Security Engineer

We are looking for a passionate and experienced Senior Information Security Engineer to join our top-tier tech team. You will be a key member of our security function, responsible for designing, implementing, and continuously improving security across our global multi-cloud environment. You will not only respond to security incidents but also drive forward-looking security strategies and technical innovation.

Key Responsibilities

• Threat Modeling & Incident Response: Build and maintain global cloud security incident response mechanisms, develop clear playbooks, and lead regular drills. Quickly handle complex security incidents, perform root cause analysis (RCA), and implement preventive measures.

• Security Architecture & Operations: Design, deploy, and maintain security solutions across multi-cloud platforms (AWS, GCP, Azure), ensuring architecture is scalable, resilient, and future-proof.

• Enterprise Security Leadership: Drive security strategy alignment with business processes, continuously raising organizational security maturity.

• Compliance & Automation: Ensure security practices meet international standards such as ISO 27001, ISO 27701, SOC 2. Promote security automation and “Security as Code” initiatives to improve operational efficiency.

• Vulnerability Management & Penetration Testing: Conduct regular vulnerability scans, risk assessments, and penetration tests. Track emerging threats and coordinate remediation efforts.

Qualifications

Required:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field, with 3+ years of experience in information security.

• Strong expertise in cloud security, with hands-on experience in at least two major cloud platforms (AWS, GCP, Azure) and native security tools (e.g., AWS Security Hub, GCP Security Command Center).

• Solid Linux system security skills, including hardening, log analysis, intrusion detection, and incident response.

• Proven ability to handle high-pressure security incidents and perform clear post-incident reviews.

• Strong knowledge of web and application security, with experience in penetration testing and code audits.

Preferred:

• Recognized contributions to bug bounty programs or high-quality vulnerability reports.

• Strong performance in CTF competitions or deep interest in offensive/defensive security research.

• Professional certifications such as CISSP, CISA, OSCP, AWS/GCP/Azure security certifications.

• Experience developing security tools or automation scripts using Python, Go, or similar languages.