Senior Security Engineer (SecOps, SIEM and/or Application Security)
- Posted : 2 weeks ago
Top 3 Reasons To Join Us
- Competitive Salary
- 100% Remote
- Working on the latest tech for the Insurtech Market Leader
At CoverGo, our mission is to help insurance companies and banks to make insurance 100% digital, to better serve their customers.
- We are the leading provider of cutting-edge technology to the insurance industry
- We’re also the winner of the insurtech of the year in all of Asia in 2021 and other awards globally
- We work with enterprise clients such as AXA, MSIG, DBS, Fubon, Bank of China Group Insurance, and many more
- We're an international, diverse team with over 20 nationalities and team members working remotely from all over the world
- We are fully funded and backed by reputable VC funds and strategic institutional investors
- We have offices in Singapore, Hong Kong, and Vietnam. We plan to expand to the US and other markets in the upcoming months
- We’ve grown our annualized revenue by over 2000% since January 2021
- We’re constantly working towards making CoverGo a workplace that you love coming to. We deeply believe that bringing together a diversity of thoughts, expressions, and perspectives is key to building the best culture for equally diverse communities all over the world
About the Role
We are looking for a talented and motivated Senior Security Engineer to help us take CoverGo´s security to the next level. This role is perfect for you if you like to solve wide variety of complex security challenges and want to focus on actual engineering work.
What You Will Do
You will join our small but growing security team, reporting directly to the Head of Security. This is a senior role. Your tasks will be determined by your previous experience, skill set, and career ambitions. Your primary focus will be on Security Operations and Application Security. However, depending on the needs of the organization, we expect you to do more and become involved in other security domains as well.
This role has no personnel responsibilities and is primarily focused on solving technical challenges. We work in agile environments, with a lightweight approach to organizing our work in a ticketing system, and your success will be determined by the concrete output you deliver to the organization. You will have complete autonomy and will be able to choose your toolchain, working hours, and method of problem-solving as long as you deliver the desired result.
A typical day in this role consists of the following activities: agile team ceremony, configuring security tools, reacting to alerts and notifications from said tools, incident management & forensics, code review, providing architectural advice to engineering teams, and vulnerability analysis.
Depending on your abilities and career ambitions, a shift to more managerial tasks and possibly adding personnel responsibility to the role in the coming years is possible. We also expect you to look over the work of our junior engineers.
What We Need
At least 5 years of relevant experience in technical security engineering. (Required)
- Hands-on experience in at least 2 of the following 4 security domains:
- End-to-end introduction of a SIEM in a cloud-native organization (AWS, data ingestion of multiple security tools via API & JSON, data normalization, alerting routines)
- Establishing a robust security incident management process (process design, training, shift system, on-call duty, forensics, post-mortems)
- Anchoring security in the software development lifecycle of an agile tech organization (application security requirements, SAST, DAST, vulnerability management, CI/CD security, training)
- Hardening APIs for security while maintaining full business functionality (vulnerability testing, API security requirements, API security benchmarking)
- Self-starter and solution-driven, you actively solve problems, not create more or just shift them elsewhere
- Ability to obtain organizational buy-in and to explain security concepts to both engineers and business people
- You apply context-driven security that materially improves the company security posture, you do not blindly enforce checklists or standards for the sake of compliance
- Excellent English skills, written and spoken
- Extremely self-organized and prior experience with working in fully remote teams
Why You'll Love Working Here
- Full-remote employment, work from anywhere and/or from one of our physical offices in Vietnam, Singapore or Hong Kong occasionally
- Local time zone office hours, work by your schedule
- Paid annual leaves
- Employee stock options
- Performance bonus
- Company activities & team offsites to exotic locations
- Training and development plan