Principal Cloud Security Engineer

Principal Cloud Security Engineer

As Principal Security Engineer, you ensure that the risks to our company’s systems and applications, posed by a variety of cyber threats, are addressed, work with development teams to ensure we build, deploy and maintain secure software that is used by millions of users around the globe.

What you'll do

You have a expert understanding of cloud security infrastructure, cloud native technologies and desired state configuration, configuring security policies and securing data.

You facilitate threat modeling sessions within the team, and have the ability to perform vulnerability testing, risk analysis and security assessments and support incident handling. Supporting internal and external pen tests.

You have a expert understanding of how to architect for visibility, detection, mitigation and observability.

Who you are

• 6+ years of experience in cloud / cloud native technologies & security / application security;
• Bachelor's degree in Computer Science, Information Security, Cyber Security or equivalent practical experience;
• One or more security certifications (CISSP, GSEC, CASP, CSSP, CKS, Azure cloud certs, CSSLP, GWEB, OSCP, OSWE or others);
• Excellent English speaking, writing and presentation skills.

Business, Product & Industry Knowledge:

• Good understanding of: core technologies used by Backbase including best practices; Backbase solutions including architecture and deployment best practices; cloud security best practices and trends.

Complexity & Problem Solving:

• Identifying, triaging and resolving security issues;
• Incident handling by using incident response best practices;
• Comply with relevant regulations such as GDPR;
• Research new tools and take the initiative in improving the ways of working.

Collaboration & Interaction:

• Closely collaborate with the ICT team and cloud ops teams that manage our internal applications, work with the engineering teams to ensure the Backbase SaaS platform is designed, built and operated based on good security principles;
• Interact directly with the engineering teams and collaborate with the product owner, architect and technical director.Identify and flag security vulnerabilities or gaps and support security initiatives working with different teams within the organization;
• Interact directly with the developer teams and collaborate with product owner, engineering manager, Value Stream management (RnD) or project manager, solution architect and technical leadership (CS);
• Facilitate threat modelling sessions with the engineering teams.

Supervision:

• Lead the incident response team and drive the investigations and process improvements;
• Drive the security maturity of the teams and identify and flag gaps;
• Play a key role in selecting candidates for the security team as well as onboarding and mentoring new hires.