We are looking for a passionate and experienced Senior Information Security Engineer to join our top-tier tech team. You will be a key member of our security function, responsible for designing, implementing, and continuously improving security across our global multi-cloud environment. You will not only respond to security incidents but also drive forward-looking security strategies and technical innovation.
Key Responsibilities
Threat Modeling & Incident Response: Build and maintain global cloud security incident response mechanisms, develop clear playbooks, and lead regular drills. Quickly handle complex security incidents, perform root cause analysis (RCA), and implement preventive measures.
Security Architecture & Operations: Design, deploy, and maintain security solutions across multi-cloud platforms (AWS, GCP, Azure), ensuring architecture is scalable, resilient, and future-proof.
Enterprise Security Leadership: Drive security strategy alignment with business processes, continuously raising organizational security maturity.
Compliance & Automation: Ensure security practices meet international standards such as ISO 27001, ISO 27701, SOC 2. Promote security automation and “Security as Code” initiatives to improve operational efficiency.
Vulnerability Management & Penetration Testing: Conduct regular vulnerability scans, risk assessments, and penetration tests. Track emerging threats and coordinate remediation efforts.
Qualifications
Required:
Bachelor’s degree in Computer Science, Cybersecurity, or related field, with 3+ years of experience in information security.
Strong expertise in cloud security, with hands-on experience in at least two major cloud platforms (AWS, GCP, Azure) and native security tools (e.g., AWS Security Hub, GCP Security Command Center).
Solid Linux system security skills, including hardening, log analysis, intrusion detection, and incident response.
Proven ability to handle high-pressure security incidents and perform clear post-incident reviews.
Strong knowledge of web and application security, with experience in penetration testing and code audits.
Preferred:
Recognized contributions to bug bounty programs or high-quality vulnerability reports.
Strong performance in CTF competitions or deep interest in offensive/defensive security research.
Professional certifications such as CISSP, CISA, OSCP, AWS/GCP/Azure security certifications.
Experience developing security tools or automation scripts using Python, Go, or similar languages.
