Description:
As part of our engineering team, you will have the opportunity to learn from our senior security engineer and CTO, while helping to maintain and enhance our information security management system (ISMS) and execute our security roadmap.
We value self-starters who are eager to take on ownership and autonomy, in a supportive environment where you can make a real impact while developing your skills. Our culture emphasises work-life balance, so while we work hard to ship on time, we also take downtime and relaxation seriously.
What you'll be working on:
- Configure and troubleshoot cyber security tools, including preventative and detective controls like EDR, vulnerability management tools, MDM & ZTNA
- Conduct risk assessments and evaluations of vendors and third-party solutions
- Document information security policies, procedures and technical controls as part of the ISMS
- Hands-on implementation of technical controls in collaboration with different parts of the engineering team (Platform, Backend, Data etc.) and other departments (People team, Operations etc.)
- Working across the engineering team to ensure that secure development practices are being championed and adhered to
- Monitor systems for irregular behaviour and help set up preventive measures
- Ensure that security considerations are taken into account, based on current best practices (e.g. OWASP Top 10, AWS Well-Architected Framework) in all software development and infrastructure projects
- Maintaining and managing our existing infrastructure, and supporting employees on occasion, as required
Our cross-functional delivery team is focused on business goals and solving problems in an efficient manner. We want the team to collaborate on new ideas and projects to find the best solutions.
Ben is built on Python 3, Django, PostgreSQL and React. We run on AWS and follow engineering best practices, with a pragmatic approach.
We are ISO 27001 certified and are striving for further certifications like SOC2 in the future.
You'll love this role if you have...
- The ability to contribute to complex information security projects with different stakeholders from end to end
- Experience working with a range of tools and technologies, including DLP, EDR, Firewalls, source code analysis & SIEM
- Experience with the Microsoft suite of products, including Entra/Azure AD, Intune & Defender
- Good knowledge of of single sign on, via SAML and OIDC/OAuth
- Knowledge of the OWASP Top 10, and the ability to partner with engineers to develop and embed security from the beginning of the product life cycle
- A strong understanding of networking, security frameworks and attack vectors
- Excellent communication skills adaptable to both tech and business audience
- Experience with GDPR, HIPAA and CCPA/CPRA (nice to have)
- Security certifications (e.g. Sec+, ISO 27001, etc) (nice to have)
- MacOS systems knowledge (SIP, Gatekeeper, etc) (nice to have)
and you...
- are a self-starter who thrives on autonomy, enjoys a rapid pace and wants to make a difference
- have a continuous improvement mindset. You appreciate that there are always ways to do things better and ensure your team does too
- have a preference to action-oriented behaviour with just enough analysis, as compared to too much time spent doing analysis with no action
- have the ability to make decisions balancing different factors such as business requirements, technical integrity, overall priorities etc.
- appreciate the opportunities and challenges of a distributed work environment
- are solution-focused with a pragmatic approach to problem-solving