Senior Information Security Engineer - Security Operations

Senior Information Security Engineer - Security Operations

At SumUp our vision is to be a global leader in the FinTech industry and build a world where small businesses can be successful doing what they love. To get there, we are putting together a team that is passionate about what they do, committed to one another and to our merchants.

The Information Security Team is a key component in SumUp’s Governance, Risk and Compliance (GRC) team. Our SumUp offices in Europe are hiring for a Senior Information Security Engineer.

As an experienced Security Engineer, you will be part of the Security Operations (SecOps) team, working with the Platform and other tribes to ensure adequate security measures are applied and capabilities built to support necessary security logging, monitoring and alerting. You will also have the ability to impact the overall security posture by introducing and promoting AWS Security best practices and support Platform teams to design for Security, Privacy and Compliance.

Responsibilities - What you will do:

• Act as a subject matter expert in cloud security, designing secure patterns for the configuration and consumption of cloud infrastructure
• Design, implement and maintain secured cloud security technologies to achieve security and compliance objectives (GuardDuty, Config, Security Hub, Inspector etc)
• Review architectural designs for new cloud infrastructure building in security controls
• Communicating and collaborating with engineering to embed and adjust patterns as required to help drive adoption
• Automating of security process flows to ensure security our cloud-native distributed system architecture
• Assist in developing viable governance and pragmatic guardrails to secure business processes 
• Help with building and improving threat hunting capabilities and intelligence led security operation
• Help implement security gates in pipelines and service tooling (Burp, pipelines, SecurityHub)
• Collaborate and lead on continuous improvement efforts across different areas (i.e. incident response, log analysis, tooling development, risk assessment etc.)
• Incident Response (on-call rotation)
• Deliver security awareness training sessions
• Willing to travel as required.

Experience required - You’ll be great for this positon if:

• 4+ years in an information security cloud engineering related position, like DevOps, ProdSec or SecOps Engineering
• Experience with AWS cloud security tools, network security, application security, compliance / hardening, security analytics, vulnerability management, security operations, etc.
• Experience with On-Call rotation incident response
• Familiarity with major compliance frameworks including PCI, NIST, ISO, GDR and AWS Security Best Practices
• AWS Security Specialty Certification
• Fluent in English

Why SumUp?.

• Be a part of a truly global team: SumUppers come from over 50 different countries around the world! (The GRC Team has nearly 80 members over 3 continents).
• You’ll work in an amazing agile team environment that values passion and purpose to achieve incredible results.
• You’ll have access to rewarding compensation and benefits. 
• You’ll have the freedom to drive your career, own projects, and make an impact across the company. 
• You’ll enjoy flexible hours – we don’t micromanage. You have freedom to align with your team if you want to work remotely or take a few days off.

SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by Company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.

#LI-PD1

Job Application Tip

We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.