SICPA ยท 1 week ago
Security Engineer
Wonder how qualified you are to the job?
Security
Insider Connection @SICPA
Responsibilities
Collaborate with cross-functional teams to integrate state-of-the-art security controls throughout the system lifecycle
Discover, assess, and report vulnerabilities, escalating issues when necessary
Review and propose improvements in system architectures and designs
Develop and promote best security practices to engineering teams
Analyze findings from different tools and support DevSecOps pipelines development
Maintain tools/scripts for secure coding practices
Prioritize security tasks with Product Owners and stakeholders
Monitor industry security developments and mitigate risks
Manage SOC 2 Type II audit process for infrastructure systems
Ensure systems meet SOC 2 Type II compliance and other regulatory standards
Develop and maintain procedures and policies for system compliance
Communicate with stakeholders, auditors, and team members on compliance matters
Manage remediation efforts for system vulnerabilities
Provide training on compliance matters to team members
Conduct security assessments, identify vulnerabilities, and take mitigation measures
Participate in incident response and cyber security investigations
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Proven experience with SOC 2 Type II audits in a system-focused role.
In-depth knowledge of IT systems infrastructure, including both on-premises and cloud-based systems, and related security principles.
Understanding of regulatory requirements, risk management methodologies, and security frameworks.
Excellent problem-solving, communication, and project management skills.
2+ years of experience in cybersecurity, software development or IT Operations
Experience in SAST and DAST
Experience in software programming, preferably Java or .NET
Experience in Infrastructure as code tooling, preferably Terraform and Ansible
Basic knowledge of relational databases, e.g., Oracle, SQL Server and PostgreSQL
Strong interpersonal, communication and teaching skills
Strong analytical skills
Passion for excellence and willing to become a key team player
Ability to multi-task, self-direct, manage deadlines and team-oriented
Fluent in English
Bachelor's degree in Information Technology, Computer Science, or a related field.
Preferred
Active security industry certifications such as OSCP as a strong advantage.
Relevant professional certifications (CISSP, CISM, CISA, etc.) are strongly preferred.
Experience with Pentest is a plus
Fluent in French is an asset