About the team:
The Technology team powers everything the business does. The team is building a reliable, scalable platform for the company's products and services. The team includes Backend, Frontend, Mobile, AI, and QA engineers working across regions, alongside Platform, Security & IT Operations teams. Together, they collaborate closely with Data and Product teams to continuously evolve and scale the products.
About the role:
We are looking for a hybrid engineer who viewsSecurity, Reliability, and Compliancewithin our platform (both corporate and production systems) as an engineering problems to be solved, not checklists to be managed.
In this role, you will own the integrity of our entire technical estate, from the laptops our employees use to the production system serving our customers. You will build the paved roads that make secure and reliable development the default, while serving as the primary technical voice during compliance audits.
Core Responsibilities:
1. Holistic Platform & Security Enforcement
- Application Security (AppSec):
- Integrate security tooling into the CI/CD pipeline (SAST, DAST, Dependency Scanning) to catch vulnerabilitiesbeforeit goes to production.
- Working together with the engineering team on how to secure base images and libraries for developers to use.
- Platform Security (CloudSec):
- Enforce Least Privilege via automated IAM policy generation and rotation.
- Manage network security boundaries.
- Observability:
- Build the eyes and ears of the platform. Ensure that security events and reliability metrics are centralized, allowing for rapid detection of both outages and intrusions.
- Corporate Technology & Security:
- Ensure our critical corporate technology systems are running reliably and met all the necessary security and compliance process.
- Engineer theZero Trustaccess layer. e.q. Ensure that access to internal tools requires strong identity verification (SSO/MFA) and device health checks.
- Automate the onboarding/offboarding of access to SaaS tools (e.q. Code Repo, Slack, AWS) to prevent access creep.
- Incident Command:
- Serve as a senior responder for critical incidents for platform & security, whether it's a downtime issue or a potential security breach. Lead blameless post-mortems to engineer out the root cause.
2. Technical Compliance & Trust
- Automated Governance:Instead of manual screenshots, you work on how to continuously query our systems to prove compliance with standards like SOC2, ISO27001, or HIPAA.
- Audit Support:Serve as theTechnical Subject Matter Expert (SME)during internal/external audits. When an auditor asks,How do you ensure data encryption, you don't just explain it, you show them how the system actually enforces it.
- Customer Trust:Occasionally assist the business team by answering complex technical security questionnaires from enterprise customers, demonstrating how our architecture protects their data.
The Day-in-the-Life Mix
- 60% Engineering:Solving engineering issues by running architecture reviews, implementing security via codes, designing secure system, or others technical matters.
- 20% Operations:On-call rotation, system upgrades, and ongoing security remediation.
- 20% Governance/Compliance:Automating evidence collection, reviewing audit controls, and answering technical compliance queries.
Qualifications
Technical Competencies:
- Cloud Fluency:Expert-level knowledge of AWS/GCP/Azure. Understand end-to-end cloud-based development workflow. From design phase to serving production system.
- Application Security:Strong experience in the areas of secure application development workflow (such as open source security, SAST, DAST, container security, network policies).
- Security Tooling:Experience with how cloud security works and the overall tooling to support this workflow such as cloud firewall, secret management, and Policy-as-Code (OPA/Sentinel/others).
- Corporate System & Security:Understand how corporate systems works and security implementation around it. Such as mobile devices management, corporate security policies, SSO, MFA, network policies, etc.
Compliance & Soft Skills:
- Audit Fluency:You know what SOC2 and ISO27001 are, and you know how to map technical controls to their requirements. Understand how to leverage the right tools to optimize the audit process.
- Communication:Ability to explain complex security risks to business team, product managers and auditors alike.
- Pragmatism:You understand that security is a trade-off. You prioritize risks based on reality, not just theoretical severity.
Great To Have:
- Past experience working with health care, insurance, finance or regulated industries.
