At Beamery, we believe that where you work is much more than just a job. For many of us, it's our livelihoods. It’s how we provide for our families and it shapes the legacy we'll leave behind. This is why our purpose is to create access to opportunities regardless of where someone is born.
We’re excited to have raised a $138m Series C backed by world-class investors from some of tech’s most disruptive companies.
Everything we do is about people. We’re shaping the future of work, and our products are helping the world's largest companies transform the way they attract, engage, hire talent with our industry first Talent Operating System. Global leaders like Nasdaq, Autodesk, AstraZeneca and Workday run talent on Beamery.
So, what are you waiting for? Join us and help us transform the future of work once and for all.
Find where you belong
Be at your best while working with us. At Beamery, as well as joining a great team and working in a fast-paced environment, you'll be empowered to plan for your future, take time to grow and feel rewarded .
About the Opportunity
At Beamery, we don't just care about Security to check boxes on compliance form . We are passionate about Security. It's the core of our Company Culture - from the security options we provide to our Customers to the rigorous security testing we do on our platform , security standards and frameworks we adhere to making investments in security and privacy every day.
As a Lead Security Engineer you will be the face of our Security Operations and will be responsible for ensuring the successful deliverables of SOC and help shape and develop the team’s strategy within Security Operations. You will be responsible for managing the agreed to budget and delivering the Security Operations profitably.
Here’s how you’ll be contributing to the Security Team
- Create and deliver an effective Security Operations and testing programme.
- Help evaluate and recommend new and emerging security products and technologies.
- Implement Security Incident and Event monitoring solutions to ensure potential security incidents are correctly identified, analysed, defended, investigated, and reported.
- Actively monitor the threat landscape for current or emerging threats as well as carrying out threat modelling which can guide the actions of the SOC.
- Automation of security and compliance capabilities in support of DevSecOps processes (SDLC).
- Review existing infrastructure and identify opportunities to embed security by design.Monitor and analyse activity on networks, servers, endpoints, databases, applications, websites.
- Lead and Implement required Security Tooling for Vulnerability assessments in both code and supporting cloud infrastructure.Carry out application security testing (SAST, DAST...).
- Help coordinate IAM activities to provide secure, controlled access to systems and services.
- Conduct penetration tests to validate resiliency and identify areas of weakness to fix
- Recommend how to optimize security monitoring tools based on threat hunting discoveries.
You'll be a great add to the team if...
We are looking for a well organised and experienced Security Engineer to focus on improving our application, system, and infrastructure security. You will be obsessed with customer trust and will both lead and deliver Security testing and monitoring for our developed products and environments.
Is that you? If so, keep reading!
- Cloud Security Specialist : GCP and AWS
- Expertise managing and reading Log data from Web Application Firewalls, Security toolsets and open source tools such as ;Cloudflare,; Whitesource (opensource); Application logs (ELK, Stackdriver)
- Network & Security Controls - Security Groups, WAF, Route Tables, VPN Gateway, Key vaults, Identity and Access Management.
- DNS, domain management, Certificate LifeCycle Management
- Infrastructure as a Code- ability to automate and script your work with Bash, Ansible and Terraform.
- Hands-on software engineering experience and DevOps/DevSecOps background.
- Software development (SDLC) - OWASP , SAST, DAST
- “Security by design” principles, processes, standards and governance.
- implementing controls in line with ISO 27001, SOC2 or NIST frameworks.
- Security Testing and Threat Modelling(compliance controls, Threat and Vulnerability Mgt, pen testing).
- Assessing the effectiveness of security architecture designs and implementations and identifying opportunities for improvement
- Development and/or source code review experience in one or more of these languages: Golang, NodeJS, Python.
- Competent with Jira and Confluence.
- CISSP, CCSP, CREST Registered or Certified Tester.