Senior Security Engineer

US / Remote /
Engineering /
Full-time
/ Remote
Are you looking to be a part of one of the most influential companies in the blockchain industry and contribute to the crypto revolution that is changing the world?

At Metallicus, we are shaping digital money and revolutionizing the way people transact by building the decentralized financial infrastructure of the future. To date, we have launched and operate Metal Pay (digital banking and crypto wallet) and Proton SDK a distributed ledger for identity and interaction with the card and banking payments settlement layer.

We are currently looking for a multifaceted professional who is motivated to serve in a remote role. This person will perform functions of threat analysis and investigative support, supporting detection and analysis of anomalous, high-risk activity and indicators of potential insider threat activity.


Responsibilities:

    • Be the technical subject matter expert responsible for enterprise-wide cybersecurity and privacy controls to include policies, procedures & implementation, working directly with other functional and business teams to drive information protection initiatives.
    • Design, develop, test, document, deploy, and maintain the security architecture.
    • Define the requirements for tooling used to help mitigate threats. 
    • Develop and implement enterprise-wide SOAR (or SIEM) solutionMonitor, filter, analyze and prioritize information security and privacy threats.
    • Assist in developing risk models; use data-driven methods to define use cases.
    • Monitor and analyze information security and privacy alerts in support of investigations as needed.
    • Identify gaps in infrastructure and work to gain visibility through logging and detection.
    • Collaborate with DevOps, Compliance and Operations team to handle and improve detection, monitor and response of security and privacy issues.
    • Collaborate with Incident Response (IR) to identify and enhance data leakage controls in response to incidents.
    • Produce and maintain team dashboards/metrics.
    • Ensure metrics are complete and accurate, and findings are documented in our case management database.
    • Develop playbooks to improve internal security and privacy processes and information sharing across teams.
    • Produce written analysis and visual presentation of findings. 
    • Communicate findings to all levels of the management team.
    • Respond to requests for ad-hoc reporting and research topics from leadership, as required.
    • Support audit responses as necessary including pen test or regulatory compliance audit.
    • Help CISO and head of engineering manage strategic enterprise-wide security and privacy initiatives.
Requirements:
7+ years (10+ years preferred) in cybersecurity operations experience, including development and operations of SIEM or SOAR, incident response, pen testing and cyber risk assessment.
Knowledge in cloud security, specifically AWS.
Must have some knowledge of Terraform 1.x provisioning to AWS and other providers or must be willing to learn infrastructure-as-code, using Terraform and Open Policy Agent. 
Must have knowledge of Git Flow.
Knowledge of HashiCorp Vault Enterprise and secret management processes is preferred.
Experience communicating technical security concerns and issues to non-technical audiences.
Experience in the Financial Service industry is preferred.
Experience in Blockchain security is a plus.  
Must be able to maintain confidentiality and use discretion and good judgment at all times.
The preferred work schedule is Pacific Standard Time, but can be flexible to other US time zones