Security Engineer

Cloud Academy Manage, Visualize and Build all your Cloud, Software dev and Data Skills in one enterprise platform View company page [PLEASE NOTE] This position is based in our Swiss HQ in Mendrisio, Switzerland, which is 7km over the border from Italy and easily commutable from Milan, Como, Varese or Lugano. We are also happy to assist with your relocation to this beautiful part of Europe and we have a hybrid remote working policy. Cloud Academy is a hyper-growth upskilling and reskilling SaaS company, focused on enabling enterprise customers to have full transparency and control over their tech workforce skills readiness. In a rapidly changing cloud technical landscape where there is an increasing tech skills gap in the market, combined with the difficulty organizations are facing to retain tech talent and the demands for numerous technical certifications, companies need the ability to manage these skills at scale more than ever. We help over 1000 customers visualize, assess, transform and measure their teams’ tech skills readiness through a unique Skills Intelligence Platform, powered by world class cloud training content. Companies like Warner Media, Deloitte, JP Morgan Chase and Walmart trust Cloud Academy with their technical cloud skills readiness at scale, so they can achieve their cloud business goals. We are a global team, with colleagues in over 14 countries worldwide. We are a diverse team that is innovative, collaborative, pragmatic and passionate about making an impact. We thrive on a common vision, we obsess about our customers and learners, and we take pride in the quality of our work. Most importantly, we know that individually we are only as good as our teams are, and we always have each others’ backs. We are seeking driven, highly competent, and creative team players to join us on the next phase of our growth story, as we scale our winning products to help even more customers and learners. We’re looking for a Security Engineer to support and improve internal security practices, establish best practice secure SDLC and vulnerability management through automated processes and reporting. You will work alongside a cross-functional team of Engineers, SRE, Security and Product Managers to create a unified end-to-end framework for security in engineering. Our ideal candidate is humble, and equally capable of teaching and learning. Job Description Deliver a consistent Secure SDLC development roadmap, facilitating continuous improvement with embedded security; Document requirements that mandate security best practices, and introduce tooling to help engineers adhere to the process; Perform internal vulnerability testing, uncovering any weaknesses in the systems and work with teams implementing countermeasures to ensure the integrity of all data; Stay updated on the latest security threats, vulnerabilities, and emerging trends, and apply this knowledge to enhance our security posture; Support in activities necessary to achieve Business Security Certifications and accreditations; Actively collaborate with cross-functional team, to help integrate security in Product and Process design; Support the recovery activities in case of security incidents and breaches including zero day reports Qualifications Degree in a technology-related field or equivalent experience required 3 years of experience in a cyber security, DevSecOps or cloud security role (or a combination of these) Technical skills and knowledge on common protocols for service communication, authentication, and web based technologies and understanding of attack vectors Experience in auditing throughout the SDLC using best practices, policies and procedures Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques; The candidate should have an understanding of OWASP and how code scanning tools can benefit squads General cloud and hyperscale knowledge, especially experience in AWS, and container orchestration Proven experience in CI/CD, Git and DevOps Tool Chain Understanding of data protection regulations, and best practice management of PII Familiarity of common security security standards (such as ISO27001, NIST, ISO23001) would be desirable Excellent written and verbal communication skills in English and high level of personal integrity Additional Information Competitive compensation and a bonus plan Four weeks of paid vacation per year (that increases to five weeks after two years with the company) plus one day off per year to volunteer at your favorite non-profit Equality & Diversity We pride ourselves on being an equal opportunity employer, committed to equality and diversity amongst both our employees and prospective applicants. We ensure that all applicants are treated equally and fairly throughout our recruitment process. We are determined that no applicant experiences discrimination on the basis of sex, race, ethnicity, religion or belief, disability, age, gender identity, ancestry, sexual orientation, veteran status, marriage and civil partnership, pregnancy and maternity, socio-economic background, neuro-diversity, education, or any other basis prohibited by applicable law. Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general – ordered by popularity of job title or skills, toolset and products used – below. J-18808-Ljbffr