Senior Security Engineer, InfraSec
Israel - Tel Aviv
Forter provides new-generation fraud prevention to meet the challenges faced by modern enterprise e-commerce. Only Forter provides fully automated, real-time Decision as a Service™ fraud prevention, with approve/decline decisions backed by a 100% chargeback guarantee. The system eliminates the need for rules, scores, or manual reviews, making fraud prevention friction-free. The result is fraud prevention that is invisible to buyers and empowers merchants with increased approvals, smoother checkout, and the near elimination of false positives - meaning more sales and happier customers.
About the team
Forter has a complex set of cloud applications and infrastructure with petabytes of sensitive data flowing through numerous datastores and thousands of cloud compute instances providing logic for real-time decision making. Securing this system in a way that makes the perimeter and the internals safe from sophisticated attackers, satisfies its customers, and still provides the engineers with a smooth development experience is a world-class challenge. The Security Team’s mission is to help design secure products and features from the very start while engaging with every engineering team, as well as evaluating and overhauling everything that has been built over the years. The team also develops security features to add to Forter’s infrastructure, choosing and deploying external security tools to complement its abilities where needed.
What you'll be doing:
- Represent the Security Team as point of contact and source of knowledge in Design Review meetings across Engineering
- Perform threat analysis, define security controls and security KPIs for implementation and tracking across the organization
- Improve the company’s security standing by developing security features for use in the company’s cloud infrastructure (identity and access management, key and secret management, security monitoring, production machine access)
- Select and deploy tools from external vendors for continuous application and infrastructure security scanning, tracking, and resolution (SAST, IDS, IPS, DDoS, etc.)
You'll be expected to:
- Work very well cross-functionally, think rigorously, and make hard decisions despite tradeoffs
- Perform risk assessments and prepare recommendations for how to invest security resources
- Design, build, evangelize, and maintain security infrastructure and tools that all Forter's engineering teams will enjoy using
- Mentor engineers to design secure applications, provide design reviews
- Work in “brownfield” environments, imagining the next evolution of legacy systems alongside new ones
What you'll need:
- 6+ years of experience working with public clouds (AWS / GCP / Azure)
- Experience with complex software projects (Python / Ruby / Go / NodeJS / etc.) or infrastructure as code tools (Cloudformation / Terraform / Pulumi / etc.)
- Extensive knowledge of every layer of the stack (Hardware / OS / Network / Application / Database / Storage / etc.)
- Hold yourself and others to a high bar when working with production
- Fluent written and spoken English, excellent listening and presentation skills
- Experience leading cross-team efforts (champion an idea, get buy-in, reach widespread adoption)
We would especially love to hear if you:
- Have experience with threat modeling, performing security audits, penetration testing, and SAST tools.
- Have production experience with CNCF technologies like Kubernetes, Istio, Prometheus, Vault, Consul, etc.
- Have experience developing multi-cloud SAAS platforms.
- Contributed to open-source application security tooling or standards.
- Have experience with certification and compliance programs such as PCI-DSS, SOC II, and ISO27001.
In Forter, engineers who have founders’ mentality thrive. With many technical challenges alongside complex systems, developers get to lead and impact as much as they can and want. From leading cross-team, highly coordinated projects, to deeply technical and highly challenging, long-term projects.
We work together. It’s important for us to cultivate the team mindset and know that people care about our well-being and are there to help when needed. We try as best as we can to keep office politics outside.
We don’t have QA, we don’t have Architects (“CTO team”), we don’t have a NOC or SOC team. We look at our team as part of the system that we build, so we optimize the process and tools to fit our team. Most of our team has a generalist mindset, but our system is vast and we have people developing expertise in areas they are passionate about.
We are big believers in having Skin in the game as a way of setting the alignment of incentives to build things right, and picking boring technology as we respect the complexity of our system and business.
At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company.
Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law.
Explore more Information Security career opportunities
- Open Senior Information Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Incident Response Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Azure Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Personnel Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Penetration Tester jobs
- Open Information Security Architect jobs
- Open Information Security Officer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open SOC Analyst jobs
- Open Cybersecurity Engineer jobs
- Open Security Officer 3 jobs
- Open Privacy Manager jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open DevOps-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Clearance-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open HIPAA-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open Unix-related jobs