Job Description

:

Here at Skedulo we\'re on a mission to support the 2.7 billion people in the world-and the companies that employ them-who do not work at a desk every day. Our global teams are collaborative, ambitious, innovative, and passionate about helping our customers realize their fullest potential by enabling their mobile workforces.

The Senior Security Engineer is responsible for implementing, configuring and maintaining information security tools, systems, and services. They will develop and execute security processes, policies, and procedures in collaboration with Engineering and Information Security groups. This role will champion DevSecOps /AppSec processes and practices and influence the Engineering teams across Skedulo to create secure by design services. The Engineer will also build automation to drive effective remediation of security issues, utilizing IaC (terraform) and ci/cd frameworks.

The Engineer works in conjunction with engineering and operations functions to identify and respond to security threats to the organization. They work on complex cross-functional projects that require an in-depth understanding of multiple security domains and threat modeling. They are responsible for proactive risk assessment and resolution alongside the engineering and operations teams.

This role reports to the Engineering Manager for our Infrastructure and Reliability squad and works in close collaboration with the Director of Information Security.

A key responsibility of this role is remediation of detected issues. This means working closely with other Engineering teams, but with primary responsibility for fixing security related issues sitting with this Engineer.

RESPONSIBILITIES

• Security architecture and implementation - provide hands-on security posture and insights on modern cloud-based application architecture, containerisation, and security best practice. Lead and contribute to the planning, design, and implementation of strategic, cross functional cybersecurity controls.
• Proactive vulnerability resolution - work with engineering teams to determine whether an identified vulnerability is a problem or is mitigated by existing controls (and configure the vulnerability management tool to silence the alarms), and action paths to remediation (typically a pull request that solves the problem)
• Incident Management - accountable for security incident response, which includes post incident reviews and remediation activities to prevent recurrence wherever possible. Provide expert advice and continuously improve incident management procedures.
• Support, Assist and Advise - provide support to business units to ensure optimal use and application of cybersecurity processes and controls. Consultation with key stakeholders to ensure cybersecurity policies remain aligned with stakeholder requirements.
• Security Culture - assist with mentoring and directing development team members to deliver quality solutions and support the growth and development of security culture across the team.
• Secure Development Lifecycle - play a critical role in supporting a Secure Development Lifecycle by embedding innovative security solutions within an agile development pipeline and operational environment. Advise developers on best practices and standards.

• Proven experience in application security related fields
• Sound understanding of OWASP top 10 and CWE top 25 and how to mitigate them
• Hands on experience implementing DevSecOps practices, and Static and Dynamic Analysis tools
• Familiar with architecting secured modern cloud environments
• Familiar with integration platforms
• 3-5 years in information security role (e.g., SOC, Incident Response, Penetration Testing, Security Engineering)
• Formal education in Computer Science, Information Technology, Cybersecurity. Experience in lieu of formal education is acceptable.
• Thorough understanding of threat modeling and risk evaluation as it pertains to SaaS, and the ability to execute mitigation strategies.

• Background in AWS cloud infrastructure and would be able to look at an existing landscape and interpret it
• One or more Certifications (CISSP, GWEB, GPEN, GWAPT, OSWE, OSCE, OSCP)
• Knowledge of rules and regulations related to information security and data confidentiality (GDPR, HIPAA, FedRAMP, etc.)
• Software development or scripting experience
• Experience implementing Security improvements using automation products such as Terraform / Ansible / Cloudformation
• Familiar with Cloud Native infrastructure, as well as container orchestration knowledge (particularly Kubernetes)

• This position may require up to 10% travel from time to time as set forth by the Company post Covid and return to work planning
• Must have a valid UK work visa or citizenship status.

• 100% remote work environment
• Monthly remote work stipend (\xc2\xa3120)
• Company Pension Match (3%)
• Competitive salary
• Private Healthcare Plan
• Mental Health Support/Resources through Modern Health
• 3 Paid Volunteer Days per year
• 28 days paid leave per year
• 8 days of public holidays per year
• Stock Options/ Equity
• Paid Parental Leave for both carers
• Learning & Development Stipend
• Employee Referral Bonus

Skedulo