Lead Security Engineer

at  finder

DESIRED EXPERIENCE AND SKILLS:

• Former security experience working in software development/engineering environments (GitHub, GitHub Actions and BuildKite CICD)
• Familiar with container based development, runtimes and tooling (Docker, Kubernetes, Google Kubernetes Engine and Helm)
• A deep understanding of OWASP top 10 and Web Application Security
• Strong experience maintaining and complying with governance frameworks such as NIST CSF, ISO27001 and SOC2
• Deep understanding of compliance and regulatory requirements such as The Privacy Act, GDPR, CCPA and CDR
• Strong experience with threat modeling activities and threat modeling frameworks (MITRE ATT&CK, CVSS and/or STRIDE)
• Deep understanding and mastery of computer networking and operating systems on a technical level (Linux, Windows and macOS)
• Experience performing and supporting web application security and penetration testing activities, and familiarity of common tooling such as Burp Suite, Tenable, SonarQube etc
• Background and experience managing DLP (Data Loss Prevention) solutions and policies

APPLICATION PROCESS:

If this sounds like the kind of opportunity you’ve been looking for, select the ‘Apply Now’ button below to submit your cover letter and resume. Use your cover letter to introduce us to you; we want to know who you are, what you’ve worked on and why you think you’d be a great addition to the Finder team.

ROLE OVERVIEW:

You lead the team accountable for information Security at Finder.
Your crew are dedicated and committed to achieving their and their company’s objectives. You support and nurture them in this. You are able to focus on the details as well as the mission and security strategy. You form close working partnerships with other thought leaders and people leaders at Finder to ensure that we have a safe and secure ecosystem that is also psychologically safe for members of the team.
You have a deep understanding and mastery of Information Security with a demonstrably strong background and expertise in risk prioritization, mitigation and incident resolution. You are technically capable and hands-on.
You are able to elaborate a clear security vision and you are able to form coherent strategies and tactics in order to be able to execute and deliver. You can ideate, promote and launch new concepts to scale and grow Finder security at a global level.
You have clear, transparent and structured communication along with an understanding that this role is as much, people as it is technology, and an ability to work with engineers and the C-Suite

RESPONSIBILITIES:

• Security vision, strategy and execution including work forecasting.
• Understanding, owning and reducing information risk and security, including driving a strong culture of information security.
• Introducing, implementing and maintaining industry security frameworks
• Vulnerability and risk identification, mitigation and removal.
• Lead security incident response and investigation efforts
• Engendering a passionate culture of sustained innovation in which people are producing the best work of their career.
• Engender the ‘Go-Live!’ culture whilst balancing this with an investment into the longer term roadmap/ vision.
• Both hands on and high level guidance. Be able to work at the code face and network layer but also own and drive solid security principals based architecture.
  We don’t expect anybody to have experience in every one of the following points, but this should paint a picture of the type of security leader we’re looking for.