As a Staff Security Engineer within our CyberSecurity Tribe, safeguarding Back Market's information assets stands as the primary objective. Our SecOps team manages both Security Architecture & Engineering topics, as well as actively monitoring, responding to, and remediating incidents.
Your role is pivotal within our organization, offering unparalleled opportunities to shape not only our security architecture and stack but also the security of our products across our web and app environments. By joining our team, you'll be at the forefront of driving innovation in cybersecurity while contributing directly to our mission of promoting sustainability in the tech industry. This is more than just a job—it's a chance to make a lasting impact on the way technology is consumed globally
As a domain expert and advocate of cybersecurity best practices you will be :
- Leading a technical focus on continuous improvement of the company's security posture, ensuring resilience to threats.
- Strategically guiding and executing large, complex projects, driving technical vision and Security architecture, fostering collaboration, and effectively communicating to impact the entire organization's tech quality and growth.
- Identifying blockers to organizational efficiency and effectively advocating for remediations.
- Ensuring focus is on the highest impact, most critical, future-facing decisions.
- Assisting managers to ensure proper delegation at all levels of the organization, appropriate decision-making, and free flow of information.
- Sharing time between supporting and advising technical teams, automating and enhancing security controls, improving our security framework, mentoring fellow Security Engineers, and leading the design, build, and operation of modern security solutions that scale.
- Contributing to monitoring security alerts & events to identify potential threats & incidents, investigating & analyzing security incidents to determine the extent and impact of the breach, collaborating with other teams to gather and analyze threat intelligence & maintaining and enhancing security incident detection and response procedures.
- Informing and defining the best approaches to address challenges, aligning company goals and objectives with minimal effort expenditure.
What we're looking for :
- You are a talented and experienced engineer, with at least 10 years experience of securing web services in dynamic cloud environments
- With proven experience as a Security Engineer / SOC analyst with cross-team influence
- A strong understanding of cybersecurity principles, techniques, and best practices
- Acting as a role model for facilitating and balancing product and engineering concerns, including long-term sustainability
- Demonstrable ability to plan & execute large, complex projects with interdependencies.
- Collaborating with leaders across the company to get maximum business impact with minimum resources.
- You believe in the importance of security automation following a secure development lifecycle, with the ability to develop your own scripts and tools to succeed in your mission.
- Be comfortable conducting Security Requirement Analysis & propose cybersecurity architectures based on the analysis.
- Threat intelligence and attack patterns expertise
- Proficient in vulnerability analysis and remediation, with knowledge about setting up and tuning scanners.
- Understanding of edge protection technologies including WAF, Bot management, rate limiting etc.
- Familiarity with SIEM tools, network and endpoint security technologies
- Passion for cybersecurity, hands-on, and eager to contribute code to our in-house modern security technologies.
- You are curious, rigorous, and enjoy exploring new methods and technologies.
- Transparency in communications and able to find solutions by partnering with your team when you don't have the answer.
- You like to share knowledge, and make your colleagues aware of good cybersecurity practices, by supporting your proposals with concrete examples and demonstrations.
- It would be a plus if your skills are recognized by a certification such as (ISC)² CISSP, CCSP or CSSLP, SANS GCTI, GDSA, CSA CCSK, BTL2 - or you are ready to obtain it in the near future.
- You want to join a challenging technical environment: GCP, Kubernetes, ArgoCD, Terraform, Datadog, Cloudflare, Google Chronicle, Github, CircleCI etc., where you can spread your influence and help secure our environment.
- Proficient in several coding languages such as Python, TypeScript, Golang, etc.
- Great verbal and written communication skills, in English.