The Job in short
As a Senior Cloud Security Engineer you’ll get a chance to contribute to building an enterprise-grade SaaS platform (Backbase as a Service) from scratch and maintaining it. As part of the BaaS team, you'll be expected to lay down the foundation of a highly secure, robust platform and related processes to ensure our software runs smoothly in production as well as making sure it complies with industry standards.
Meet the job
The Backbase as a Service tribe is continuously busy with improving their product with the motto "You build it, you run it". Striving to have the highest possible uptime, great performance and best in class levels of security. That's quite an ambition and you can't get there without an automation first approach. We pride ourselves on the fact that we don't do manual changes in production and that we automatically validate our environment before deploying.
As a Senior Cloud Security Engineer you will have a deep understanding of Cloud Security Infrastructure, cloud native technologies and desired state configuration, configuring security policies and securing data. You will support threat modeling sessions within the team, and have the ability to perform vulnerability testing, risk analysis and security assessments and support incident handling. Supporting internal and external pen tests. You will have a deep understanding of architecting for visibility, detection, mitigation and observability capabilities. Support security initiatives and work with different teams at various levels within our company to implement them. Participating in the Security Committees and guilds.
Your growth path within Backbase will allow you to grow from the function of Senior Cloud Security Engineer to a function as Principal Cloud Security Engineer in which you will be responsible for driving cross team initiatives and you will take on more responsibilities in the overall security roadmap of the product.
How about you
● Deep understanding of cloud security infrastructure, cloud native technologies and desired state configuration;
● Experience with the following topics:
○ Zero-Trust architecture;
○ Defensible security architecture;
○ Latest cloud security tools and practices;
○ Security processes;
■ Incident management;
■ Vulnerability management;
■ Threat modelling;
■ Logging and monitoring (SIEM);
○ Controls & requirements from Standards like ISO 27001, SOC 2;
○ Nice to have: Knowledge of relevant regulations such as GDPR and PCI-DSS;
● You don't want to just report the problems but you want to fix them;
● You have strong communication skills;
● You are experienced with cloud environments and using desired state configuration to manage this (Terraform is preferred);
● You have experience with Kubernetes;
● 3 years in a similar role running workloads on public cloud;
● Azure cloud certs are nice to have (Azure Administrator/Azure Solution Architect).