Senior Security Engineer
York, United Kingdom
AnaplanSee, plan and lead on finance, supply chain, and sales strategies that drive business performance using the Anaplan connected planning platform.
Here at Anaplan, we have reinvented how companies see, plan, and run their businesses. Our platform allows our customers to uncover new insights, connect their strategy to their plans, and work in ways they had not previously thought possible. We’re growing fast, constantly innovating, and couldn’t be prouder to help our customers move forward with confidence in a sophisticated and changing world.
We are looking for forward-thinking people who put customer experience at the forefront of every decision. Individuals who thrive on challenges and are ready to grasp the opportunity of a lifetime. Because we fundamentally believe every colleague brings outstanding value to our whole. We are a workplace where each person feels seen, heard, and valued, and can contribute their unique talent to our collective effort. We believe that for ourselves and for our customers.
Anaplan is looking for a tenacious Senior Security Engineer to join the Infrastructure Security Team in the UK. You'll have the opportunity to support the Chief Information Security Officer, helping secure our Platform and Infrastructure. A key function of your role will be to to help drive down risk by identifying vulnerabilities across all areas of our environment. A vulnerability is any weakness in an IT system that can be exploited by an attacker to deliver a successful attack. As such the scope of this role is broad and targets vulnerabilities wherever they may be found, from configuration errors in the cloud, to outdated OS packages, to penetration tests findings and risky dependencies in containerised applications. You will not be an expert in all these fields, but you will be able to assess risk with a security best practices mindset and then prioritise response activities accordingly.
You will leverage multiple threat sources and tooling to identify these risks, including, but not limited to, cloud security posture management, cloud workload protection, OS level vulnerability scanning, web application scanning, penetration testing, vulnerability scanning within a CI/CD pipeline, IaC scanning and so on. You’ll work with the rest of the Security organisation in helping to secure our delivery pipeline and embed security into our methodology by designing and deploying controls to detect threats and vulnerabilities in our on-premise and public cloud infrastructure, as well as protecting our end users and corporate IT infrastructure.
- Identify, assess risk and impact, prioritise vulnerability findings, and coordinate vulnerability remediation with service and application teams
- Evaluate penetration test findings and engage appropriate stakeholders and articulate the risk to Anaplan and align on a remediation strategy
- Managing, reviewing, maintaining, improving and monitoring existing vulnerability management tooling
- Translate and implement relevant security standards/policies in restrictive environments (CIS/PCI/FedRAMP)
- Identify and mitigate risks, vulnerabilities, and security gaps, ensuring the confidentiality, integrity, and availability of systems
- Provide subject matter expertise within a number of key cloud security domains
- Collaborate with cross-functional teams to design, implement, and maintain secure cloud architectures and solutions
- Implement and manage security tooling and solutions to enhance the security posture of containerised applications and the underlying Kubernetes infrastructure
- As a member of the Infrastructure Security team you will also be involved in managing existing security tooling, including but not limited to, endpoint security, email security, network security and web application firewalls (WAF), both on-premise and in the cloud.
- Experience with Cloud Security Posture Management (CSPM) and cloud workload protection in multi-cloud environments
- Experience deploying and managing security infrastructure using Terraform
- Clear and demonstrable understanding of how to assess the actual risk posed by a vulnerability finding, taken in terms of impact, likelihood, mitigating controls and the environment in which it’s found
- Excellent communication skills and the ability to engage stakeholders at all levels within an organisation
- You will possess strong technical skills and capabilities in technical writing, security architecture, technology implementation and information security standards frameworks.
- Making informed decisions and/or consolidate appropriate information to support informed decision making and strategic direction will come naturally to you too
- You will be a highly organised individual, able to manage multiple work-streams and comfortable collaborating with cross-functional teams in your day to day activities
Nice to Have
- Experience securing Infrastructure as Code (IaC)
- Ability to automate tasks and interface with APIs using scripting languages like Python, Ruby or Go
- Experience with Web Application Firewalls
- Experience with CI/CD tooling, e.g. Jenkins or Harness
- Experience leading security driven initiatives within a large enterprise environment
Our Commitment to Diversity and Inclusion
Build your job in a place that thrives on diversity, inclusion, and belonging. We believe in maintaining a hiring and working experience in which all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your true self to work every day!
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.
Fraud Recruitment Disclaimer:
It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondences, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcement is to obtain privileged information from individuals.
Anaplan does not:
- Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.
- Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible, and then followed up via written communication.
All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to firstname.lastname@example.org before taking any further action in relation to the correspondence.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs CI/CD Cloud Endpoint security FedRAMP Firewalls IT infrastructure Kubernetes Monitoring Network security Pentesting Python Ruby Scripting Strategy Terraform Vulnerabilities Vulnerability management
More jobs like this
Communications House,, Staines-Upon-Thames, United … Communications House,, Staines-Upon-Thames, United Kingdom Full TimeSenior Senior-levelUSD 135K - 220K * USD 135K+ *
Mobile Security Engineer - CertificationAndroid Banking C Finance Industrial Linux +7
Competitive pay Flex hours Gear Home office stipend Salary bonus
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs