Lead Information Security Engineer (удаленная работа)

Вакансия: Lead Information Security Engineer

Описание вакансии

We are looking for a Lead Information Security and Systems Management Engineer . This role will shape our security and systems strategy, ensuring our infrastructure matures as we scale and that our global team s work environments meet high security standards.

You will tackle challenges around expanding systems and processes, implement best practices, and unify all information security domains. With strong organizational support, resources, and a reliable, experienced team, you will be the key decision-maker for security. You will also work closely with leaders across the company including HR, the CEO, and the MD to build integrated processes and drive company-wide adoption of security initiatives.

Key Responsibilities

• Identity & Access Management (IAM): Responsibility for centralized access management, including developing and maintaining a robust RBAC model. Oversee access granting, revocation, and periodic access reviews. Ensure proper configuration of SSO, MFA, and least-privilege policies. Conduct account audits and monitor for privilege misuse or anomalies.
• Application Security: Embed security into the software development lifecycle by securing application architecture with the Head of Development. Implement DevSecOps, protect secrets and IP, use SAST/DAST, perform threat modeling, and regularly review third-party libraries and services to prevent vulnerabilities and ensure secure deployment.
• Infrastructure Security: Protect the company s IT infrastructure through secure network architecture, segregation, server and endpoint hardening, and patching policies. Work closely with the Head of Infrastructure and Networks, with a strong focus on cloud security, to prevent vulnerabilities and ensure secure operation across all infrastructure components.
• Incidents Monitoring & Response: Implement a SIEM for real-time monitoring, build a SOC, and establish response processes for proactive detection and fast, effective resolution of security incidents. Continuously improve incident management capabilities.

Qualifications

• Degree in Information Security, Computer Science, or a related field.
• 5 7 years of experience in information security or related roles, with a strong focus on scaling security processes in rapidly growing organizations.
• Extensive knowledge of security frameworks and best practices, including IAM (Identity and Access Management), RBAC (Role-Based Access Control), and compliance standards (e.g., GDPR, ISO 27001).
• Strong background in application and infrastructure security, including secure software development (DevSecOps), network security, cloud security, and endpoint protection.
• Hands-on experience with SIEM systems and incident response protocols, including setting up and managing a Security Operations Center (SOC).
• Demonstrated ability to collaborate with cross-functional teams, such as development, infrastructure, and HR, to integrate security practices across all business units.
• Experience in risk management and governance, including the development and maintenance of risk registers and the ability to lead compliance efforts across the organization.
• Strong leadership and mentoring skills, with a track record of developing high-performing security teams and driving strategic security initiatives.
• Excellent communication skills, with the ability to convey complex security concepts to non-technical stakeholders and align security initiatives with business objectives.