Information Security Engineer

Job description / Role

Description

We are thrilled to announce an opportunity for a skilled information security engineer to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security methodologies. Paying attention to details and efficiently solving problems will be crucial in ensuring the safety of Tabby's systems.

The role involves both operations and important implementation projects contributing to the growth and maintenance of our technology infrastructure. If you have a passion for cybersecurity, possess technical skills, and aspire to make a significant impact, we strongly encourage you to apply and become an essential part of our dedicated cybersecurity team.

Key Responsibilities

• Cloud security: Have a good understanding of cloud services such as Google Cloud Provider (GCP), Terraform, CI/CD security, Kubernetes security, GitLab, product security features and fixes.
• Penetration testing: Perform dynamic application security testing (DAST) and static application security testing (SAST) for web, mobile, and API applications. Plan and conduct infrastructure vulnerability assessment and penetration testing of systems, switches, servers, and more.
• End-point protection: Exhibit expertise in planning, implementing, and managing enterprise-level anti-virus (AV) solutions to safeguard against malware, viruses, and other malicious threats.
• Infrastructure security: Review the complete corporate IT infrastructure's security, including network security controls, anti-malware implementation, cloud security posture management (CPM), data loss prevention (DLP), firewall rulesets, backup and disaster recovery, and vulnerability management processes.
• Project management: Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigation. Work with DevOps and other teams to implement and improve security controls and/or processes.
• Security awareness: Experience in conducting phishing simulations and other awareness exercises to evaluate employee susceptibility to social engineering and provide targeted training to enhance resilience.
• Security monitoring: Automation and improvement of incident response procedures, playbook creation to reduce manual effort of responding to typical cyber incidents along with monitoring of threats and vulnerabilities or conducting regular threat intelligence. Research and develop detection rules utilizing an array of tools.

Skills, Knowledge and Expertise

• Degree in information technology, computer science, software engineering, or related field.
• Knowledge of information technology security issues and approaches to manage information technology security within a fast-paced fintech environment.
• Security qualification good to have: CEH, CompTIA Security, etc.
• Excellent communication, influencing, and stakeholder management skills.
• 2-3 years experience of working across teams to deliver solutions and generate high levels of internal buy-in.
• Experience of developing and delivering training.
• Experience of working in a culturally diverse environment.
• Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
• Programming and scripting understanding (Bash, Python, etc.).
• Good cloud experience with and appreciation of AWS, GCP, and OCI.