding proficiency in Python /Go/ Shell etc.
    • Strong technical knowledge of security principles and technologies such as, firewalls, IDS/IPS, DLP, Encryption, SIEM, UEBA, EDR, SOAR, Threat Intelligence, Web Proxy/Content Filtering, Active Directory, and PKI.
    • Experience with industry standards and frameworks such as CVE, CVSS, NIST, SANS 25 and OWASP.
    • Experience deploying solutions for monitoring of security best practices in cloud resources, CI/CD pipelines and Kubernetes platforms.
    • Familiarity with infrastructure as code tools (Terraform, CloudFormation, etc)
    • Familiarity with more than one cloud vendor (AWS, GCP, Azure).
    • Ability to work alongside a remote team, using a data-driven mindset to propose and own engineering decisions.
    • Bachelor’s degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CEH, Security+).
    • Proven experience working in a Security Operations Center (SOC) environment with a focus on vulnerability management.
    • Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks in a fast-paced environment.
    • Strong attention to detail and a commitment to delivering high-quality results.
    • Ability to work both independently and collaboratively as part of a team.
Apply for this job

Atlan Home Page

Jobs powered by Lever logo