Security Engineer

About Us

Sinch is a global leader in cloud communications, helping businesses connect with their customers on their mobile phones. We reach every phone on earth, with over 147 billion conversations every year. Our technology powers the world's leading communications platforms.

The Security Engineer plays a crucial role in incident response and developing strategies to prevent future attacks. This position requires strong analytical and communication skills, as well as a commitment to staying up to date with the latest trends and best practices in cybersecurity.

You will be responsible for designing, implementing, and maintaining security protocols to safeguard sensitive information, such as customer data and company intellectual property. Must have a deep understanding of networking and system architecture, as well as knowledge of current and emerging threats and technologies.

Responsibilities

• Responsible for assessing and understanding the threat landscape by working with other Cyber functions such as Offensive Security, Digital Forensics etc. and architecting solutions to calibrate risk consistent with Phreesia risk tolerance.
• Reviewing security intelligence information and researching emerging threats - to proactively identify and prevent potential threats. 
• Build and/or tune Sinch security tools, such as EDR, email security, and vulnerability scanning and SIEM solution to ensure that alerts are effective and actionable.
• Augment Incident Response team to ensure 24/7 coverage and operations. Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice.
• Be able to effectively communicate, both written and verbally, complex security and technical concepts to a wide variety of stakeholders and partners and build and leverage and earn the trust of stakeholders at all levels of the organization.
• Establish and modify runbooks that provide other subject matter experts with a consistent manner of executing the processes.
• Employing the security technologies to continuously monitor the company’s assets, conduct technical analysis of network traffic to identify anomalies and then taking action to respond to potential vulnerabilities and threats.  

Requirements

• Proven experience in working on threat, vuln, fraud or compliance - ideally building or supporting cross-functional mitigation programs.
• A background that involves creating a layered security perimeter in the context of a cloud- and container-based microservices.
• Experience supporting (or building) a security operations function in startup environments, ideally serving as incident commander for security incidents.
• Knowledge of networking fundamentals, including TCP/IP, OSI stack model, L2, L3 and L7 fundamentals and raw packet analysis. Fluency with common cryptographic modalities
• Experience using tools like LogRhythm, Nessus, CASB manage threat telemetry.
• One industry-recognized security certification (CEH, CISSP, CCSP, CISA) -- or the willingness to secure one within six months.