Senior Cyber Security Engineer
Remote,
Atlan
Atlan is an active metadata platform for modern data teams, that helps them discover, understand, trust, and collaborate on data assets.What you will do?
- Be the subject matter expert for Information Security matters. Implement and manage security best practices that bolster the security posture of the organization.
- Identify security gaps, explore and Identify open source or 3rd party solutions that address the security gaps, and prove the ROI for each solution with a strong business use case.
- Partner with GRC engineers in driving cyber security initiatives covering : Cloud Security, Application Security, Endpoint Security, Data Security, Email Security etc
- inline with frameworks like SOC 2, ISO 27001, GDPR, NIST, and other data privacy and cybersecurity frameworks.
- Partner with GRC engineers in risk assessments and developing relevant policies, procedures, and guidelines for security compliance and support in security audits for various standards and client questionnaires. Vulnerability Management :
- Develop internal capabilities to identify vulnerabilities, misconfigurations, and violations of best practices using Vulnerability Assessments, Penetration Testing, Threat Modelling, Security Review /Audits etc.
- Develop and maintain vulnerability management processes and procedures to streamline the identification, reporting, and resolution of security vulnerabilities.
- Manage VAPT partner(s) and collaborate with cross-functional teams to ensure that vulnerabilities are remediated in the defined SLA.
- Create dashboard/reports to communicate the performance of various security initiatives to the entire org such as External VAPT, Secret Scanning, SCA, SAST, DAST, and Internal VAPT.
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. SOC :
- Use data/logs collected from a variety of tools (e.g Audit logs, access control logs EDR, identity provider, MDM, SaaS platforms, AWS, GCP, Azure, WAF, Application Logs, etc) to analyze, identify and mitigate potential threats/anomalies.
- Build response workflows and actions that auto-resolve false positives, enabling engineers to focus on relevant threats.
- Develop and automate security workflows, playbooks, and tools to improve the efficiency and effectiveness of security operations. Policy as a Code:
- Drive the implementation of Policy as Code methodologies to automate and enforce security policies throughout the organization. Shift Left Security:
- Advocate and identify Shift Left Security practices to embed security into the early stages of the development lifecycle.
- Partner with Cloud Infra and IT team in implementing shift left security practices, such as :
- Embedding security practices in SDLC & Cloud infrastructure.
- Embedding the GRC team approvals/reviews in day-to-day processes to enable better governance. Security Incident Management :
- Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats.
- Carry out digital forensics as part of security incident investigation.
- Ensure that engineering teams understand the impact of an incident and derive corrective and preventive actions for themselves. Security Training:
- Drive the security mindset across the organization in partnership with the GRC team.
- Create awareness/training content that forces engineering teams to embed a security shift left approach.
What makes you a match
- 5+ years of relevant industry experience in a security engineering or cloud infrastructure security team.
- Strong coding proficiency in Python /Go/ Shell etc.
- Strong technical knowledge of security principles and technologies such as, firewalls, IDS/IPS, DLP, Encryption, SIEM, UEBA, EDR, SOAR, Threat Intelligence, Web Proxy/Content Filtering, Active Directory, and PKI.
- Experience with industry standards and frameworks such as CVE, CVSS, NIST, SANS 25 and OWASP.
- Experience deploying solutions for monitoring of security best practices in cloud resources, CI/CD pipelines and Kubernetes platforms.
- Familiarity with infrastructure as code tools (Terraform, CloudFormation, etc)
- Familiarity with more than one cloud vendor (AWS, GCP, Azure).
- Ability to work alongside a remote team, using a data-driven mindset to propose and own engineering decisions.
- Bachelor’s degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CEH, Security+).
- Proven experience working in a Security Operations Center (SOC) environment with a focus on vulnerability management.
- Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks in a fast-paced environment.
- Strong attention to detail and a commitment to delivering high-quality results.
- Ability to work both independently and collaboratively as part of a team.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Application security Audits AWS Azure CEH CI/CD CISSP Cloud Compliance Computer Science CVSS DAST EDR Encryption Endpoint security Firewalls Forensics GCP GDPR Governance HIPAA IDS Incident response IPS ISO 27001 Kubernetes Monitoring NIST Open Source OWASP Pentesting PKI Privacy Python Risk assessment SaaS SANS SAST SDLC SIEM SOAR SOC SOC 2 Terraform Threat intelligence Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs