Staff Security Engineer

View full description

Requirements:

• 10+ years of experience leading security initiatives for enterprises in an information security (InfoSec) consultant or architect role.
• Proven experience with implementing DevSecOps principles, including Shift Left and Policy as Code methodologies.Experience implementing application security architecture and cloud security architecture.
• In-depth knowledge and experience with Kubernetes (K8s) security is required.
• Experience integrating security practices into the Secure Development Lifecycle.
• Experience with SaaS security or platform security is a strong plus.
• Strong understanding of security threats, vulnerabilities, and risk mitigation strategies.
• Experience with security tools such as CIS Benchmarks and SIEM solutions is preferred.
• Excellent analytical and problem-solving skills.Strong communication, collaboration, and interpersonal skills.
• Ability to work independently and as part of a team.
• Passion for security and a commitment to continuous learning.
• CISSP, CISA and/or CKS Certifications strongly preferred.

Responsibilities:

• Conduct a thorough security assessment of our current infrastructure, applications, and cloud environments, identifying strengths and areas for improvement.
• Conduct detailed threat modelling and risk assessments to identify, prioritise, and mitigate potential security threats.
• Document the existing security architecture, policies, and procedures.
• Develop and implement a comprehensive security strategy aligned with Atlan's business goals and industry best practices.
• Establish security metrics and key performance indicators (KPIs) to measure the effectiveness of security controls.
• Design and implement robust security controls across the platform, including network, application, and infrastructure security.
• Integrate security best practices into the CI/CD pipeline to ensure seamless DevSecOps practices (Shift Left, Policy as Code).
• Develop and implement incident response plans, conduct regular drills, and continuously improve security operations through monitoring and ongoing assessments.
• Advocate for security best practices across the organisation, fostering a security-first mindset and a culture of security awareness.
• Lead and mentor other team members, promoting continuous learning and improvement in security practices.
• .Ensure compliance with relevant security standards and regulations (e.g., PCI DSS, GDPR).Prepare for and assist in security audits and certifications.